I have the USG210 firewall

Billiam

I have the USG210 firewall.  I also have software on my PC that is a firewall.  My software firewall is catching and blocking a lot of suspicious IP addresses.  Why isn't my USG210 blocking them first?

PeterUK

Maybe its Multicast traffic on your LAN? 

Billiam

No they're not IP addresses from my network.  They are IP's like 

42.60.77.202
99.84.159.7
151.101.1.70
13.226.59.215
54.119.161.212

PeterUK

source or destination?

  

Billiam

those are the source IPs.
The destination is IPs on my local network.  192.xxx.xxx.xxx

PeterUK

Is the UPnP enabled?

Do you have any NAT rules?

Do you have firewall rules from WAN to LAN ?

Is the Default rule set to deny?

FrankLauer

Default behaviour of the USG is to deny more or less all incoming connections with the last security rule any to any, any protocoll = deny.

But security rules must be activated and this default rule must be set to deny action.

If you still have unwanted incoming traffic disable some 'allow' rules you may have. (Careful with rule to the Zywall device itself, otherwise you are locked out).

Additionally there are a lot of log and traffic capture features in the Zywall which may help with such problems.

Zyxel_Jeff

Hi @Billiam

The IP reputation filter should be able to fulfill this scenario which is supported on ATP series. This feature can provide you real-time threat protection.

https://www.zyxel.com/news/Zyxel-introduces-IP-Reputation-Filter-for-robust-real-time-network-security-20190826-782359.shtml

On USG series, you can set a blocklist IP as an address object group. 

And set security policy to block the specified source and destination IP from them.