From USG110 to USGFlex200, blocking management from WAN doesn't work anymore

rlacti

Hi everyone,

I recenty changed an old Zywall USG 110 by a new USG Flex200. I couldn't import the same configuration because it's not the same model, so I had to set up the new one manually. It was not really a problem and it was quite quick because I have a simple configuration, but even with the same settings the behaviour is different about the remote management (from WAN).

I set up an SSL VPN, so I had to add "https" to the "default WAN to zywall" service. In order to block any access to the management interface from WAN, in the menu SYSTEM/WWW I add a rule to "Admin Service Control" like "zone:WAN Addresse:ALL Action:deny". It worked like a charm on the USG 110 since years (it shows "access deny" when trying to connect from WAN), but with the USG Flex200 I still have a full access to the management from WAN !

Some screenshoots :

1. On the old USG110 :

2. On the new USG Flex200 :

But I still have access to the remote management from WAN with the USG Flex200. What I am doing wrong ?

Thanks !

Zyxel_Cooldia

Hi @rlacti ,

Welcome to Zyxel community.😀

You can check if device wan interface is in WAN zone member list.

rlacti

Hi Zyxel_Cooldia,

Yes, my WAN port is "WAN1" and he is in the "WAN" zone :

I still don't understand why the behaviour is different between USG110 and USG Flex200 :-( .

PeterUK

Try doing it like this

But as to your problem maybe you had SSL in SSL_VPN zone and not set the SSL in WAN zone?

Zyxel_Cooldia

Hi @rlacti ,

Can you send me your startup configuraiton file in PM.

I would like to test based on your configuration file.