USG110 - Lack of understanding "ANY to WAN" vs. "ANY to ZyWall"
All Replies
-
Hi @USG_User
The “any” is meaning all of the zones except “ZyWALL” zone.
It will include: all of intra zones and WAN zone.
The ZyWALL zone is means firewall itself.
There are many build-in service: SSH/TELNET/FTP/HTTP/HTTPS/DNS…..etc.
You can allow or deny traffic those come from “Any” zone to access build-in service.
In your case, if you would like to deny DNS query from WAN side.
You can create this rule to block DNS query:
From: WAN. To: ZyWALL, Service: DNS, Action: Deny.
0 -
Hi Stan,Thanks for your reply. The obove mentioned rule is clear so far, but doesn't explain what I'm interested in. Further we don't maintain a "Deny strategy" where all is allowed until we define a Deny rule. With us, all is denied by a default rule until we allow traffic by a separate rule.When creating a rule "Any to WAN", does it includes "WAN to WAN", too? In our DNS example, does it mean that external DNS queries from Internet to our public IP will be redirected by USG back to the internet again? This would be the thinking, if you say "ANY" contains always also the WAN zone.When allowing DNS queries from all internal zones to the internet, I would like to use "Any to WAN" to save different single rules for all internal zones to WAN. But in that case "Any to WAN" should exclude "WAN to WAN" since "WAN" is already set as destination in "ANY to WAN", isn't it?0
-
Hi @USG_User
As your question: does it mean that external DNS queries from Internet to our public IP will be redirected by USG back to the internet again?
The answer is not. Because the public IP address of USG is belonging to USG itself.
So it is “ZyWALL” zone but not WAN zone.
0
Categories
- All Categories
- 392 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight