Don't hide DNS filtering rules on Flex H series
Freshman Member
Hello,
When creating a DNS filtering rules, it in reality creates two (one for lan to wan, one for lan to Zywall). Could you not hide the second rule ? (Like it was the case on non H Flex series)
Comments
-
Hi @Zulgrib,
Thanks for your input!
Please allow me to clarify:
Before, in the USG FLEX (ZLD) firewalls, DNS filtering profiles were created but users often forgot to also apply them on LAN to ZyWALL, leading to confusion where the feature looked like it wasn’t working.
To prevent this common “missing config” issue, USG FLEX H series firewalls (uOS) automatically add the DNS profile to the LAN → ZyWALL direction, so DNS filtering works for both:
- LAN → WAN
- LAN → ZyWALL (internal/device traffic)
This means no manual policy/profile assignment is required for LAN → ZyWALL on FLEX H devices since it’s already handled by the system by design.
Therefore, the 2nd rule is due to the spec design and ensures consistent protection and clearer user experience.
We'll be monitoring the votes and comments as part of our evaluation process. If anyone likes this idea, please show your support by leaving a comment or voting for it.
Zyxel Tina
0 -
I think I might of seem the same thing when the FLEX 200 H was in testing….
DNS being answered on the WAN — Zyxel Community
The way in which my setup was done back then for testing means DNS was allowed on the WAN
0
Zyxel Employee
Guru Member
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 210 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 538 USG FLEX H Series
- 340 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 295 Service & License
- 462 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight
