Why do I have to block incoming DNS from WAN
Options
I never had to make a rule for incoming DNS request from WAN_to_Zywall, because it is blocked by default. Now I have a Zywall 110 where I did have to make such a rule! If I check the policy Control rules there is nowhere another rule such as WAN_to_Zywall that allows DNS in anyway. The only rule that allows WAN_to_Zywall is my own Fixed IP addresses from office. Are there any hidden rules in Zywall where there still could be an opening?
0
Comments
-
Blocked by default here on my Zywall 110
0 -
Hi @Fender,
By default Zyxel device blocks DNS request that comes from WAN interface for security purposes.
If you want to allow DNS request to Zyxel firewall there are two options we can allow that;
1- Configuration > Security Policy > Policy Control
2- Configuration > Object > Service > Service Group > Default_Allow_WAN_To_ZyWALL
Best regards.0 -
Hi Zyxel_Can, thanks, I willl check it again.0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight