Disable VPN access
Freshman Member
Hello,
I don't understand: I don't have any activated IPSEC profiles, nor SSL, nor L2TP.
Why I this guy is able to initiate a connexion with my firewall and why firewall answer?
10 | 2023-03-01 13:30:22 | info | IKE | ISAKMP SA [] is disconnected | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
|---|---|---|---|---|---|---|---|
11 | 2023-03-01 13:30:22 | info | IKE | The cookie pair is : 0x3e35c7072 / 0x294ccd95f | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
12 | 2023-03-01 13:29:22 | info | IKE | Send:[NOTIFY:NO_PROPOSAL_CHOSEN] | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
13 | 2023-03-01 13:29:22 | info | IKE | The cookie pair is : 0x3e35c7072 / 0x294ccd95f | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
14 | 2023-03-01 13:29:22 | info | IKE | Recv:[SA] | 184.105.x.x:34998 | 222.154.x.x:500 | IKE_LOG |
15 | 2023-03-01 13:29:22 | info | IKE | The cookie pair is : 0x294ccd95f / 0x3e35c70729 | 184.105.x.x:34998 | 222.154.x.x:500 | IKE_LOG |
16 | 2023-03-01 13:29:22 | info | IKE | Recv Main Mode request from [184.105.x.x] | 184.105.x.x:34998 | 222.154.x.x:500 | IKE_LOG |
17 | 2023-03-01 13:29:22 | info | IKE | The cookie pair is : 0x3e35c7072 / 0x0000000000 | 184.105.x.x:34998 | 222.154.x.x:500 |
Is there a way to turn off VPN connexions?
Kind regards
Accepted Solution
-
Hi @mat17
For easy setup of VPN configuration on the firewall, it allows VPN service ports from the internet to the device by default policy control rule.
However, if you would like to block all VPN requests from the internet, you can remove UDP500(IKE) and UDP4500(NATT) service ports from the "Default_Allow_WAN_To_ZyWALL" object group.
1
Zyxel Employee
All Replies
-
Hi @mat17
For easy setup of VPN configuration on the firewall, it allows VPN service ports from the internet to the device by default policy control rule.
However, if you would like to block all VPN requests from the internet, you can remove UDP500(IKE) and UDP4500(NATT) service ports from the "Default_Allow_WAN_To_ZyWALL" object group.
1 -
Hello @mat17
If you have IPsec, L2TP, and SSL profile, the logs will still show the IKE logs when IPSec, SSL, and L2TP is inactive, it's inevitable, however, the device won't respond actually.
If don't have any IPsec, L2TP, and SSL profile, then you can remove IKE, ESP, and NATT from the object Default_Allow_WAN_To_ZyWALL, then there will be no related log. (like Stanley suggested)
You can capture packets on the WAN interface to verify the behavior, so don't worry about it.If you don't use any VPN feature and find it annoying, you can disable the VPN related log, please go to CONFIGURATION > Log & Settings > System Log, and disable the log of the VPN category, thank you.
James
1
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 79 Nebula Status and Incidents
- 5.1K Security
- 73 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
