From USG110 to USGFlex200, blocking management from WAN doesn't work anymore

Options
rlacti
rlacti Posts: 3
First Comment

Hi everyone,

I recenty changed an old Zywall USG 110 by a new USG Flex200. I couldn't import the same configuration because it's not the same model, so I had to set up the new one manually. It was not really a problem and it was quite quick because I have a simple configuration, but even with the same settings the behaviour is different about the remote management (from WAN).

I set up an SSL VPN, so I had to add "https" to the "default WAN to zywall" service. In order to block any access to the management interface from WAN, in the menu SYSTEM/WWW I add a rule to "Admin Service Control" like "zone:WAN Addresse:ALL Action:deny". It worked like a charm on the USG 110 since years (it shows "access deny" when trying to connect from WAN), but with the USG Flex200 I still have a full access to the management from WAN !

Some screenshoots :

  1. On the old USG110 :

2. On the new USG Flex200 :

But I still have access to the remote management from WAN with the USG Flex200. What I am doing wrong ?

Thanks !

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,454  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @rlacti ,

    Welcome to Zyxel community.😀

    You can check if device wan interface is in WAN zone member list.

  • rlacti
    rlacti Posts: 3
    First Comment
    Options

    Hi Zyxel_Cooldia,

    Yes, my WAN port is "WAN1" and he is in the "WAN" zone :

    I still don't understand why the behaviour is different between USG110 and USG Flex200 :-( .

  • PeterUK
    PeterUK Posts: 2,758  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2023
    Options

    Try doing it like this

    But as to your problem maybe you had SSL in SSL_VPN zone and not set the SSL in WAN zone?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,454  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @rlacti ,

    Can you send me your startup configuraiton file in PM.

    I would like to test based on your configuration file.

Security Highlight