IP Blocking

Enable

Select this option to turn on IP blocking on the Zyxel Device. Otherwise, clear it.

Action

Set what action the Zyxel Device takes when packets come from an IPv4 address with bad reputation.

forward: Select this action to have the Zyxel Device allow the packet to go through.

block: Select this action to have the Zyxel Device deny the packets and send a TCP RST to both the sender and receiver when a packet comes from an IPv4 address with bad reputation.

Threat Level Threshold

Select the threshold threat level to which the Zyxel Device will take action (high, medium and above, Low and above).

The threat level is determined by the IP reputation engine. It grades IPv4 addresses.

Log

These are the log options:

no: Do not create a log when the packet comes from an IPv4 address with bad reputation.

log: Create a log on the Zyxel Device when the packet comes from an IPv4 address with bad reputation.

log alert: An alert is an emailed log for more serious events that may need more immediate attention. Select this option to have the Zyxel Device send an alert when the packet comes from an IPv4 address with bad reputation.

Types of Cyber Threats Coming From The Internet

Select the categories of packets that come from the Internet and are known to pose a security threat to users or their computers. Otherwise, deselect it.

These are sites and proxies that act as an intermediary for surfing to other websites in an anonymous fashion, whether to circumvent Web filtering or for other reasons.

These are sites that issue Denial of Service (DoS) attacks, such as DoS, DDoS, SYN flood, and anomalous traffic detection.

DoS attacks can flood your Internet connection with invalid packets and connection requests, using so much bandwidth and so many resources that Internet access becomes unavailable. The goal of DoS attacks is not to steal information, but to disable a device or network on the Internet.

A Distributed Denial of Service (DDoS) attack is one in which multiple compromised systems attack a single target, thereby causing denial of service for users of the targeted system.

SYN flood is an attack that attackers flood SYN packets to a server in TCP handshakes, and not respond with ACK packets on purpose. This keeps the server waiting for attackers’ responses to establish TCP connections, and make the server unavailable.

Anomalous traffic detection could be malicious activities, such as malware outbreaks or hacking attempts.

These are sites that distribute exploits or exploit kits to infect website visitors’ devices. Exploits include shellcode, root kits, worms, or viruses that download additional malware to infect devices. An exploit kit consists of different exploits.

These are sites that have bad reputation and associate with suspicious activities, such as spam, virus, and/or phishing.

These are sites that run unauthorized system vulnerabilities scan to look for vulnerabilities in website visitors’ devices.

These are sites that have been promoted through spam techniques.

These are sites that act as the exit nodes in a Tor (The Onion Router) network.

Tor is a service that keep users anonymous in the Internet and make users’ Internet activities untraceable. Tor hides user’s real IP addresses by encrypting data and transmitting the encrypted data in a chain of selected nodes acting as intermediaries. Each node can only decrypt the data sent from the node before it. The first node that receives the encrypted data is called the entry node. The last node is the last intermediary that the encrypted data will go through before it arrives at the destination.

These are sites that launch web attacks, such as SQL injection, cross site scripting, iframe injection, and brute force attack.

SQL injection (SQLI) is an attack that attackers insert malicious SQL (Structured Query Language) code into a web application database query. Attackers can then access, add, modify, or delete data in users’ databases.

Cross site scripting (XSS) is an attack that attackers injects malicious scripts to websites or web applications in the form of HTML or JavaScript code. The scripts execute when users visit the infected web page or perform the infected web applications. XSS will cause failures to encrypt traffic, cookie stealing, identity impersonation, and phishing.

Iframe injection is an attack that attackers injects malicious iframe (inline frame) tags to websites. The malicious iframe tag downloads malware to the devices of the infected websites’ visitors, and steal users’ sensitive information. An iframe tag is an HTML tag that is used to embed contents from another source in a website, but attackers misuse this feature.

Brute force attack is an attack that attackers attempt to gain access to websites or device via a succession of different passwords.

These are sites that are used for deceptive or fraudulent purposes (e.g. phishing), such as stealing financial or other user account information. These sites are most often designed to appear as legitimate sites in order to mislead users into entering their credentials.

Types of Cyber Threats Coming From The Internet And Local Networks

Select the categories of packets that come from the Internet and local network. The categories of packets are known to pose a security threat to users or their computers. Otherwise, clear it.

