rookierunner  Freshman Member

I think it is more of a routing thing (mDNS or IGMP) than a firewall rule issue as I have tested with allowing all traffic between LAN1 and LAN2 and that didn’t help. I’ve done some packet captures and trying to decipher them with WireShark but I am not a network engineer so I don’t exactly know what I am looking for in…

Thanks, PeterUK. It does work when everything is on the same network, unfortunately, that is not the configuration I want. I am trying to configure it across two networks: (1) the phone and hub on LAN1and (2) the smart outlets on LAN2. LAN1 and LAN2 are separate networks on separate ports of the Zywall 110.

Both LAN1 and LAN2 have internet access but still doesn't work. I may not have explained what I am trying to do well enough. In order to control the outlets from the Apple Home app, they need to be added to an Apple hub, which in my case is the HomePod. From what I've read and researched, the outlets and HomePod do talk to…

@kyssling - the issue is that I lock down the outbound ports, not just the inbound ports. I am guessing that you allow all traffic outbound so that makes sense that you don’t have the issue. I allow only certain outbound traffic to limit potential data leak, unwanted tracking, etc.

Thanks, Emily. It is still a lot of manual configuration so I will have to decide how much effort I will put into managing the ports to IP addresses. It would be great if Zyxel would give their firewalls the ability to load preconfigured rule sets and also provide these preconfigured rule sets for major services like Zoom,…

Thanks @Zyxel_Stanley! That makes sense. I think I am going to update the name of the service to “Default_Allow_VPN_From_WAN_To_ZyWALL” to make it more clear about what that service allows. Also, if I only use the L2TP VPN, can I disable the default “SSL_VPN_to_Device” rule (#12 in your picture above) and the default…

@Zyxel_Jerry - can you explain why moving the policy to be the first rule will limit the attack surface? The policy still allows traffic from WAN to ZyWALL because the policy is to allow traffic, not deny.

@Zyxel_Stanley, Thanks for the response! I am assuming that the “unsafe” address group is a custom one that I would define and add specific IP addresses to as they show in my log, correct?

I understand that this limits the number of concurrent session. My question is why would I want to limit the number of sessions per host? If it is to limit applications that fork multiple session, is there an easy way to identify those applications that do this?

I am still unsure about the Security Threat functionality within the Content Filter area. Can you explain how this functionality works?

A few questions first... 1. What does the session limit do? My guess is something security related since it is located under the security control section. 2. Why is it enabled by default? 3. What do I lose by disabling it?

A couple of questions.... 1. what does SafeSearch do? 2. So the scan for Security Threat only occurs for the managed categories selected? If so, why would the default behavior not be to scan all pages for security threats?

I don't see any indication of pages being scanned. I am less interested in blocking a specific site than I am about scanning for Security Threats. Security policy enabled... My impression of the service is that it would scan web pages for security threats like malware, etc. without blocking specific sites. I would expect…

I figured that might be the answer. Thank you. Since most of the major email providers (Gmail, Hotmail, Yahoo, etc.) use TLS, this service is not helpful and something I will not subscribe too.