An attack Wan to Lan on Zywall 5

cicco
cicco Posts: 1  Freshman Member
edited April 2021 in Security
Good morning,
in my windows active directory, some users are disabled as if someone tried to force the password. I thought of an attack from the outside. I have a Zywall 5 and some public ip. The NAT (M-1) output is enabled for all clients from 192.168.1.1 to 192.168.1.255 on a public ip y.y.y.10 and for a machine I have a NAT 1-1 from 192.168.1.11 to y.y.y.11. I've always had attempts to access Wan to Wan to ip y.y.y.11 over the years. Now, in the firewall logs I see Wan to Lan attempts from some ip to 192.168.1.11. I do not understand how it's possible to see an ip of the lan from the outside. Can you help me?
Cicco

#Biz_Security_February

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    First Answer First Comment Third Anniversary
    The log should show remote user's Wan IP to Zywall5's Wan IP not Lan IP.
    Could you show me the screenshot of this case for checking. I think you need to hide part of IP information for security reason:)

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)