vpn50 sessions limit- suspicious connections
Hi,
I dont know zyxel routers too much, so please help me - is it normal behevior that after configuriing reporting on Zyxel VPN50 Device (latest fw 4.62) im geting a lot of messages like that below.
I know that I can change or disable that session limit (per device or per IP), but I'm worry that I cannot trace those IPs source (f.e.185.151.30.162) in Session Monitor.
Is there a way to get a more datailned log or realtime info about that connections?
And what is the best way to make a blacklist and put there suspicious IP addresses to block any connections from them?
I dont know zyxel routers too much, so please help me - is it normal behevior that after configuriing reporting on Zyxel VPN50 Device (latest fw 4.62) im geting a lot of messages like that below.
I know that I can change or disable that session limit (per device or per IP), but I'm worry that I cannot trace those IPs source (f.e.185.151.30.162) in Session Monitor.
Is there a way to get a more datailned log or realtime info about that connections?
And what is the best way to make a blacklist and put there suspicious IP addresses to block any connections from them?
No. Date/Time Source Destination
Priority Category Note
Message
1 2021-02-03 14:19:23
notice system
Sending event/alert log to mail server has succeeded.
2 2021-02-03 14:19:23 188.44.124.6 my_WAN_IP
warn sessions-limit ACCESS BLOCK
Maximum sessions per host (1000) was exceeded. [count=255]
3 2021-02-03 14:19:23 185.151.30.162 my_WAN_IP
warn sessions-limit ACCESS BLOCK
Maximum sessions per host (1000) was exceeded. [count=255] 0
All Replies
-
Maybe you can try this CLI to track device connection status.=)
Router> debug system show conntrack | match "185.151.30.162"
0 -
Hi @MStil(1). You can issue this command to trace real-time connection of IP “185.151.30.162”Router> debug system show conntrack | match "185.151.30.162"(2). If you would like to reject any traffic from a Block IP group.You can add Block IP Group and security policy.First, add block IP address objects and put them into a group.
Second, add a security policy.BTW, you may set log alert if those block IPs connect to your VPN50 alert log will be generated.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0
Ally Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.6K Security
- 240 USG FLEX H Series
- 268 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 247 Service & License
- 386 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 72 Security Highlight
