Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
[NEBULA] How to protect my network/NSG by using firewall rules on NSG?
Zyxel_Jason
Posts: 411 
Zyxel Employee
Zyxel Employee
Scenario 1:
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.
Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:
Firewall rules:
Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.
Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.
Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:
Firewall rules:
Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.
Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Jason
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
Tagged:
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight