USG Flex 200: Can i set a threshold limit on emails notificatons recieved from a Security Policy?
Freshman Member
Scenario:
We recently applied a security policy called "Blocked_IPs" on a client's USG Flex 200. The goal was to prevent certain LAN IP addresses from accessing both the local network and the internet if their activity appeared suspicious.
Earlier today, we added a mobile device to the block list after detecting signs of botnet activity. The policy is configured to "Log alert" for all matching traffic, which—based on my understanding—generates an alert for every single connection attempt.
As a result, with the nature of botnet activity, our email inbox was flooded with alerts, most of which were unnecessary and overwhelming.
Suggested Improvement (if not already available):
It would be very helpful if the firewall offered a threshold or rate-limiting feature for alert notifications. For example, a configurable option to send a summary report of matched activity every 5 minutes—rather than individual alerts—would significantly reduce noise while still keeping us informed of potential threats.
All Replies
-
Hi @Lucas_Wilson,
In the current log settings page, we have the log consolidation funtion that will aggregate multiple logs during a period, in seconds. Please navigate to Menu > Configuration > Log & Report > Log Settings > edit system log > Log Consolidation to change the period from 10 seconds to 300 seconds.
Hope this helps.
Zyxel Melen0
Zyxel Employee
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 118 Nebula Status and Incidents
- 6.1K Security
- 428 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 79 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 422 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
