[NEBULA] How to protect my network/NSG by using firewall rules on NSG?
Options

Zyxel_Jason
Posts: 420
Zyxel Employee





Scenario 1:
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.

Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:

Firewall rules:

Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.

Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Deny specific IP from other LAN/VLAN to access a server in LAN2.
Ex:
The user wants to deny 192.168.1.10 to access the server with IP address 192.168.2.10.

Scenario 2:
Deny specific IP from WAN to access a server in LAN which you have configured virtual server (port forwarding) for it.
Ex:
The user wants to deny 36.226.189.2 from WAN to access his/her server with IP address 192.168.4.33.
Virtual server:

Firewall rules:

Scenario 3:
Only allow trusted IP address can access NSG via HTTP/HTTPS from WAN.
Ex:
The user wants to allow 36.226.189.2 to access the WebGUI of NSG.

Note:
1. Since the setting is "none" by default to prevent NSG's HTTP/HTTPS service port being the attacker's target on the Internet. We would recommend the user only configure trust public IP that you need to access from WAN and avoid to configure "any" in general scenario.
2. We also recommend the user to configure Allowed Remote IP in virtual server for security concern.
Jason
Tagged:
0
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 426 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight