Comments
-
Perfect! Seems resolved and article makes sense.
-
SOLVED! Ok, the port number thing was throwing me off. I looked at a different port forwarding that is working and the random ports are in the logs there too. So, that was a red herring. The problem was I had To:LAN1 on an ATP500. I don't use many of these. I use a lot of the ATP100/200s. These have LAN1 predefined. On the…
-
I just setup a test from my IP going to port 444 in NAT and 443 to the FMP Server. I put https://WANipOFDest:444 in my webbrowser. When I look at the logs I see: Match default rule, DNAT packet, DROP Source:MyWanIP:64823 Dest:InternalIPofFMP:443 Access Block. Why are these requests coming in on random dynamic ports when…
-
Thanks Jeff, In my Policy Control, the first rule is this: From:WAN To:LAN1 IPv4Source:IPHostObject of internet source IPv4Destination:FMPServerLanIP Service:HTTPS Device:any User:any Schedule:None Action:allow Log:no Profile:nothing here. I think I have this correct? I'm still confused why the error message says the…
-
In our case we have the ATP100 behind an ATT Fiber modem/router. The ATP was using the ATT device for DNS. Changed this to an external DNS server (Level3) and it worked.
-
For my part, I haven’t been able to make sense of the vulnerability given what Zyxel is telling us. I have locked down WAN->Device allowing only IPs I specify to access. It hasn’t been too bad. I sent an email last week apologizing and directing users to a site that gives their wan ip and they email or text it to me and I…
-
Looks like hardcoded accounts in the devices. 2FA isn't going to help as we can't enable it for those users. There is the ability to lock it down by IP address, but that's a lot of IPs to Allow and they may change if the user reboots their cable modem.