Managing Security Services for USG FLEX H Series on NCC

Options
Zyxel_Claudia
Zyxel_Claudia Posts: 171  Zyxel Employee
Network Detective-New Adventure Badge Network Detective Badge First Comment Friend Collector
in Other Topics

With Nebula 18.30, users can now configure various security services for USG FLEX H Series firewalls directly on NCC.

Security Services Now Configurable on NCC

Path: Site-wide > Configure > Firewall > Security Services

Users can now manage the following security services:

  • Content Filter
  • Application Patrol
  • IP Exception
  • DNS Threat Filter
  • URL Threat Filter
  • IP Reputation
  • Anti-Malware
  • Sandboxing
  • Intrusion Prevention System (IPS)
  • External Block List (EBL)

In this release, some settings are NOT supported on NCC, including:

Content Filter unsupported settings:

  • Action selection
  • Log Alert setting
  • Log Allowed Traffic
  • SSLv3 connection: Drop Log
  • Allow HTTP(S) traffic for allow lists only
  • Allow List: Log
  • Blocked URL Keywords

Reputation Filter Unsupported settings:

  • Log Alert setting

Anti-Malware Unsupported settings:

  • Log Alert setting
  • EICAR test virus scan
  • File size limit configuration
  • Destroy infected file option

Sandboxing Unsupported settings:

  • Separate log settings for “Malicious Files” and “Suspicious Files” (they now share the same log setting)
  • Separate policy settings for “Suspicious Files” and “Malicious Files” (they now share the same action policy)

Intrusion Prevention System (IPS) Unsupported settings:

  • Signature Query
  • Rate-Based Signatures
  • Allow List

Important Notes:

  • Unsupported settings must be configured via local Web GUI.
  • If any setting is modified on NCC, the entire profile will be re-pushed to the firewall, potentially overriding local settings.
Tagged:

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)