ZyWall USG 100

Options

Hey guys

I have a USG 100 at home to try to learn something about.

I reseted the ZyWall so everything is default. Why is a Server accessable in the DMZ zone but not on Lan1? By default the security rules are all the same (any), so the server should be accessable also on Lan1 or do I miss something?

Best regards

All Replies

  • PeterUK
    PeterUK Posts: 2,722  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    You should change the default rule so that from LANx/DMZ goes to WAN and not to any for security.

  • Jay003
    Options

    Hi PeterUK

    Thx for your answer. Yes, I know, but that does not answer my question. If it is on "any" it should allow everything. But why only the DMZ zone is accessable from outside on default settings? All the other zones (like Lan1) are also open by default. But I cannot ping some of the other zones, only DMZ, but they are all configured the same as default.

    Best regards

  • PeterUK
    PeterUK Posts: 2,722  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Don't get your problem by default you have

    LAN1 to any

    LAN2 to any

    DMZ to wan

    DMZ can't get to LAN1 or LAN2 and LAN1 and LAN2 can get to DMZ

  • PeterUK
    PeterUK Posts: 2,722  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    If you can't ping LAN1 to LAN2 its likely the device has a firewall

  • Jay003
    Options

    thx for your reply.

    For DMZ there are two rules:

    DMZ to any

    DMZ to WAN

    Maybe the WAN rule is overwritting the other.

  • PeterUK
    PeterUK Posts: 2,722  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    In which case DMZ to WAN allow does nothing because DMZ to any allows all no matter what order.

    if you don't want DMZ to LAN1 or LAN2 remove DMZ to any

  • Jay003
    Options

    Okay, but if DMZ to any allows everything, why Lan1 to any doesnt?

    So Lan1 should be the same as DMZ, right? So the clients on Lan1 should be accessable (same as on DMZ). But doesnt.

  • PeterUK
    PeterUK Posts: 2,722  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    The device your trying to ping might have a firewall

Security Highlight