Default firewall rules
We own a USG20-VPN, firmware version v4.33_ABAQ.0, running as our gateway-firewall-vpn so the wan-nic is directly connected to the "Wild Internet", are the default firewall rules safe enough?
The default firewall ruleset should be reasonably secure out of the box accordingly to: https://www.zyxel.com/tr/tr/guidemo/zyw70/h_Fire_Default_Rule-router.html and accordingly to the list I see: last fw rule is: "from any to any deny and log" which should be "a catch-all" that acts as "WAN to LAN block and log packets". I think we could:
- add more logging, for monitoring;
- remove ipsec-vpn-rules since we don't use ipsec, they are present by default;
Do you suggest some additional setup?
Sign In to comment.