Improving security
Ally Member
Presumably the "security policy" items are the key items to take a look at?
Best Answers
-
Thank you - I will have a poke around.One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement0
-
Hi Dovetail_MD
The traffic allowed/blocked log entries are managed by policy control. So device needs additional policy control to monitor it.
As your example, if device has forwarded 25 port by NAT rule.The policy control should setup like this:
From: WAN, To: LAN, Source: Any, Destination: YOUR-SERVER, Service: SMTP, Action: Allowed, Log Matched Traffic: Log
5
Zyxel Employee
All Replies
-
The default in a SNAT setup is to allow all from LAN1 to WAN so you can limit what goes out the USG by setting up rule from LAN1 to WAN to not need all from LAN1 to WAN.
You can setup a group like TCP and UDP and add ports in each to then select it for a firewall rule.
1 -
Hi @Dovetail_MD
You can setup policy control to check traffics been allowed or dropped.
In policy control, “log matched traffic” should selected as “log” or “log alert”
And you can go to monitor > Log make sure if traffic is passed or dropped.
1 -
Thank you - I will have a poke around.One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement0
-
Hi Dovetail_MD
The traffic allowed/blocked log entries are managed by policy control. So device needs additional policy control to monitor it.
As your example, if device has forwarded 25 port by NAT rule.The policy control should setup like this:
From: WAN, To: LAN, Source: Any, Destination: YOUR-SERVER, Service: SMTP, Action: Allowed, Log Matched Traffic: Log
5
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.6K Security
- 240 USG FLEX H Series
- 268 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 386 News and Release
- 83 Security Advisories
- 28 Education Center
- 9 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight
