Port 8080 in Default_Allow_WAN_To_ZyWALL

xkp68
xkp68 Posts: 26  Freshman Member
First Comment Second Anniversary
edited March 2022 in Security
Hi,
in the ATP 500 Zyxel configuration, among The service groups, in the Group "Default_Allow_WAN_To_ZyWALL" I can see it does include the service Wiz_2FA port 8080.
What is the usage of this service in the WAN to ZyWALL comunication?
I am asking this cause in the log of the firewall i can notice many Forward access from different countries to zyWall and I Wonder if this is something unsafe that could be blocked.

Thanks in advance for your answers
Regards
Filippo

Best Answers

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @xkp68
    The service port 8008 for two-factor-authentication portal page in default setting.

    If your VPN tunnel doesn't require for 2FA, you can remove the object from policy control rule.
    Or add the rule to allow the trusted incoming IP address by GeoIP object.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @xkp68
    The "client" I mentioned means Internet people accessing to your Device.
    Since your rule is:
    From: WAN, To: ZyWALL, Action: Allow.

    If there is other rule with higher priority with the same condition, then traffic will match first.

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @xkp68
    The service port 8008 for two-factor-authentication portal page in default setting.

    If your VPN tunnel doesn't require for 2FA, you can remove the object from policy control rule.
    Or add the rule to allow the trusted incoming IP address by GeoIP object.

  • xkp68
    xkp68 Posts: 26  Freshman Member
    First Comment Second Anniversary
    Thanks for your kind reply.
    So, as we are using 2FA, 
    (1)is it ok if I just modify the existing rule "WAN_to_Device" so that the field "IPV4 Source" will change from "any" to your "Geo-Germany" GeoIp Object (of course properly configured with my country).?

    Or
    (2) should i remove the 8080 from the "Default_Allow_WAN_To_ZyWALL" and then create a new rule only for 8080 from WAN to ZyWall  with the field "IPV4 Source" setted to your "Geo-Germany" GeoIp Object?
    Considering that no one manages the Device from outside the country or uses the VPN, and that I have noticed, in the log, many connections even to other ports of the Default_Allow_WAN_To_ZyWALL group, i wish i could use the first approach, but i am not sure if there are other side effects if i follow the (1) approach  instead of the (2).
    Any advice?
    By the way, if i want to apply the rule to a group of coutries, creating a geoip object for each country and then creating an address group for all the geoip objects to which i will apply the rule is the only way?
    Regards 


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @xkp68
    If all of your clients are come from the same country, you can keep current configuration and change object from "any" to "Geo-Germany".
    If clients are come from many countries, you can separate it as new rule.
  • xkp68
    xkp68 Posts: 26  Freshman Member
    First Comment Second Anniversary
    Hi again,
    when u use the word "client" do u mean only VPN client or any people accessing services behind the firewall?
    Thanks again
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,379  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @xkp68
    The "client" I mentioned means Internet people accessing to your Device.
    Since your rule is:
    From: WAN, To: ZyWALL, Action: Allow.

    If there is other rule with higher priority with the same condition, then traffic will match first.

Security Highlight