Order of processing Question (USG flex 500)
Freshman MemberHi,
From a course way back with the zywall 50 i thinking that Firewall happens first then the NAT.
Ie if your port translating 444 to 443 you firewall 444 because firewall processes first then nat.
Is this true and where does IDP come in ?
reason i ask :
I have a geo block on all Russian IP addresses, but when i look in IPS logs i see
"SSI:N [type:Sig(130014)] Remote Desktop Protocol brute force attempt"
from a Russian IP address.
I was not expecting to see this as i have a geo block on russia quite high up.
so does IPS happen before my geographic deny rule?
0
All Replies
-
Take a look on Maintenance -> Packet Flow Explore.Maybe the pictures in routing status and SNAT status could be what you're looking for.0
-
HI thankyou yes i see this but it does not mention IPS in the chain?
0 -
Hi @Emerald,
Please help to check if the IP is exactly from Russia in GeoIP database.
You can look up at "Object > Address/Geo IP > GeoIP".
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 164 Beta Program
- 1.7K Nebula
- 86 Nebula Ideas
- 62 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 50 Switch Ideas
- 907 WirelessLAN
- 27 WLAN Ideas
- 5.3K Consumer Product
- 172 Service & License
- 294 News and Release
- 65 Security Advisories
- 14 Education Center
- 911 FAQ
- 399 Nebula FAQ
- 249 Security FAQ
- 90 Switch FAQ
- 100 WirelessLAN FAQ
- 18 Consumer Product FAQ
- 55 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 51 Security Highlight
