Usg 100 flex policy rules

mariorossi

Hi everyone, from the log I saw that the server establishes a connection with the IP located in Germany on port 443

but I can't understand which application establishes this connection, much less whether it is a legal connection. In the firewall I found this rule set:

when I disable this rule the connections to the German IP cease.

Can you help me understand?

PeterUK

That rule seems to allow everything if nothing goes wrong with it disable then remove it

Zyxel_Kevin

Hi @mariorossi ,

Greeting forum, As PeterUK said, the rules seems to allow eveything.

Please disable/remove it.

Thank you

PeterUK

That rule seems to allow everything if nothing goes wrong with it disable then remove it

Zyxel_Kevin

Hi @mariorossi ,

Greeting forum, As PeterUK said, the rules seems to allow eveything.

Please disable/remove it.

Thank you

mariorossi

https://community.zyxel.com/en/discussion/comment/64878#Comment_64878

Thanks for the reply, rule removed. By eliminating the rule I now only see a series of ACCESS BLOCKS!
I don't understand though, what are all these Wiz_HTTPS connections still?

Can you give me one more piece of advice?

One last question, I have an application that needs to connect outgoing to the ftp port, do I need to create a rule for the outgoing connection?

Thank you again.

PeterUK

Would seem to be outbound connections not sure why you have a Wiz_HTTPS you should look in your object > service for this Wiz_HTTPS and click References to find the rule(s) it apply too.

By default their are some rules that allow like LAN to any which if you don't want to allow all outbound and really lock down what is allowed out you can changed this