UTM profile and policy direction

CB1
CB1 Posts: 3
First Comment
edited April 2021 in Security
@Zyxel_Charlie
after reading this answer i'm confused - does direction (from/to) in policies matters for applying UTM profiles? Let's say we setup IDP rule against RDP bruteforcing and applied it to policy from lan1 to wan, it will be triggered when:
  1. someone from lan tries to bruteforce remote RDP
  2. someone from wan attacks RDP server inside lan1
  3. or in both of above?

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @CB1,

    In your example if we create a security policy rule from LAN to WAN and assign an IDP rule to that, it will be triggered only for someone from LAN tries to bruteforce remote RDP (option a).

     

    Security policy rules depends on the initiator of a session.

    Thus, if you want better protection for your network you can consider creating rules for each possible directions.

     

    Example;

     

    From any to any (Excluding ZyWALL) assign IDP profile.

    Moreover, in addition to IDP, other UTM features are recommended in best practice to prevent web threats.

    1-    Anti-Malware

    2-    Email Security

    3-    Reputation Filter

    4-    Sandboxing

    Best regards.

Security Highlight