-
How to block a specific device using the Device Insight block list?
Scenario : The user may want to block a specific device, and this article will guide you on how to use the Device Insight block list to achieve this purpose. Answer : Navigate to Configuration > Object >Device Insight > Enable this feature. Navigate to Monitor > Network Status > Device Insight > Select the device that you…
-
How to Configure Scheduled Updates for the Geo-IP DB on USG Flex H models?
Question : How to Configure Scheduled Updates for the Geo-IP DB on USG Flex H models? Answer : Please navigate to the Web GUI path: Object > Address > GeoIP. To enable Auto Update and configure the day and time for scheduled updates of the GeoIP database, follow the instructions shown below:
-
How to update Geo-IP DB manually by Web-GUI on the USG Flex H models?
Question : How to update Geo-IP DB manually by Web-GUI on the USG Flex H models? Answer : Please navigate to the Web-GUI path : Object > Address > GeoIP> Click "Update Now" button to update the Geo-IP DB, as shown in below:
-
How to check historically suspicious IP addresses using the Country Map in Secureporter?
Question: The firewall may detect some security-related event logs, and users may want to check historically suspicious source IPs using the Country Map feature in Secureporter. This article will guide you on how to do that. Answer : Step 1: Please ensure the on-premise firewall is already connected to SecuReporter. Step…
-
How to check historically suspicious IP addresses using the Country Map in Secureporter?
Question: The Nebula firewall may detect some security-related events, and users may want to check historically suspicious source IPs using the Country Map feature in Secureporter. This article will guide you on how to do that. Answer : The Nebula user can select the SecuReporter icon to be redirected to the SecuReporter…
-
How can I check if SSL Inspection is working normally on the USG Flex H models?
Question : How can I check if SSL Inspection is working normally? Answer : Once SSL Inspection is set up successfully, whenever a client accesses the internet, the certificate will be replaced by the firewall's certificate. For instance, the user configures the SSL Inspection profile on the security policy of the USG Flex…
-
How can I check SSL Inspection traffic statistics via the GUIon USG Flex and ATP models?
Question : How can I check SSL Inspection traffic statistics via the GUI on USG Flex and ATP models? Answer : Please navigate Monitor > Security Statistics > SSL Inspection to check it.
-
How can I check SSL Inspection traffic statistics via the CLI on USG Flex and ATP models?
Question : How can I check SSL Inspection traffic statistics via the CLI on USG Flex and ATP models? Answer : Please issue the CLI command "show ssl-inspection statistics collect" to check it.
-
How do I find the MD5 hash value from the log message?
Scenario : The user may want to find the MD5 hash value for a specific file from the log message. How can they find this? Answer : The MD5 hash value is composed of 32 digits with letters and numbers. The user can easily find it in the log message. As shown in below :
-
How do I add the MD5 hash value to the allow list of the Anti-Malware?
Question : The user may need to add the MD5 hash value to the allow list of the Anti-Malware in specific situations such as false positive detection (as shown below). How to execute it? Answer : Please navigate to Security Service > Anti-Malware > Block/Allow List > To add an MD5 Hash value with 32 characters. The related…
-
Why can't I execute the FTP transmission successfully? How to avoid this?
Scenario : The customer may encounter a situation where they cannot execute the FTP transmission successfully. What are the possible causes and how can they avoid it? Answer : The possible reason is caused by "ICMP Unreachable", as shown in below : The user can issue CLI commands to disable icmp-destroy-session to avoid…
-
How can I troubleshoot if UTM feature not work as expected
Please verity the status of UTM activation using CLI: 1)Show the UTM service status Router(config)# show security-service status 2)if the activation is no which means the the feature won't work, Please perform following CLI to enable. Router(config)# security-service {UTM Name} activate For example: Router(config)#…
-
How to check the statistics of the App Patrol through the Web GUI and CLI?
Question : When users configure the App Patrol feature by applying it to firewall rules, they may want to monitor application statistics information. This article will guide users on how to check the statistics of the App Patrol through the Web GUI and CLI. Answer : Please navigate to the Web-GUI path: Monitor > Security…
-
[ATP/FLEX] How to check alert event on the Nebula when you got an alert mail from the SecuReporter?
Scenario : The user may get an alert mail from the SeCuReporter but doesn't know how to check the detailed event on the SecuReporter and Nebula, this article will guide you on how to check it. Answer : Please navigate the SecuReporter path History > Alert. Then find the corresponding alert log. Click on the alert to view…
-
[ATP/FLEX] How to use CDR to block the client who accesses malicious websites?
Scenario : The network administrator may want to block the client who accesses malicious websites. This article will use CDR(Collaborative detection & response) to achieve this goal. Answer : Please navigate to Site-wide > Configure > Collaborative detection & response and set the category Web Threats, Occurrence: 3,…
-
How do I use IPS to block the download of a file that includes the EICAR string?
Scenario : The Zyxel firewall supports detecting EICAR-related strings by IPS service, this article will guide you on how to deploy it. Answer : Please go to Security Services, enable the IPS feature, and make sure that the signature 'Eicar Test String' is activated Try to download a file containing an EICAR string via…
-
How to block a specific device by Device Insight?
Scenario : When an administrator wants to block a specific device due to its abnormal or violating behaviors in the network environment, how can this be achieved? Answer : If the administrator enabled the Device Insight feature on the firewall and can navigate to Monitor > Network Status > Device Insight > select the…
-
How to trigger " Security Check for Web Interface "function ?
Scenario : The USG Flex/ATP series firewall has a security mechanism that can let the user configure the Web-GUI / SSL VPN/ 2FA / IPsec VPN client provisioning pot from the Security Check for Web Interface page, how to trigger this page? Answer : This page serves as a security notification to advise the user to modify the…
-
Why is there a "Match default rule, DROP" message in the Monitor Log? What does it mean?
Background and Scenario: When we navigate through the Monitor Log, we might find the log message "Match default rule, DROP." How is this log message generated? Answer: The log message is generated by our default security policy. Its purpose is to drop unknown packets by our firewall in order to enhance your network…
-
How to Configure Content Filter with HTTPs Domain Filter?
The Content Filter with HTTPs Domain Filter allows you to block HTTPs websites by category service. The filtering feature is based on over 100 categories that is built in USG Flex H such as pornography, gambling, hacking, etc. When the user makes an HTTPS request, the information contains a Server Name Indication (SNI)…