[ATP/FLEX] Why the firewall rule set to WAN to Any,but cannot block Geo IP to establish VPN?
Zyxel_Jeff
Posts: 1,206 
Zyxel Employee
Zyxel Employee
Question :
Why is the firewall rule set to WAN to Any, but it cannot block Geo IP from establishing a VPN, as shown below?
Answer :
Because the direction 'Any' doesn't include 'Device', the VPN traffic (UDP 500 and 4500) will still be passed to the firewall normally and won't be dropped by the security. To avoid this, please modify 'Any' to 'Device' and it will drop VPN traffic toward the firewall, as shown below:
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
Tagged:
0
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 139 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.5K Security
- 196 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 40 Wireless Ideas
- 6.2K Consumer Product
- 241 Service & License
- 379 News and Release
- 80 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 81 About Community
- 70 Security Highlight