Disable VPN access
Hello,
I don't understand: I don't have any activated IPSEC profiles, nor SSL, nor L2TP.
Why I this guy is able to initiate a connexion with my firewall and why firewall answer?
10 | 2023-03-01 13:30:22 | info | IKE | ISAKMP SA [] is disconnected | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
---|---|---|---|---|---|---|---|
11 | 2023-03-01 13:30:22 | info | IKE | The cookie pair is : 0x3e35c7072 / 0x294ccd95f | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
12 | 2023-03-01 13:29:22 | info | IKE | Send:[NOTIFY:NO_PROPOSAL_CHOSEN] | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
13 | 2023-03-01 13:29:22 | info | IKE | The cookie pair is : 0x3e35c7072 / 0x294ccd95f | 222.154.x.x:500 | 184.105.x.x:34998 | IKE_LOG |
14 | 2023-03-01 13:29:22 | info | IKE | Recv:[SA] | 184.105.x.x:34998 | 222.154.x.x:500 | IKE_LOG |
15 | 2023-03-01 13:29:22 | info | IKE | The cookie pair is : 0x294ccd95f / 0x3e35c70729 | 184.105.x.x:34998 | 222.154.x.x:500 | IKE_LOG |
16 | 2023-03-01 13:29:22 | info | IKE | Recv Main Mode request from [184.105.x.x] | 184.105.x.x:34998 | 222.154.x.x:500 | IKE_LOG |
17 | 2023-03-01 13:29:22 | info | IKE | The cookie pair is : 0x3e35c7072 / 0x0000000000 | 184.105.x.x:34998 | 222.154.x.x:500 |
Is there a way to turn off VPN connexions?
Kind regards
Accepted Solution
-
Hi @mat17
For easy setup of VPN configuration on the firewall, it allows VPN service ports from the internet to the device by default policy control rule.
However, if you would like to block all VPN requests from the internet, you can remove UDP500(IKE) and UDP4500(NATT) service ports from the "Default_Allow_WAN_To_ZyWALL" object group.
1
All Replies
-
Hi @mat17
For easy setup of VPN configuration on the firewall, it allows VPN service ports from the internet to the device by default policy control rule.
However, if you would like to block all VPN requests from the internet, you can remove UDP500(IKE) and UDP4500(NATT) service ports from the "Default_Allow_WAN_To_ZyWALL" object group.
1 -
Hello @mat17
If you have IPsec, L2TP, and SSL profile, the logs will still show the IKE logs when IPSec, SSL, and L2TP is inactive, it's inevitable, however, the device won't respond actually.
If don't have any IPsec, L2TP, and SSL profile, then you can remove IKE, ESP, and NATT from the object Default_Allow_WAN_To_ZyWALL, then there will be no related log. (like Stanley suggested)
You can capture packets on the WAN interface to verify the behavior, so don't worry about it.If you don't use any VPN feature and find it annoying, you can disable the VPN related log, please go to CONFIGURATION > Log & Settings > System Log, and disable the log of the VPN category, thank you.
James
1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight