Allow specific IP addresses

Yoofer Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
Hello, all.  Kind of a Zyxel noob here.  I have the Zywall USG 20.  Lan 1 is for my main home network, Lan 2 is for the business.  To maintain compliance with industry standards, I have created rules to block traffic between Lan 1 and Lan 2, all ports are stealthed, and all unsolicited incoming traffic is blocked by default.  I subscribe to an industry-mandated service that routinely scans my network for vulnerabilities and until now everything has been peachy.  However, the compliance rules have changed and I'm now required to "whitelist" certain IP addresses, and a stealthed network will result in failure of the scan and possible non-compliance.

1) The compliance company *says* I don't have to lower my security settings, but whitelisting groups of IP addresses seems inherently less safe.  Am I in error on this point?

2) Assuming I can't get a waiver to simply leave my settings as they are, how do I create the appropriate rule(s) to allow the compliance scan?  They've identified the address blocks, but beyond that they haven't specified (ports, services, etc.).

Thoughts, opinions, advice?  Thanks in advance for any help.


  • Yoofer
    Yoofer Posts: 2  Freshman Member
    First Comment
    p.s. Since this is for the business side of things, I think any rule allowing traffic ought to be specific for Lan 2, but I'm open to suggestions on that point.
  • zyman2008
    zyman2008 Posts: 199  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Security is comes from "Trust".
    If you trust the source IP address to do anything from network. Then you list it into white list.
    Of course, if you have concern to open all. Then talk to the auditor, what's is the must open and what's is not. 

Security Highlight