Utm services - where to apply on security policies

basq
basq Posts: 5  Freshman Member
First Comment Third Anniversary
edited April 2021 in Security
Good evening, I would like some help setting up security policies in my USG60 to make IDP, Antivirus and Antispam work properly. So far I was only able to configure the "Content Filter" by setting it in the "LAN1_Outgoing" rule.

Where should I put IDP, Antivirus and Antispam to protect my internal network from external threats? I have read the walkthrough configurations but without success, the guides say to always add them on LAN1_Outgoing and this is where they are now but I'm not sure they are working (I tried to block the Eicar test file but it always passed).

For Antispam rule I don't know if it's applicable to emails that enter my LAN because we use Office365 and maybe not using IMAP or POP3 protocols makes this filter useless.

I also have the secuextender but its reports are always empty, I don't know if it's because I misconfigured the UTM profiles or there's another reason but I ask you here if you have any ideas about it.

Thank you.

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @basq
    Regarding to this case,
    You can configure Lan to Wan or Any to Any to protect your internal network from external threats. However, for the Eicar blocking, Eicar website currently support TLS1.3, therefore, it will be operated successfully on firmware 4.60(with SSL Inspection Enabled).
    For the Spam filter for Office 365, you could check this similar thread
    https://businessforum.zyxel.com/discussion/3349/how-to-configure-an-email-security-policy-with-mail-scan-and-dnsbl-on-atp
    Lastly, I am not sure you described "secuextender but its reports are always empty" did the SSL VPN not work or?
    Charlie
  • basq
    basq Posts: 5  Freshman Member
    First Comment Third Anniversary
    Thank you Charlie for you answers,

    I think that I configured in a good way IDP and Antivirus but I can't test them due to TLS1.3 .. I followed the configuration walkthrough and did't know that TLS1.3 could be the problem here.

    Regarding the antispam filter I followed a guide similar to the one you posted (but for USG60) but the filter doesn't work, I tried the exact example to use a mail with a specific object ("sell") to see if it get tagged with [SPAM] but it does not. I thinked that this could be due to the fact that I don't use POP3 or IMAP to download mail but MS-Exchange instead.. and wanted to know if the antispam filter doesn't work with this proprietary protocol.

    Lastly I wrote Secuexteder in my first message but I wanted to write Secureporter, sorry for that.
    I mean that I receive every day a report from Secureporter but the second page is empty, it has only the title "Summary Report", a subtitle "#Schedule report generated by SecuReporter" and the rest of the page is empty. There's a way to add reports to this daily summary that I missed out?