IDP activation

2»

All Replies

  • @kyssling, yes, I inactive all the RDP items and remaining item are all actived, then I perform TeamViewer over VPN.
  • kyssling
    kyssling Posts: 102  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited April 2022
    Very thanks for answer, if you use Remote Desktop Client (Windows) you can have checked RDP items on IDP ? (I think you have unchecked because you using TeamViewer ...)  ?
  • kyssling
    kyssling Posts: 102  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hello, I activate IDP into profile - I have all items activated, we use RDP only via VPN.
    But I have zero "Total Session Scanned" value - is that okay ?
    Thank you for answer !
     
  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @kyssling,
    May I see your security policy rule of the IDP profile? and also your test scenario. Or provide your configuration through private message and I will check on this for you.
    Thank you.

    James
  • Rix
    Rix Posts: 21  Freshman Member
    First Anniversary 10 Comments SurveyFeedback-2022-Nov Friend Collector
    edited November 2023

    Hello, I have ATP200 and creating a new rule does not have the profile option for IDP.
    Just App Patrol, Content Filter and SSL Inspection. The rules for IDP are updated to the latest,
    but I have never seen a hit, suspect because the profile is not available to be loaded.
    Not shown below is From: Wan

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Rix,

    IPS (IDP) has no profile. It is global setting with the button "Enable". You don't have to apply IPS (IDP) to security policy rule.

    You can use Allow List to add signatures to exclude incoming packets with signatures on the allow list from being intercepted and inspected. You can also use IP Exception to bypass IPS (IDP) based on the packet’s source or destination address.

  • PhilippeB
    PhilippeB Posts: 18  Freshman Member
    10 Comments Friend Collector

    The ATP and USG FLEX series have the possibility to have all the security services linked to one or more security policies. The Zyxel Online Web Help describes it in detail:

    After this is done, the IPS screen looks like this and IPS can be set to policy-based inspection:

    Now it's possible to link IPS to policies from WAN to LAN only:

    Unfortunately, this functionality is not currently planned for the new H series. It looks as if Zyxel has simply forgotten this function, which considerably simplifies the overview in compex scenarios.

  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    @PhilippeB As I stated here, this feature is supported on uOS currently. I already moved it to the ideation section for further evaluation.

Security Highlight