Improving security

Options
Dovetail_MD
Dovetail_MD Posts: 81  Ally Member
First Anniversary First Comment
edited April 2021 in Security
Now having the USG 60 W live I'm wondering how to review precisely what it is blocking locking and letting through

Presumably the "security policy" items are the key items to take a look at?

Best Answers

  • Dovetail_MD
    Dovetail_MD Posts: 81  Ally Member
    First Anniversary First Comment
    Answer ✓
    Options
    Thank you - I will have a poke around.

    One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?

    For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement

All Replies

  • PeterUK
    PeterUK Posts: 2,713  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2018
    Options

    The default in a SNAT setup is to allow all from LAN1 to WAN so you can limit what goes out the USG by setting up rule from LAN1 to WAN to not need all from LAN1 to WAN.

    You can setup a group like TCP and UDP and add ports in each to then select it for a firewall rule.   

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,367  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Dovetail_MD

    You can setup policy control to check traffics been allowed or dropped.

    In policy control, “log matched traffic” should selected as “log” or “log alert”


    And you can go to monitor > Log  make sure if traffic is passed or dropped.


  • Dovetail_MD
    Dovetail_MD Posts: 81  Ally Member
    First Anniversary First Comment
    Answer ✓
    Options
    Thank you - I will have a poke around.

    One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?

    For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement

Security Highlight