USG20-VPN -> Security policy -> Default rule

Options
Escagency
Escagency Posts: 2  Freshman Member

Hi there,

We own a USG20-VPN running as our gateway-firewall with the wan-nic connected to the Internet.

Checking the configuration we've found something i (hope) don't understand.

What looks to me like the default (catch-all) rule is set to "Allow"…(see image) but i was expecting to find it set to "Deny" !

USG20-VPN.png

There is something i'm missing or our firewall is really allowing traffic from everywhere ?

Thanks

All Replies

  • PeterUK
    PeterUK Posts: 3,890  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited July 14

    Some how it changed but you can set it to deny and log again.

  • Zyxel_Tina
    Zyxel_Tina Posts: 79  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 5 Answers First Comment
    edited July 16

    Hi @Escagency,

    Welcome to Zyxel Community!

    Based on the picture you provided, we recommend editing the default policy action to 'deny', or upgrading your device to the latest firmware version V5.40(ABAQ.0).

    Before updating the firmware, please download and back up the current running startup-config.conf file. from MAINTENANCE > File Manager > Configuration File.

    The following steps describe procedures to upload firmware and reboot the device.

    1. Upload firmware to the standby partition.
    2. Click Yes to reboot the Zyxel Device.
    3. The firmware you uploaded is copied from the standby partition to the running partition.
    4. Your current configuration settings are saved.
    5. The Zyxel Device reboots. The firmware you uploaded becomes the running firmware. Your current
      configuration settings are applied.

    Zyxel Tina