Order of processing Question (USG flex 500)
Freshman Member
Hi,
From a course way back with the zywall 50 i thinking that Firewall happens first then the NAT.
Ie if your port translating 444 to 443 you firewall 444 because firewall processes first then nat.
Is this true and where does IDP come in ?
reason i ask :
I have a geo block on all Russian IP addresses, but when i look in IPS logs i see
"SSI:N [type:Sig(130014)] Remote Desktop Protocol brute force attempt"
from a Russian IP address.
I was not expecting to see this as i have a geo block on russia quite high up.
so does IPS happen before my geographic deny rule?
0
All Replies
-
Take a look on Maintenance -> Packet Flow Explore.Maybe the pictures in routing status and SNAT status could be what you're looking for.0
-
HI thankyou yes i see this but it does not mention IPS in the chain?
0 -
Hi @Emerald,
Please help to check if the IP is exactly from Russia in GeoIP database.
You can look up at "Object > Address/Geo IP > GeoIP".
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
