Does ADP take into consideration the GeoIP and the rules with blocked ranges?

Zyxel_USG_User
Zyxel_USG_User Posts: 6  Freshman Member
First Comment

Does ADP take into consideration the blocking rules entered in the GeoIP? I have for example blocked specific countries, and still there are often ADP hits from these blocked countries.

I am aware tha the GeoIP database for any country or continent may not include the latest status for public IP ranges, but nevertheless - I get ADP hits from all the blocked countries.

Can somebody answer my question above?

Many thanks in advance

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,631  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @Zyxel_USG_User ,

    Based on your description, we assume you've implemented GeoIP blocking rules in your firewall security policy. However, it's important to understand the processing order:

    • ADP (Anomaly Detection & Prevention) rules take priority over firewall security rules. The firewall first checks incoming packets against ADP rules.
    • If a packet is not blocked by ADP, the firewall then checks it against security policies.

    Key point: ADP does not consider the blocking rules set in GeoIP. This means that even if you have GeoIP rules in firewall security policy, ADP will process packets independently of these rules.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,631  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @Zyxel_USG_User ,

    Based on your description, we assume you've implemented GeoIP blocking rules in your firewall security policy. However, it's important to understand the processing order:

    • ADP (Anomaly Detection & Prevention) rules take priority over firewall security rules. The firewall first checks incoming packets against ADP rules.
    • If a packet is not blocked by ADP, the firewall then checks it against security policies.

    Key point: ADP does not consider the blocking rules set in GeoIP. This means that even if you have GeoIP rules in firewall security policy, ADP will process packets independently of these rules.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight