Allow list for Dos Prevention

Omnia
Omnia Posts: 57  Ally Member
First Comment Friend Collector Sixth Anniversary
in USG FLEX H Series

Hi,

we cannot find Ip allow list in Dos Prevention, is it possible to configura via CLI?

Thanks

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,085  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Omnia,

    No, it is not possible to cofigure via CLI. Would you like to provide the reason you want to set an allow list?

    Zyxel Melen


  • Omnia
    Omnia Posts: 57  Ally Member
    First Comment Friend Collector Sixth Anniversary

    Hi @Zyxel_Melen,

    because we have a false positive during a ftps file trasfer:

    image.png

    we have set sensibility in "low" but we continue to receive drop packet.

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,085  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited March 26

    Hi @Omnia,

    I apologize for the delayed response.

    Edit:

    Since USG FLEX H currently does not support "allow list for Dos Prevention", please help have some steps for us to investigate this issue:

    1. Change the (portscan) TCP Portscan Action to "none", and check if the drop issue still occurs.
    2. If not, please help to change the action back to "block" and collect the packet on the WAN interface when you are doing an FTP file transfer.

    With these actions, we can investigate why DoS Prevention misblocks the traffic.

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)