ADP hits are sporadical, rarely from same IP. Do you add the IP's to blocking rules?

Zyxel_USG_User

Please elaborate a bit why yes respectively no, thank you.

Zyxel_Kay

Hi @Zyxel_USG_User

The firewall processes packets by first checking them against the ADP (Anomaly Detection & Prevention) rules. If a packet is blocked by ADP, there's no need to create additional security policies for that specific traffic. The ADP effectively takes precedence, so setting up redundant blocking rules in your security policy isn't necessary.

To assist you further, could you please provide the following details:

• The specific concerns or issues you're experiencing with ADP hits.
• A description of your current configuration settings.
• If possible, please share your device's diagnostic file with us via private message.
• A screenshot of the relevant event logs to help us better understand the situation.

Zyxel_USG_User

That explained how the firewall works and which rules are used when, all good.

Zyxel_Kay

Hi @Zyxel_USG_User

The firewall processes packets by first checking them against the ADP (Anomaly Detection & Prevention) rules. If a packet is blocked by ADP, there's no need to create additional security policies for that specific traffic. The ADP effectively takes precedence, so setting up redundant blocking rules in your security policy isn't necessary.

To assist you further, could you please provide the following details:

• The specific concerns or issues you're experiencing with ADP hits.
• A description of your current configuration settings.
• If possible, please share your device's diagnostic file with us via private message.
• A screenshot of the relevant event logs to help us better understand the situation.

Zyxel_USG_User

That explained how the firewall works and which rules are used when, all good.