Is my Flex 100 hacked? Traffic out of the bleu blocked

tesagig
tesagig Posts: 60  Ally Member
First Comment Friend Collector Fourth Anniversary
edited January 2023 in Security
Today, all clients started to have issues getting to the "internet"
No matter what web page that was requested the Flex content filter blocked. After disabling the content filter basic web is working again, somewhat...

However, special port requirements are blocked. Although configured to be allowed for outbound traffic. e.g.

2023-01-05 18:25:57
    
alert
    
Warning web sites
    
ocsp.sca1b.amazontrust.com:Service is unavailable: query timeout, Rule_name:General_Internet, SSI:N (Content Filter)
    
x.x.x.x.x:55868
    
18.172.124.219:80
    
WEB WARNING



or

2023-01-05 18:36:35
alert
Warning web sites
gateway.zscloud.net:Service is unavailable: query timeout, Rule_name:General_Internet, SSI:N (Content Filter)
x.x.x.x.x:61482
165.225.56.27:80
WEB WARNING




1
2023-01-05 18:41:19
alert
Warning web sites
time.cp.dyson.com:Service is unavailable: query timeout, Rule_name:General_Internet, SSI:N (Content Filter)
x.x.x.x:58852


Netflix doesn't work either.

I get those warnings (which block) even after disabling content filter.


I am a bit at a loss what happened (with no config change ...)


as a temporary "workaround" I disabled "home_office" profile


All Replies

  • tesagig
    tesagig Posts: 60  Ally Member
    First Comment Friend Collector Fourth Anniversary
    or was there some Zyxel outage?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @tesagig,
    Greeting forum, Please kindly provide remote GUI access to check .
    Please see the inbox. You can restrict those IP addresses. 
    Thank you
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Hi @tesagig
    Thanks your remote. Currently the problem seems to be gone. 
    We suspect that there may be a connection issue with the update server at that time.
    We're investigating that and will update when any news . Thank you
    Kevin

Security Highlight