Zyxel USG FLEX H Series [Firewall] - Protection Key Features Overview

 

Self-Protection

The Self-Protection feature enhances the security of the USG FLEX H Series by addressing vulnerabilities associated with the IKE port (UDP 500). This port is commonly exploited by malicious users to perform denial of service (DoS) or other types of attacks. With version 1.20, the firewall includes mechanisms to reduce these risks by disabling the IKE port unless it is actively needed for VPN services.

IKE Port (UDP 500) Disabled by Default:

  • The firewall now disables UDP port 500 by default to prevent potential attacks. This port will remain closed unless a VPN service is actively enabled.

Dynamic Enabling of IKE Port:

  • If a VPN rule or VPN profile is created and active, the IKE service on UDP port 500 will be enabled. This ensures that the port is only open when necessary for VPN functionality.

IP Reputation for System Protection:

    • The firewall itself is now protected by the IP reputation service, in addition to protecting clients accessing the internet. This means any malicious traffic trying to use the firewall for unauthorized access will be blocked based on the IP reputation database.

External Block List

The External Block List (EBL) is a feature that allows the firewall to import a text file hosted on an external web server. This block list contains IP addresses or URLs that should be blocked by the firewall. This is useful for enhancing security by preventing access to known malicious sites or IP addresses.

  • Importing Block Lists: Block lists can be imported in various formats (e.g., CSV).

  • Applying Block Lists: Once imported, these lists can be applied to specific security policies to block access to malicious IP addresses or domains.

Configuration steps:

  • Navigate to: Security Policy > External Block List.

  • Import List: Upload the block list file.

  • Apply to Policies: Associate the block list with relevant security policies.

Session Control

Session control is a feature designed to manage the number of concurrent sessions a client can initiate through the firewall. This is particularly useful for preventing clients from consuming excessive session resources, which can impact the performance and availability of network services for other users.

Importance of Session Control

Firewalls have a finite number of sessions they can handle at any given time. When a single client or a few clients initiate too many sessions, it can lead to session exhaustion, affecting the ability of other clients to access network resources. Session control helps mitigate this by limiting the number of concurrent sessions each client can create.

  • Default Session Limit: The default is set to 2000 sessions per client.

  • Configuration:

    • Navigate to: Security Policy > Session Control.

    • Set Session Limit: Adjust the default limit as required.

    • Apply and Save: Save the configuration to enforce the new limit.

Monitoring and managing session limits help ensure network performance and availability. Administrators should regularly review session logs and adjust limits based on network usage patterns.

Practical Tips

  • Regular Monitoring: Regularly monitor security logs and adjust configurations to adapt to evolving threats.

  • Balance Security and Performance: Ensure that security measures do not overly restrict legitimate network usage.

  • User Education: Inform users about the importance of security measures and how they might impact network access.

For detailed instructions and additional information, refer to the Zyxel Community discussions on

Self-Protection

External Block List

Session Control.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share