[NEBULA] How to protect my network/NSG by using firewall rules on NSG?

Zyxel_Jason
Posts: 413
Zyxel Employee





Scenario 1:
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.

Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:

Firewall rules:

Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.

Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.

Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:

Firewall rules:

Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.

Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Jason
Tagged:
0
Categories
- All Categories
- 426 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 344 USG FLEX H Series
- 288 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 404 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight