open port usg50 flex

baudetd
baudetd Posts: 44  Freshman Member
First Comment Third Anniversary
in Security

Hello,
On the USG50 Flex router,
I want to disable access to ports 80 and 443 via the WAN but not the LAN.
How do I configure this setting?

thanks

image.png

All Replies

  • PeterUK
    PeterUK Posts: 4,029  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    So if you have any rules with WAN to Zywall you want to deal with them as for Admin Service Control you want to do to two accept rules change the top one to zone LAN and the next one down to deny which overrides the bottom one.

    Screenshot 2025-09-10 140832.png
  • Zyxel_Tina
    Zyxel_Tina Posts: 208  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers First Comment

    Hi @baudetd,

    You can achieve this in two ways on the USG50 Flex:

    1. Check the Security Policy

    Go to Configuration > Security Policy > Policy Control.

    By default, the “WAN to ZyWALL” policy does not include ports 80 (HTTP) and 443 (HTTPS), meaning access from the WAN is already blocked.

    image.png

    However, if the policy’s Default_Allow_WAN_To_ZyWALL service includes HTTP and HTTPS, you will need to edit it:

    • Navigate to Configuration > Object > Service > Service Group
    • Remove HTTP and HTTPS from the member list. image.png

    2. Use Service Control (recommended for admin interface access)

    Navigate to Configuration > System > WWW > Service Control.

    For both HTTP (port 80) and HTTPS (port 443):

    • Under Control service administration or Control service user, make sure the WAN zone is set to deny or removed from the access list.
    • Ensure the LAN zone is set to accept.
    image.png

    Zyxel Tina

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)