Allow specific IP addresses

Yoofer

Hello, all.  Kind of a Zyxel noob here.  I have the Zywall USG 20.  Lan 1 is for my main home network, Lan 2 is for the business.  To maintain compliance with industry standards, I have created rules to block traffic between Lan 1 and Lan 2, all ports are stealthed, and all unsolicited incoming traffic is blocked by default.  I subscribe to an industry-mandated service that routinely scans my network for vulnerabilities and until now everything has been peachy.  However, the compliance rules have changed and I'm now required to "whitelist" certain IP addresses, and a stealthed network will result in failure of the scan and possible non-compliance.

1) The compliance company *says* I don't have to lower my security settings, but whitelisting groups of IP addresses seems inherently less safe.  Am I in error on this point?

2) Assuming I can't get a waiver to simply leave my settings as they are, how do I create the appropriate rule(s) to allow the compliance scan?  They've identified the address blocks, but beyond that they haven't specified (ports, services, etc.).

Thoughts, opinions, advice?  Thanks in advance for any help.

Yoofer

p.s. Since this is for the business side of things, I think any rule allowing traffic ought to be specific for Lan 2, but I'm open to suggestions on that point.

zyman2008

Security is comes from "Trust".
If you trust the source IP address to do anything from network. Then you list it into white list.
Of course, if you have concern to open all. Then talk to the auditor, what's is the must open and what's is not.