A botnet is a network consisting of computers that are infected with malware and remotely controlled. The infected computers will contact and wait for instructions from a command and control (C&C) server. An attacker can control the botnet by setting up a C&C server and then sending commands to the infected computers. Alternatively, a peer-to-peer network approach is used. The infected computer scans and communicates with the peer devices in the same botnet to share commands or malware sent by the C&C server. These are botnet sites including command-and-control (C&C) servers.

Test IP Threat Category

Enter an IPv4 address of a website, and click the Query button to check if the website associates with suspicious activities that could pose a security threat to users or their computers.

Signature Information

The Zyxel Device comes with signatures for IP reputation. These signatures are continually updated as new malware evolves. New signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the IP reputation signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for IP reputation service in order to be able to download new signatures from myZyxel (see the Registration screens).

The following fields display information on the current signature set that the Zyxel Device is using.

Current Version

This field displays the signature set version number currently used by the Zyxel Device. This number gets larger as new signatures are added.

Signature Number

This field displays the number of signatures in this set.

Released Date

This field displays the date and time the set was released.

Update Signatures

Click this to go to the Configuration > Licensing > Signature Update screen to check for new signatures at myZyxel. You can schedule or immediately download signatures.

Apply

Click Apply to save your changes.

Reset

Click Reset to return the screen to its last-saved settings.

White List

Check White List

Select this check box and the Zyxel Device will allow the incoming packets that come from the listed IPv4 addresses.

Add

Click this to create a new entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

Activate

To turn on an entry, select it and click Activate.

Inactivate

To turn off an entry, select it and click Inactivate.

#

This is the entry’s index number in the list.

Status

The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.

IPv4 Address

This field displays the IPv4 address of this entry.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

Black List

Check Black List

Select this check box and the Zyxel Device will block the incoming packets that come from the listed IPv4 addresses.

Add

Click this to create a new entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

Activate

To turn on an entry, select it and click Activate.

Inactivate

To turn off an entry, select it and click Inactivate.

#

This is the entry’s index number in the list.

Status

The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.

IPv4 Address

This field displays the IPv4 address of this entry.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

URL Blocking For External DB

Enable URL Blocking For External DB

Select this check box to have the Zyxel Device block the incoming packets that come from the listed addresses in the black list file on the server.

Add

Click this to create a new entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

#

This is the entry’s index number in the list.

Name

This displays the identifying name for the black list file. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.

Source

This displays the file name, path and IP address of the server containing the black list file.

For example, http://172.16.107.20/blacklist-files/myip-ebl.txt

Description

This displays the a description of the black list file. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.

 

New IP reputation signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the IP reputation signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for IP reputation service in order to be able to download new signatures from myZyxel (see the Registration screens).

Schedule signature updates for a day and time when your network is least busy to minimize disruption to your network.

Update Now

Click this to have the Zyxel Device immediately check for new signatures at myZyxel. If new signatures are found, they are then downloaded to the Zyxel Device.

Auto Update

Click this to have the Zyxel Device automatically check for new signatures regularly at the time and day specified. You should select a time when your network is not busy for minimal interruption.

Select this to have the Zyxel Device check for new signatures every day at the specified time. The time format is the 24 hour clock, so ‘23’ means 11 PM for example.

Select this option to have the Zyxel Device check for new signatures once a week on the day and at the time specified.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

Name

Enter an identifying name for the black list file. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.

Source

Enter the exact file name, path and IP address of the server containing the black list file.

For example, http://172.16.107.20/blacklist-files/myip-ebl.txt

The server must be reachable from the Zyxel Device.

Description

Enter a description of the black list file. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.

OK

Click OK to save your changes back to the Zyxel Device.

Cancel

Click Cancel to exit this screen without saving.

DNS Filter

Enable

Select this option to turn on DNS filtering on the Zyxel Device. Otherwise, clear it. Action and Log settings apply to DNS query packets triggered by the security threat categories.

Set what action the Zyxel Device takes when there is a DNS query packet containing an FQDN with a bad reputation.

redirect: Select this action to have the Zyxel Device reply with a DNS reply packet containing a default or custom-defined IP address.

pass: Select this action to have the Zyxel Device allow the DNS query packet and not reply with a DNS reply packet containing a default or custom-defined IP address.

