IP Address Block (ranges) in Firewall rules

Falrath41
Falrath41 Posts: 4
First Anniversary Nebula Gratitude First Comment
edited April 2021 in Nebula
On the older USG60W/40W/20W-VPN security appliances, I was able to go to OBJECTS and create a block of IP Addresses. Then I could go to the FIREWALL and use the object I created to allow or deny access to those IP Addresses completely or on a schedule or use a different Content Filter Profile on them.

How do I create a Range of IP Addresses to DENY access for a set Schedule?

I know I can do it one by one, however, I would rather not have 150 rules to block 150 IP Addresses.

Comments

  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Falrath41,

    Welcome to Zyxel community!

    For IP range in the firewall rule, you may use CIDR and " , " to configure multiple IP addresses.
    You may also configure schedule profile for it.

    Hope it helps.
    Jason
  • Falrath41
    Falrath41 Posts: 4
    First Anniversary Nebula Gratitude First Comment
    Thank you. 

    I am using an NSG50. I setup the schedule profile, however I have 150 IP Addresses to put into this schedule. I am using a Long Range Outdoor Access Point which is not a Zyxel product, so I figured I would just setup the IP block in the DHCP from the NSG50 to deny access for the times outside the hours I want to block. So I can put 150 IP Addresses into 1 firewall rule?
  • Falrath41
    Falrath41 Posts: 4
    First Anniversary Nebula Gratitude First Comment
    Actually, I figured it out a different way of doing it.

    Instead of denying access to the block of IP addresses, I just deny access to the AP itself for the scheduled times. I still have to test if this will work, but it would be nice to be able to create objects again where it can be a range of IP addresses or a list of different IP addresses.
  • Zyxel_Jason
    Zyxel_Jason Posts: 394  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Falrath41,

    For using " - " to be source IP range in firewall rule, I will move this discussion to Idea section.
    Currently, as I mentioned, please use CIDR and " , " to create lesser firewall rule for 150 IP addresses.

    Thanks.
    Jason

Nebula Tips & Tricks