Anti-Malware and Sandbox configuration on USG200H
Freshman Member
Hi,
I'm trying to configure the anti-malware module and the sandbox module without success.
Both modules are enabled, but the statistics remain empty, and if I run a test with the eicar file, it passes through the firewall.
I don't have any data in the statistics, and I don't have any events in the logs.
Does anyone have any ideas on what I've probably done wrong?
Obviously the license for both modules is active and valid until 2026.
Here is the configuration which seems simple to me.
Accepted Solution
-
Hi @supportpc ,
Refer this forum post,
You need to import/deploy the certificate sign for Zyxel firewall into trusted root CA store of client.
Not the root CA of Windows CA.
0
Master Member
All Replies
-
May I know how you tested it? Did the download come from internet to a LAN host?
Or we can arrange private remote session to look into this?0 -
Hi @Zyxel_James ,
Here's my test protocol:
I have a rule with a basic Content Filter applied, allowing internet access from a PC on the internal network via the internal subnet 192.168
168.0/24, and I'm trying two things:- The first is to download the test files from the EICAR website ( https://www.eicar.org/download-anti-malware-testfile )
- The second is to download a .zip file from another site, such as Putty or Winscp website
In all cases, the file is successfully downloaded to the PC, even though in theory it should be captured and deleted directly by the firewall. Unless I've misunderstood the purpose of the two modules.
0 -
If downloads are done by SSL then it can't see it so in order for FLEX to see the traffic under SSL you need to setup SSL inspection and a Certificate installed on the PC
0 -
Hi @PeterUK,
Thanks for your reply.
Ok, I understand better, but then I have another problem.
I have a Windows SERVER 2022 domain with a server PKI 202, and I created a certificate for the ZYXEL with client and server authentication on certificate purposes and key usage digital signature and key Enciphement.
If I enable the ZYXEL's SSL inspection module with the previously generated certificate, I get a certificate errors on the visit sites. Even Google gives me a certificate error.
I imagine my problem comes from the generated certificate, which must be incomplete, or a configuration issue somewhere. The root CA is well known on the ZYXEL and on the client workstations.
Do you have a link or an example of generating a certificate from a Windows PKI server that is compatible with the SSL inspection module?0 -
Hi @supportpc ,
Refer this forum post,
You need to import/deploy the certificate sign for Zyxel firewall into trusted root CA store of client.
Not the root CA of Windows CA.
0 -
Hi @zyman2008
Thanks for your reply.
I understand better where the problem came from.
Indeed, now I see logs appearing.The problem is now resolved 👍️.
Thank you to everyone who responded for resolving the issue 😉.0
Zyxel Employee
Guru Member
Categories
- All Categories
- 429 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 350 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
