IP Address Block (ranges) in Firewall rules

Falrath41

On the older USG60W/40W/20W-VPN security appliances, I was able to go to OBJECTS and create a block of IP Addresses. Then I could go to the FIREWALL and use the object I created to allow or deny access to those IP Addresses completely or on a schedule or use a different Content Filter Profile on them.

How do I create a Range of IP Addresses to DENY access for a set Schedule?

I know I can do it one by one, however, I would rather not have 150 rules to block 150 IP Addresses.

Zyxel_Jason

Hi @Falrath41,

Welcome to Zyxel community!

For IP range in the firewall rule, you may use CIDR and " , " to configure multiple IP addresses.
You may also configure schedule profile for it.

Hope it helps.

Falrath41

Thank you. 

I am using an NSG50. I setup the schedule profile, however I have 150 IP Addresses to put into this schedule. I am using a Long Range Outdoor Access Point which is not a Zyxel product, so I figured I would just setup the IP block in the DHCP from the NSG50 to deny access for the times outside the hours I want to block. So I can put 150 IP Addresses into 1 firewall rule?

Falrath41

Actually, I figured it out a different way of doing it.

Instead of denying access to the block of IP addresses, I just deny access to the AP itself for the scheduled times. I still have to test if this will work, but it would be nice to be able to create objects again where it can be a range of IP addresses or a list of different IP addresses.

Zyxel_Jason

Hi @Falrath41,

For using " - " to be source IP range in firewall rule, I will move this discussion to Idea section.
Currently, as I mentioned, please use CIDR and " , " to create lesser firewall rule for 150 IP addresses.

Thanks.