Default firewall rules
- add more logging, for monitoring;
- remove ipsec-vpn-rules since we don't use ipsec, they are present by default;
All Replies
-
Hi @TTpD
The default rules are for “allow” traffic except the last one.
It is including:
(1) From Intranet to Internet traffic
(2) From Intranet to ZyWALL
(3) VPN traffic to ZyWALL and Intranet.
If doesn’t match them, then traffic will deny by the last rule.
Of cause you can add From WAN to LAN rule for monitor your network usage.
But this rule may not catch any traffic if there is no any Port-Forwarding(NAT) rule to forwards traffic from Internet to Intranet.
If VPN traffic is unnecessary for your network environment, you can disable rule#10.
It is allowing default ports for VPN traffic from Internet to ZyWALL.
0 -
At the moment we are using SSL-VPN, but not L2TP/Ipsec and I was thinking about those unused rules only.We are not using Port Forwarding, so this is not a problem while logging everything for wan-to-lan which, by default, is already blocked (except for vpn ports) but only logging dropped packets, deny + log.In addition I think logging lan-to-wan could be useful, sometimes, but I don't know how consuming it could be on this device with average-joe-traffic-level: I'd prefer avoid stressing the fw too much or setting up a log server wherever possible.
0 -
Hi @TTpD
If you would like to monitor interface usage, you can go to Monitor > Port statistics > switch to graphic view.
It has recorded last 24 hours port usage per physical port.
And also if you would like to check traffic by IP address, or service port. You can Go to Monitor > Traffic Statistics.
After enabled “collect” function, it will start to collecting traffic those forwarded by USG.
You can filter the data by Interface/ Client IP address / Service port.
0 -
Hi @TTpD
You can also consider SecuReporter.
The server can help to analyzing all of the traffic forwarded by USG, and filter network usage by WebSites/Applications/Users/Countries….etc.
All of traffic data are saved on cloud server, then there without any security concern.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight