What is IKE and what has someone done in my USG40W ?

SecCon
SecCon Posts: 51  Ally Member
edited October 3 in Security
Since opening a NAT Port Forward I am keeping a close eye on logs lately and everything seems ok but for this entry I discovered a few minutes ago:




What does that mean and what has it done to my device?

There is nothing additional configured on the device, no VPN, no accounts, no vlan, or anything else

Answers

  • mMontana
    mMontana Posts: 420  Master Member
    IMVHO someone try to... connect via IPSec.
  • SecCon
    SecCon Posts: 51  Ally Member
    edited October 3
    ...and suceeded, or not?
    Most other entries in my log shows BLOCKED when conn is blocked. This does not.

    And here is another entry:


  • jasailafan
    jasailafan Posts: 139  Ally Member
    edited October 4
    It seems someone is trying to build vpn to your device. Try to add a new security policy rule to block the suspect source IP or Geo IP.
    New Rule
    From: WAN
    To: ZyWALL
    Source: suspect source IP or Geo IP
    Service: any
    Action: deny

    If you're using ipsec vpn, you can also edit the default WAN_to_Device rule and allow authorized IP in "Source".  
    Default WAN_to_ZyWALL rule
    From: WAN
    To: ZyWALL
    Source: authorized IP
    Service: Default_Allow_WAN_To_ZyWALL
    Action: allow
  • SecCon
    SecCon Posts: 51  Ally Member
    Well, that is the thing, I have no VPN configured, nothing whatsoever.

Security Highlight