UYWALL Performance Series - View Export & Easy Mode

ChrisGerChrisGer Member Posts: 195  Master Member
Hi Community,
perhapse it's only a bit confused display between easy & Expert mode ?

Easy Mode

In the "Easy" Mode, the UTM Services are displayed as "activated" and "off"

Expert Mode

Same Device in the Expert View show the correct status and "Content-Filter" is definitly active and running ;)

Is this only a incorrect interpreataion by me ?

Thx for assistence
Chrisitan


Comments

  • PeterUKPeterUK Member Posts: 646  Guru Member

    Personally I don't see why they did easy mode if people want easy go with a Home Router.

  • ChrisGerChrisGer Member Posts: 195  Master Member
    Hi @PeterUK
    i primarily use the expert mode to habdle the more than 150 rule sets / vlans and all other configuration-parameterm on the device ;)
    But after the FW 4.30 disaster i took a closer look at the device and discovered this "delta".
    perhapse it's only a change in the source for ZYXEL to fix the display and acting issue ;)
    A USG should always show the same, no matter in which mode you are. B)

    Regards
    Christian
  • Zyxel_EmilyZyxel_Emily Zyxel Official Agent Posts: 728  mod
    @ChristianG

    The status for security service "off" in Easy Mode means the service is not turned on with any of the security policy rules.

    As long as the security service such as Content Filter is enabled on any security policy rule, it shows "On" in Easy Mode.





  • ChrisGerChrisGer Member Posts: 195  Master Member
    "As long as the security service such as Content Filter is enabled on any security policy rule, it shows "On" in Easy Mode".

    In the expert mode i've configured and active Content-/App-Filter and IDP Profiles, that are running at dedicated Security Rule Sets. That's why it looks like a bit confused  ;)

    See my Content-Filter and Ref. No. to security rules and all are active

    Content-Filter is from the intranet to extranet ressources.

    Regards
    Christian
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 698  mod
    Hi @ChristianG,
    The easy mode UTM service on/off status is mapping to expert mode "LAN1_Outgoing" security rule.
    It seems you apply app-Filter and IDP profiles on other security rule, that's why the status is inconsistent.



  • ChrisGerChrisGer Member Posts: 195  Master Member
    now we are getting closer to the effect.
    The LAN1 on my USG has a device, on which rules / app and contenct filter are configured and in production.... but also configured on dedicated vLANs, that are assigned to the LAN2/DMZ zone. The Rule description "XXXY_Outgoing" as in the factory defauft is not existing.

    Suggestion
    If the services query does not go "only" to "LAN1_Outgoing", then the display should be correct in both modes?


    Regards
    Christian
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 698  mod
    Hi @ChristianG,
    It’s different, the expert mode dashboard “Secured Service Status” means the license status, Activated or Expired.

    At easy mode dashboard, the on/off status means no CF/IDP/AV apply on security rule "LAN1_Outgoing". It map to this rule only. 
     
    What if the license is expired, the easy mode dashboard status is Expired and Off(Grey out).

  • ChrisGerChrisGer Member Posts: 195  Master Member
    i agree with you in you last post. But, if one of the services are configured and in place in the expert mode, this should also displayed in the easy mode ;)
    So therefore can you check if the mapping to the Label  "LAN1_Outgoing" is the best way, or if you change the query to the default zone LAN1, LAN2, DMZ to have a correct view  :);)

    Regards
    Christian
  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 698  mod
    Hi @ChrisitanG,
    Thanks for the suggestion. :)
    As you may know, in easy mode, every configuration is created by wizard.
    The dashboard (easy mode) status sync is mainly targeted at mapping to an object created by easy mode wizard.
    At security service wizard, it apply on rule “LAN1_Outgoing”, that’s why the status sync mapping to this rule only.
Sign In to comment.