How to restrict Configuration access from WAN to Zywall?
Freshman Member
Greetings:
I keep receiving the following message:
"Warning: You have a rule that allows anyone from the Internet to access the web mgmt. interface and SSL VPN service.
To reduce the attack surface, please press the button to update security settings."
When I do, I get the popup (see initially after login), but I don't want to put an IP address in Trusted Host (unless I can use a NULL ADDRESS).
My intent is to allow Port Forwards, but block WAN Web Configurator. I'm setting up a new Router USG FLEX 50W (USG20W-VPN) I purchased for a business client. I can't seem to find a newer article that matches the FLEX firmware.
Accepted Solution
-
II called Tech Support, and the answer was to Disable:
"Wiz_HTTP_Not_Restrict_0"to Prevent WAN Access in Configuration>Security Policy> Policy Control:
Another issue I was having is inability to login into Web Configurator from a Windows 10 machine. I will post result of that finding under a different subject, because Tech had not seen this issue previously, and I know I'm not the only one who has encountered this issue.
1
All Replies
-
II called Tech Support, and the answer was to Disable:
"Wiz_HTTP_Not_Restrict_0"to Prevent WAN Access in Configuration>Security Policy> Policy Control:
Another issue I was having is inability to login into Web Configurator from a Windows 10 machine. I will post result of that finding under a different subject, because Tech had not seen this issue previously, and I know I'm not the only one who has encountered this issue.
1 -
Hi @SierraTech
Thank you for your post and comment. We are glad that you have resolved this problem.
0 -
I notice My personal USG20W-VPN did not have "Wiz_HTTP_Not_Restrict_0" in "Policy Control" after upgrading to USG FLEX 50W firmware last year (as found in new unit I'm setting up).
I also have been receiving notice:
"Warning: You have a rule that allows anyone from the Internet to access the web mgmt. interface and SSL VPN service.
To reduce the attack surface, please press the button to update security settings."The Group policies for HTTP HTTPS etc. were added during upgrade, so I duplicated the Top Priority rule on new router (and disabled it):
"Wiz_HTTP_Not_Restrict_0"
This seemed to resolve security notification on my personal router as well.
0
Zyxel Employee
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