These are the log options:

no: Do not create a log when there is a DNS query packet containing an FQDN with a bad reputation.

log: Create a log on the Zyxel Device when there is a DNS query packet containing an FQDN with a bad reputation.

log alert: An alert is an emailed log for more serious events that may need more immediate attention. Select this to have the Zyxel Device send an alert when there is a DNS query packet containing an FQDN with a bad reputation.

Select this action to have the Zyxel Device reply with a DNS reply packet containing a default or custom-defined IP address when a DNS query packet contains an FQDN with a bad reputation. The default IP is the dnsft.cloud.zyxel.com IP address. If you select custom-defined IP, then enter a valid IPv4 address in the text box.

Set what action the Zyxel Device takes when there is an abnormal DNS query packet. A DNS packet is defined as malformed when:

pass: Select this action to have the Zyxel Device allow the DNS query packet through the Zyxel Device.

drop: Select this action to have the Zyxel Device discard the abnormal DNS query packet

Security Threat Categories

Select the categories of FQDNs that may pose a security threat to network devices behind the Zyxel Device.

Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous fashion, whether to circumvent Web filtering or for other reasons.

Sites that contain browser exploits. A browser exploit is any content that forces a web browser to perform operations that you do not explicitly intend.

Sites that have been identified as containing malicious downloads or malware harmful to a user's computer.

Sites that install unwanted software on a user's computer with the intent to enable third-party monitoring or make system changes without the user's consent.

Sites that are used for deceptive or fraudulent purposes, such as stealing financial or other user account information. These sites are most often designed to appear as legitimate sites in order to mislead users into entering their credentials.

Sites that have been promoted through spam techniques.

Sites that contain spyware, adware or keyloggers.

Test Domain Name Category

Enter an FQDN and click the Query button to check if the domain name is associated with suspicious activities that could pose a security threat to users or their computers.

Signature Information

The signatures for DNS Filter and URL Threat Filter are the same. These signatures are continually updated as new malware evolves. New signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the IP reputation signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for IP reputation service in order to be able to download new signatures from myZyxel (see the Registration screens).

The following fields display information on the current signature set that the Zyxel Device is using.

This field displays the signature set version number currently used by the Zyxel Device. This number gets larger as new signatures are added.

This field displays the number of signatures in this set.

This field displays the date and time the set was released.

Click this to go to the Configuration > Licensing > Signature Update screen to check for new signatures at myZyxel. You can schedule or immediately download signatures.

Apply

Click Apply to save your changes.

Reset

Click Reset to return the screen to its last-saved settings.

White List

Enable White List

Select this check box and the Zyxel Device will not reply with a DNS reply packet containing a default or custom-defined IP address when a DNS query packet contains an FQDN in the white list.

Add

Click this to create a new entry. To add an FQDN, type a Fully-Qualified Domain Name (FQDN) of a web site. An FQDN starts with a host name and continues all the way up to the top-level domain name. For example, www.zyxel.com.tw is a fully qualified domain name, where “www” is the host, “zyxel” is the third-level domain, “com” is the second-level domain, and “tw” is the top level domain. Underscores are not allowed. Use "*." as a prefix in the FQDN for a wildcard domain name (for example, *.example.com).

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

Activate

To turn on an entry, select it and click Activate.

Inactivate

To turn off an entry, select it and click Inactivate.

#

This is the entry’s index number in the list.

Status

The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.

FQDN

This field displays the FQDN of this entry.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

Black List

Enable Black List

Select this check box and the Zyxel Device will reply with a DNS reply packet containing a default or custom-defined IP address when a DNS query packet contains an FQDN in the black list.

Add

Click this to create a new entry. To add an FQDN, type a Fully-Qualified Domain Name (FQDN) of a web site. An FQDN starts with a host name and continues all the way up to the top-level domain name. For example, www.zyxel.com.tw is a fully qualified domain name, where “www” is the host, “zyxel” is the third-level domain, “com” is the second-level domain, and “tw” is the top level domain. Underscores are not allowed. Use "*." as a prefix in the FQDN for a wildcard domain name (for example, *.example.com).

