Best Of
Re: Ssl inspection question
Hi @sk8erbender,
You can configure an exclusion list to exclude matching sessions to destination servers. This traffic is not intercepted and is passed through uninspected.
CONFIGURATION > UTM Profile > SSL Inspection > Exclude List
Here is another simple way to add exclude list. You can also go to Monitor > UTM Statistics > SSL Inspection > Certificate Cache List, select an item and then click Add to Exclude List to automatically add an entry for existing SSL traffic to a destination server.
The item will then appear on the Exclude List.
Re: Zyxel GS1900-24E. Ports / links periodically go to "down" mode
Thanks for the information.
Based on the status more like a link flapping, please help to verify if there is CRC error on port 9.
Steps:
1. Access GS1900-24E via webUI.
2. In this page, check if there is counter on "etherStatsCCAlignErrors". If yes, the issue is related o layer 1 (physical issue), try to change the network cable then observe if the issue resolved.
Monitor > Port > Port Counters
Thanks for supporting Zyxel!
Re: USG40 Basic Setup
Hi @Sam,
The blinking orange LED on P2-P5 on USG40/USG40W/USG20-VPN/USG20W-VPN means the device is sending/receiving packet on this port.
There is no LED description for USG40/USG40W/USG20-VPN/USG20W-VPN in the user guide.
We will revise the user guide and add LED description for small models.
Sorry for the confusion.Re: Only 4 tunnel interfaces possible
Hi @Line2,
The request is already moved to ideas section.
It is also in our feature queue for evaluation.
Re: IKEv2 IPSec VPN with DH14 and Windows 7/10 - HELP!
Hi @H0lyD1ver
I found the document from Microsoft according change DH group but it is not been tested yet.
You may follow this document and share us
your test result.
According your issue unable pass the traffic to VPN tunnel.
The reason may coming from the VPN default gateway not enabled.
Re: Does work "Same IP" in IDP custom signature?
The "same ip" means packet with the same source & destination ip address, which most using in DoS attack, not means same source ip / destination ip session.
If the RDP service is for employees use only.
Then, only open for remote VPN access is better than use NAT open for all.
Since leverage VPN as access control is simply reduce the attack surface.
Re: Features available in 2018
Currently the feature is planned to release in December.
Let's look forward to the new feature
Re: Anti-spam monitor show only 10 records
Hi @alexey,
The maximum number of statistics is 500 and the maximum number of ranking is 10.
Only top 10 spam records display in MONITOR > UTM Statistics > Anti-Spam > Summary > Statistics.
In the current design, there is no command to show these 500 spam records.
If you configure external log server on the USG to send logs to log server, all spam logs will be sent to the external log server. It depends on how the log server displays and manages the data of these spam logs.