Improving security
Presumably the "security policy" items are the key items to take a look at?
Best Answers
-
Thank you - I will have a poke around.One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement0
-
Hi Dovetail_MD
The traffic allowed/blocked log entries are managed by policy control. So device needs additional policy control to monitor it.
As your example, if device has forwarded 25 port by NAT rule.The policy control should setup like this:
From: WAN, To: LAN, Source: Any, Destination: YOUR-SERVER, Service: SMTP, Action: Allowed, Log Matched Traffic: Log
5
All Replies
-
The default in a SNAT setup is to allow all from LAN1 to WAN so you can limit what goes out the USG by setting up rule from LAN1 to WAN to not need all from LAN1 to WAN.
You can setup a group like TCP and UDP and add ports in each to then select it for a firewall rule.
1 -
Hi @Dovetail_MD
You can setup policy control to check traffics been allowed or dropped.
In policy control, “log matched traffic” should selected as “log” or “log alert”
And you can go to monitor > Log make sure if traffic is passed or dropped.
1 -
Thank you - I will have a poke around.One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement0
-
Hi Dovetail_MD
The traffic allowed/blocked log entries are managed by policy control. So device needs additional policy control to monitor it.
As your example, if device has forwarded 25 port by NAT rule.The policy control should setup like this:
From: WAN, To: LAN, Source: Any, Destination: YOUR-SERVER, Service: SMTP, Action: Allowed, Log Matched Traffic: Log
5
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight