ATP 800 screen freezes, while configuring application patrol policy
Kinshuk_Tech
Posts: 10
in Security
Hi there,
Recently we are undergoing implementation of ZyXEL firewall ATP800 along with multiple switches in an enterprise customer.
The ATP800 has Firmware version V5.20 (ABIQ.0), which was updated on 04 Jan 2022
Background: Customer has asked us to block all categories and its applications within application patrol. They will allow specific ones, at a later time.
Path: Click configuration ->Security settings -> App Patrol
Steps followed:
Thanks.
Recently we are undergoing implementation of ZyXEL firewall ATP800 along with multiple switches in an enterprise customer.
The ATP800 has Firmware version V5.20 (ABIQ.0), which was updated on 04 Jan 2022
Background: Customer has asked us to block all categories and its applications within application patrol. They will allow specific ones, at a later time.
Path: Click configuration ->Security settings -> App Patrol
Steps followed:
- Create a new policy "Block all" in App patrol
- Select specific category eg. Work (This has around 2500+ appl signatures)
- Click on "Add to the application" option below.
- After it is added, select all the signatures and select the action "Reject"
- In smaller categories, firewall does shown signs of fatigue. It works smoothly.
- But in large categories, the screen freezes and firewall hangs.
- Eventually after waiting for a long time, we have to get the firewall hard-booted by removing the power cable.
Thanks.
0
All Replies
-
Hi @Kinshuk_Tech
It looks device still configuring the setting in the background, because there are around 4,000 signatures required to apply to system, so WebUGI doesn't reply to you before configuration is ready. It means you need longer time for it.
In the usual, we suggest block known services one by one. If block all of applications, it may also block the application(service ports) which you would like to allowed in the future.
0 -
you are right. @zyxel_stanley
After searching all around zyxel.com, I found the CLI manual. Interestingly, there are limited commands around application patrol and exhaustive commands around content filtering.
Then, I spent high amount of time, to rework the customer requirement and finally got content filtering options enabled.
Surprisingly, customer has accepted our config, which used content filtering options.Zyxel_Stanley said:Hi @Kinshuk_Tech
It looks device still configuring the setting in the background, because there are around 4,000 signatures required to apply to system, so WebUGI doesn't reply to you before configuration is ready. It means you need longer time for it.
In the usual, we suggest block known services one by one. If block all of applications, it may also block the application(service ports) which you would like to allowed in the future.
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
