How to restrict Configuration access from WAN to Zywall?

SierraTech
SierraTech Posts: 42  Freshman Member
First Comment Friend Collector Sixth Anniversary
edited April 24 in Security

Greetings:

I keep receiving the following message:

"Warning: You have a rule that allows anyone from the Internet to access the web mgmt. interface and SSL VPN service.
To reduce the attack surface, please press the button to update security settings."

When I do, I get the popup (see initially after login), but I don't want to put an IP address in Trusted Host (unless I can use a NULL ADDRESS).

My intent is to allow Port Forwards, but block WAN Web Configurator. I'm setting up a new Router USG FLEX 50W (USG20W-VPN) I purchased for a business client. I can't seem to find a newer article that matches the FLEX firmware.

Accepted Solution

  • SierraTech
    SierraTech Posts: 42  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Answer ✓

    II called Tech Support, and the answer was to Disable:


    "Wiz_HTTP_Not_Restrict_0"

    to Prevent WAN Access in Configuration>Security Policy> Policy Control:

    Another issue I was having is inability to login into Web Configurator from a Windows 10 machine. I will post result of that finding under a different subject, because Tech had not seen this issue previously, and I know I'm not the only one who has encountered this issue.

All Replies

  • SierraTech
    SierraTech Posts: 42  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Answer ✓

    II called Tech Support, and the answer was to Disable:


    "Wiz_HTTP_Not_Restrict_0"

    to Prevent WAN Access in Configuration>Security Policy> Policy Control:

    Another issue I was having is inability to login into Web Configurator from a Windows 10 machine. I will post result of that finding under a different subject, because Tech had not seen this issue previously, and I know I'm not the only one who has encountered this issue.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @SierraTech

    Thank you for your post and comment. We are glad that you have resolved this problem.


    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • SierraTech
    SierraTech Posts: 42  Freshman Member
    First Comment Friend Collector Sixth Anniversary

    @Zyxel_Jeff

    I notice My personal USG20W-VPN did not have "Wiz_HTTP_Not_Restrict_0" in "Policy Control" after upgrading to  USG FLEX 50W firmware last year (as found in new unit I'm setting up).

    I also have been receiving notice:

    "Warning: You have a rule that allows anyone from the Internet to access the web mgmt. interface and SSL VPN service.
    To reduce the attack surface, please press the button to update security settings."

    The Group policies for HTTP HTTPS etc. were added during upgrade, so I duplicated the Top Priority rule on new router (and disabled it):

    "Wiz_HTTP_Not_Restrict_0"

    This seemed to resolve security notification on my personal router as well.

Security Highlight