USG Flex 200: Can i set a threshold limit on emails notificatons recieved from a Security Policy?
Freshman Member
Scenario:
We recently applied a security policy called "Blocked_IPs" on a client's USG Flex 200. The goal was to prevent certain LAN IP addresses from accessing both the local network and the internet if their activity appeared suspicious.
Earlier today, we added a mobile device to the block list after detecting signs of botnet activity. The policy is configured to "Log alert" for all matching traffic, which—based on my understanding—generates an alert for every single connection attempt.
As a result, with the nature of botnet activity, our email inbox was flooded with alerts, most of which were unnecessary and overwhelming.
Suggested Improvement (if not already available):
It would be very helpful if the firewall offered a threshold or rate-limiting feature for alert notifications. For example, a configurable option to send a summary report of matched activity every 5 minutes—rather than individual alerts—would significantly reduce noise while still keeping us informed of potential threats.
Categories
- All Categories
- 434 Beta Program
- 2.6K Nebula
- 172 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 404 USG FLEX H Series
- 296 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 267 Service & License
- 412 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
