How to restrict Configuration access from WAN to Zywall?
Greetings:
I keep receiving the following message:
"Warning: You have a rule that allows anyone from the Internet to access the web mgmt. interface and SSL VPN service.
To reduce the attack surface, please press the button to update security settings."
When I do, I get the popup (see initially after login), but I don't want to put an IP address in Trusted Host (unless I can use a NULL ADDRESS).
My intent is to allow Port Forwards, but block WAN Web Configurator. I'm setting up a new Router USG FLEX 50W (USG20W-VPN) I purchased for a business client. I can't seem to find a newer article that matches the FLEX firmware.
Accepted Solution
-
II called Tech Support, and the answer was to Disable:
"Wiz_HTTP_Not_Restrict_0"to Prevent WAN Access in Configuration>Security Policy> Policy Control:
Another issue I was having is inability to login into Web Configurator from a Windows 10 machine. I will post result of that finding under a different subject, because Tech had not seen this issue previously, and I know I'm not the only one who has encountered this issue.
1
All Replies
-
II called Tech Support, and the answer was to Disable:
"Wiz_HTTP_Not_Restrict_0"to Prevent WAN Access in Configuration>Security Policy> Policy Control:
Another issue I was having is inability to login into Web Configurator from a Windows 10 machine. I will post result of that finding under a different subject, because Tech had not seen this issue previously, and I know I'm not the only one who has encountered this issue.
1 -
Hi @SierraTech
Thank you for your post and comment. We are glad that you have resolved this problem.
See how you've made an impact in Zyxel Community this year!
0 -
I notice My personal USG20W-VPN did not have "Wiz_HTTP_Not_Restrict_0" in "Policy Control" after upgrading to USG FLEX 50W firmware last year (as found in new unit I'm setting up).
I also have been receiving notice:
"Warning: You have a rule that allows anyone from the Internet to access the web mgmt. interface and SSL VPN service.
To reduce the attack surface, please press the button to update security settings."The Group policies for HTTP HTTPS etc. were added during upgrade, so I duplicated the Top Priority rule on new router (and disabled it):
"Wiz_HTTP_Not_Restrict_0"
This seemed to resolve security notification on my personal router as well.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight