What are the different containment actions available in CDR, and how do they behave?
Zyxel Employee
Question:
What are the different containment actions available in CDR, and how do they behave?
Answer:
Alert: This action simply sends an alert notification email to the configured recipient and does not restrict client traffic.
Block: This blocks the client's traffic on both the Nebula AP and Firewall, and redirects the user to a local or external notification block page.
Quarantine: This action is specifically for wireless clients. After a compromised wireless station disassociates, it is dynamically assigned to a dedicated Quarantine VLAN to isolate it from the rest of the network.
Note on Notifications: Only the "Alert" action will send email notifications. The "Block" action will just block traffic without an email alert, and "Quarantine" only applies to wireless APs.
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 229 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 661 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 305 Service & License
- 496 News and Release
- 95 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight