How to configure ADP block IP time period?

Options
Zyxel_Jeff
Zyxel_Jeff Posts: 1,119  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited July 2023 in Security Service

Background and Scenario:

Could it be possible to limit the tries from a certain IP to a port forward on the USG FLEX series? For example, someone that sends a DOS to an opened port, if he tries 5 times in a short amount of time, that is blocked for 1 hour.

Answer:

You could configure the block period to 3600 seconds on the ADP profile, as below:

Therefore, if the firewall detects there are ADP events, and will block the suspicious source IP.

Please refer to the below description of Block Period: "Specify for how many seconds the Zyxel Device blocks all packets from being sent to the victim (destination) of a detected anomaly attack. Flood Detection applies blocking to the destination IP address and Scan Detection applies blocking to the source IP address."