This video shows how to secure your firewall without update the firmware to version 4.60 patch 1
What should I do if I can’t upgrade the firmware in a short time?
If you are unable to immediately upgrade to the latest available firmware, please follow the following steps to minimize the risk. However, the best solution is still to upgrade to the latest available firmware.
- If it is not absolutely necessary to manage devices from the WAN side, please disable the FTP/TELNET/SSH/WWW/SNMPv3 service from WAN. These services are disabled by default, so you won’t have to do so unless you have enabled it in the past.
- If you still need to manage devices from the WAN side, please enable Policy Control and add rules to only allow access from trusted source IP addresses.
- We also recommend that users enable Policy Control on the LAN side and add rules to only allow trusted IP addresses for better protection. Remote Access to the ZyWALL (USG/UAG/VPN/ATP)
For AP controllers,
- If you don’t need to deliver automatic firmware upgrade for APs through FTP, please disable the FTP service on the controller. The AP controllers use the CAPWAP protocol as the default design to deliver such updates.
- If it is still necessary to enable FTP service, please enable the Service Control or Policy Control features for better protection.