Disable UTM for specific device

Options
swissmawi
swissmawi Posts: 2
First Comment
edited August 2023 in Security

Hello. Our usg60 is connected to the internet via 1GBit/s FTTH symmetric. We have 1 public IP. The device runs as max security with UTM enabled. It works fine. Max speed behind the firewall is around 90MBit/s.

Now there will be one new device behind the firewall which needs maximum speed, not maximum security. How could we achieve that device to get the full 1GBit/s bypassing UTM?

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 616  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hello @swissmawi Welcome to Zyxel commnity!

    UTM service includes APP Patrol, Content Filter, IDP, and anti-virus. All of them request to create a profile and then apply it to a policy rule. So to bypass a specific host from UTM service, you just make sure the host does not correspond to the policy rule.

    For example, when you apply a UTM service to LAN1_outgoing rule, if the host is in LAN1, the traffic from the host must be detected by the UTM service. The solution is to create a new rule with a higher priority for the specific host, and don't apply any UTM service to this rule.

    Please refer to the screenshot below, 192.168.1.100 is the host needs to bypass the UTM service, so I create a new rule for this host and does not apply any UTM service to it.

All Replies

  • Zyxel_James
    Zyxel_James Posts: 616  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hello @swissmawi Welcome to Zyxel commnity!

    UTM service includes APP Patrol, Content Filter, IDP, and anti-virus. All of them request to create a profile and then apply it to a policy rule. So to bypass a specific host from UTM service, you just make sure the host does not correspond to the policy rule.

    For example, when you apply a UTM service to LAN1_outgoing rule, if the host is in LAN1, the traffic from the host must be detected by the UTM service. The solution is to create a new rule with a higher priority for the specific host, and don't apply any UTM service to this rule.

    Please refer to the screenshot below, 192.168.1.100 is the host needs to bypass the UTM service, so I create a new rule for this host and does not apply any UTM service to it.

  • swissmawi
    Options

    Thanks for the clear and complete answer. This is really helpful.

Security Highlight