SSL VPN vulnerability of June 24th, 2021
Options
All Replies
-
Denying WAN to Zywall source = All should stop any of the attacks right? no need to really change any ports? it looks like all services are tied to the WAN object by defaultChipConnJohn said:For my part, I haven’t been able to make sense of the vulnerability given what Zyxel is telling us. I have locked down WAN->Device allowing only IPs I specify to access. It hasn’t been too bad. I sent an email last week apologizing and directing users to a site that gives their wan ip and they email or text it to me and I add it to the device.
For the current models that support FQDN - I'm having my users create DDNS (lots of free ones out there), and they can manually update that FQDN if their ISP changes. Then on our end trust the FQDN. Optionally, if you pay for those DDNS services, add all of those FQDN as trust and you can update those when users change IPs, this way, won't have to keep adding more rules to the security policy.0
Freshman Member
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 533 USG FLEX H Series
- 334 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 294 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight
