Why I cannot add Virtual Ethernet Interface to a Zone

nbfund
nbfund Posts: 1
edited April 2021 in Security
Hello there.
ZYWALL 1100.
I have a zone WAN in which I have included an interface with MTS name. Then, I have created a virtual ethernet interface under MTS:1 name.
When I go to Configuration->Object->Zone screen, I cannot add the virtual interface to the WAN zone.
It could be OK. 
But when I set up From to WAN in Policy Control, firewall drops packets coming to the virtual interface address.
That's strange.
Isn't it a bug? Or I did something wrong?
Thanks.

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @nbfund
    Can you send me your config file via private message so that I can have more picture about what kind of policy control you had set?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @nbfund

    Welcome to Zyxel community :)

    All of the virtual interface will be the same zone as physical ether interface.

    As your interface setting, MTS is belonging to WAN zone, then MTS:1 will be WAN zone.

     

    According your traffic is blocked by firewall rule issue.

    It is because you are configured wrong zone in the rule.

    All of the interface IP address has configured on ZyWALL, then these IP addresses will belonging to “ZyWALL” zone.

    So if you would like to access to your device by interface IP, then you should add the rule like:

    From: any, To: ZyWALL, Source: any, Destination: InterfaceIP, Action: Allow.

Security Highlight