Usg 100 flex policy rules

mariorossi
mariorossi Posts: 2
Friend Collector First Comment
edited April 23 in Security

Hi everyone, from the log I saw that the server establishes a connection with the IP located in Germany on port 443

but I can't understand which application establishes this connection, much less whether it is a legal connection. In the firewall I found this rule set:

when I disable this rule the connections to the German IP cease.

Can you help me understand?

Best Answers

  • PeterUK
    PeterUK Posts: 3,158  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    Answer ✓

    That rule seems to allow everything if nothing goes wrong with it disable then remove it

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 862  Zyxel Employee
    100 Answers Second Anniversary 500 Comments Zyxel Certified Sales Associate
    Answer ✓

    Hi @mariorossi ,

    Greeting forum, As PeterUK said, the rules seems to allow eveything.

    Please disable/remove it.

    Thank you

All Replies

  • PeterUK
    PeterUK Posts: 3,158  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    Answer ✓

    That rule seems to allow everything if nothing goes wrong with it disable then remove it

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 862  Zyxel Employee
    100 Answers Second Anniversary 500 Comments Zyxel Certified Sales Associate
    Answer ✓

    Hi @mariorossi ,

    Greeting forum, As PeterUK said, the rules seems to allow eveything.

    Please disable/remove it.

    Thank you

  • mariorossi
    mariorossi Posts: 2
    Friend Collector First Comment

    Thanks for the reply, rule removed. By eliminating the rule I now only see a series of ACCESS BLOCKS!
    I don't understand though, what are all these Wiz_HTTPS connections still?

    Can you give me one more piece of advice?

    One last question, I have an application that needs to connect outgoing to the ftp port, do I need to create a rule for the outgoing connection?

    Thank you again.

  • PeterUK
    PeterUK Posts: 3,158  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    Would seem to be outbound connections not sure why you have a Wiz_HTTPS you should look in your object > service for this Wiz_HTTPS and click References to find the rule(s) it apply too.

    By default their are some rules that allow like LAN to any which if you don't want to allow all outbound and really lock down what is allowed out you can changed this

Security Highlight