Secure your firewall without firmware update to version 4.60 patch 1

This video shows how to secure your firewall without update the firmware to version 4.60 patch 1

What should I do if I can’t upgrade the firmware in a short time?

If you are unable to immediately upgrade to the latest available firmware, please follow the following steps to minimize the risk. However, the best solution is still to upgrade to the latest available firmware.

For firewalls, 

  1. If it is not absolutely necessary to manage devices from the WAN side, please disable the FTP/TELNET/SSH/WWW/SNMPv3 service from WAN. These services are disabled by default, so you won’t have to do so unless you have enabled it in the past.
  2. If you still need to manage devices from the WAN side, please enable Policy Control and add rules to only allow access from trusted source IP addresses.
  3. We also recommend that users enable Policy Control on the LAN side and add rules to only allow trusted IP addresses for better protection. Remote Access to the ZyWALL (USG/UAG/VPN/ATP)

For AP controllers,

  1. If you don’t need to deliver automatic firmware upgrade for APs through FTP, please disable the FTP service on the controller. The AP controllers use the CAPWAP protocol as the default design to deliver such updates.
  2. If it is still necessary to enable FTP service, please enable the Service Control or Policy Control features for better protection.

Articles in this section

Was this article helpful?
0 out of 1 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.