Firewall logs - Default Rule
All Replies
-
PeterUK said:dmc_nyc if you set appllcation patrol to none does the rule work?@PeterUK I have disabled App Patrol on this rule and it did not help. The unwanted traffic is still making it through the Rule, ignoring the Source IP filter of 'All Approved WANs'.For clarity, we always set 1:1 NAT to each server as Any Source, Any Service to allow that traffic to flow to the Security Policies. At the Security Policy we would further refine the WAN IP Source and Service ports. This has always worked in the past, only recently with a new USGFlex200 v5.30 did I notice bleed-thru of unwanted traffic. The rule I noted above is very high in the priority list so it should be stopping unwanted traffic. There are only GEO IP DENY rules above it which are working.0
-
PeterUK,You have given me an answer to this problem. At this point the logs are littered with red log alertrejections. Excellent work!!It has been my understanding that firewall rules TO Zywall was to control access to the USG for configuration; gui interface etc. for specific ip addresses and services like https etc. While any (excluding Zywall) rules were for trapping traffic headed behind our USG1000.Is there any way you can describe the difference between Zywall and (any (excluding Zywall)?..pointing me to another post or document would be helpful as well.I am thanking you for this resolution,BretPS.With regard to the age of the USG 1000, these are solid firewalls. We haven't thought of upgrading until we added several fiber connections exceeding the 350mb max of the USG 1000.Best,Bret Stern0
-
Also Zyxel_James pointed you in the direction too
If you don't have a subnet of WAN IP's on LAN your only WAN IP is the Zywall to which you SNAT and NAT from/to your LAN as your WAN IP is on the USG all traffic from WAN goes to the Zywall until you NAT to a LAN IP then your going from WAN to LAN or any
0 -
dmc_nyc you should make your own post about your problem
try V5.30 WK20 Firmware release
ZLD V5.30 WK20 Firmware release — Zyxel Community
what happens if you set destination to any?
0 -
Was able to figure this out with Zxyel Support. In my Approved WAN IP Group I had an open ended SUBNET Object instead of a RANGE Object. Which meant any IP with the range of from the low (.47) to high (.255) was coming through. My fault for overlooking this.Once I switched it to a Static or Range, the Source IP filter 'All Approved WANs' was working as expected on all Rules.Hope this might help others who experienced a similar issue.0
-
PeterUK said:dmc_nyc if you set appllcation patrol to none does the rule work?@PeterUK I have disabled App Patrol on this rule and it did not help. The unwanted traffic is still making it through the Rule, ignoring the Source IP filter of 'All Approved WANs'.For clarity, we always set 1:1 NAT to each server as Any Source, Any Service to allow that traffic to flow to the Security Policies. At the Security Policy we would further refine the WAN IP Source and Service ports. This has always worked in the past, only recently with a new USGFlex200 v5.30 did I notice bleed-thru of unwanted traffic. The rule I noted above is very high in the priority list so it should be stopping unwanted traffic. There are only GEO IP DENY rules above it which are working.0
Guru Member
Ally Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
