Firewall - Match default rule
Options
Hello. After solving the issue with UDP flooding, I see firewall logs:
Firewall - Match default rule, DROP - access block
See screenshot:
So, What does it mean? I use rules double times? I am happy, that these packages have been dropped, but it would be great if you explain to me whether it is good or not...
So, What does it mean? I use rules double times? I am happy, that these packages have been dropped, but it would be great if you explain to me whether it is good or not...
0
Accepted Solution
-
Hi @follet
Those logs were generated by the last security policy(default rule). Just as smb_corp_user mentioned that it means those IPs didn't hit your existing policies but hit the default rule then the firewall dropped it. The purpose of the default rule is to avoid suspicious IPs trying to access your device or network.
If you think those logs are too many and too often occur on the Monitor logs even impacting the readability of the Monitor log, you could choose don't appear default rule logs, as below:
Thanks.0
All Replies
-
As long as the source IP addresses are not allowed access to your network, you should edit the FW rule and select "Do Not Log" for these dropped packages. Dropped packages is usually traffic you do not allow (noise and random sniffing attacks), so all those entries are useless in your logs (unless you have more than enough time to read these logs).1
-
Hi @follet
Those logs were generated by the last security policy(default rule). Just as smb_corp_user mentioned that it means those IPs didn't hit your existing policies but hit the default rule then the firewall dropped it. The purpose of the default rule is to avoid suspicious IPs trying to access your device or network.
If you think those logs are too many and too often occur on the Monitor logs even impacting the readability of the Monitor log, you could choose don't appear default rule logs, as below:
Thanks.0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 915 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight