I have the USG210 firewall

Options
Billiam
Billiam Posts: 3
First Comment
edited April 2021 in Security
I have the USG210 firewall.  I also have software on my PC that is a firewall.  My software firewall is catching and blocking a lot of suspicious IP addresses.  Why isn't my USG210 blocking them first?

All Replies

  • PeterUK
    PeterUK Posts: 2,758  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Maybe its Multicast traffic on your LAN? 
  • Billiam
    Options
    No they're not IP addresses from my network.  They are IP's like 

    42.60.77.202
    99.84.159.7
    151.101.1.70
    13.226.59.215
    54.119.161.212

  • PeterUK
    PeterUK Posts: 2,758  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    source or destination?

      
  • Billiam
    Options
    those are the source IPs.
    The destination is IPs on my local network.  192.xxx.xxx.xxx
  • PeterUK
    PeterUK Posts: 2,758  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Is the UPnP enabled?

    Do you have any NAT rules?

    Do you have firewall rules from WAN to LAN ?

    Is the Default rule set to deny?

  • FrankLauer
    FrankLauer Posts: 48  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 2021
    Options
    Default behaviour of the USG is to deny more or less all incoming connections with the last security rule any to any, any protocoll = deny.

    But security rules must be activated and this default rule must be set to deny action.
    If you still have unwanted incoming traffic disable some 'allow' rules you may have. (Careful with rule to the Zywall device itself, otherwise you are locked out).
    Additionally there are a lot of log and traffic capture features in the Zywall which may help with such problems.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,074  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2021
    Options
    Hi @Billiam

    The IP reputation filter should be able to fulfill this scenario which is supported on ATP series. This feature can provide you real-time threat protection.

    On USG series, you can set a blocklist IP as an address object group. 
    And set security policy to block the specified source and destination IP from them.

Security Highlight