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

Activate

To turn on an entry, select it and click Activate.

Inactivate

To turn off an entry, select it and click Inactivate.

#

This is the entry’s index number in the list.

Status

The activate (light bulb) icon is lit when the entry is active and dimmed when the entry is inactive.

FQDN

This field displays the FQDN of this entry.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

Add

Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry.

Edit

Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.

Remove

Select an entry and click Remove to delete the selected entry.

#

This field is a sequential value showing the number of the profile. The profile order is not important.

Name

This displays the name of the profile created.

Description

This displays the description of the profile.

Configuration

 

Type the name of the profile. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. These are valid, unique profile names:

These are invalid profile names:

Description

Type a description for the profile rule to help identify the purpose of rule. You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. This field is optional.

Set what action the Zyxel Device takes when there is a DNS query packet containing an FQDN with a bad reputation.

redirect: Select this action to have the Zyxel Device reply with a DNS reply packet containing a default or custom-defined IP address when a DNS query packet contains an FQDN with a bad reputation.

pass: Select this action to have the Zyxel Device not reply with a DNS reply packet containing a default or custom-defined IP address.

These are the log options:

no: Do not create a log when there is a DNS query packet containing an FQDN with a bad reputation.

log: Create a log on the Zyxel Device when there is a DNS query packet containing an FQDN with a bad reputation.

log alert: An alert is an emailed log for more serious events that may need more immediate attention. Select this to have the Zyxel Device send an alert when there is a DNS query packet containing an FQDN with a bad reputation.

Scan Options

 

Select this check box to have the Zyxel Device not perform the DNS filter check on DNS query packets that match the white list entries.

Select this check box to have the Zyxel Device perform the DNS filter check on DNS query packets that match the black list entries.

Check Black List

Select this check box to log and delete files with names that match the black list patterns.

Security Threat Categories

Select the categories of FQDNs that may pose a security threat to network devices behind the Zyxel Device.

Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous fashion, whether to circumvent Web filtering or for other reasons.

Sites that contain browser exploits. A browser exploit is any content that forces a web browser to perform operations that you do not explicitly intend.

Sites that have been identified as containing malicious downloads or malware harmful to a user's computer.

Sites that install unwanted software on a user's computer with the intent to enable third-party monitoring or make system changes without the user's consent.

Sites that are used for deceptive or fraudulent purposes, such as stealing financial or other user account information. These sites are most often designed to appear as legitimate sites in order to mislead users into entering their credentials.

Sites that have been promoted through spam techniques.

Sites that contain spyware, adware or keyloggers.

OK

Click OK to save your changes back to the Zyxel Device.

Cancel

Click Cancel to exit this screen without saving.

DNS Filter

Enable

Select this option to turn on DNS filtering on the Zyxel Device. Otherwise, clear it. Action and Log settings apply to DNS query packets triggered by the security threat categories.

Inspect all traffic, setting:

Select this to have all traffic inspected by the default_profile. You cannot rename or delete the default_profile profile, but you can edit it by clicking the link here.

Inspect by policy

If you configured a specific profile in the Profile tab for this service, select this to have specific traffic inspected by that profile. You must bind the profile to a policy in Security Policy > Policy Control.

Select this action to have the Zyxel Device reply with a DNS reply packet containing a default or custom-defined IP address when a DNS query packet contains an FQDN with a bad reputation. The default IP is the dnsft.cloud.zyxel.com IP address. If you select custom-defined IP, then enter a valid IPv4 address in the text box.

Set what action the Zyxel Device takes when there is an abnormal DNS query packet. A DNS packet is defined as malformed when:

pass: Select this action to have the Zyxel Device allow the DNS query packet through the Zyxel Device.

drop: Select this action to have the Zyxel Device discard the abnormal DNS query packet

Test Domain Name Category

Enter an FQDN and click the Query button to check if the domain name is associated with suspicious activities that could pose a security threat to users or their computers.

Signature Information

The signatures for DNS Filter and URL Threat Filter are the same. These signatures are continually updated as new malware evolves. New signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the IP reputation signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for IP reputation service in order to be able to download new signatures from myZyxel (see the Registration screens).

The following fields display information on the current signature set that the Zyxel Device is using.

This field displays the signature set version number currently used by the Zyxel Device. This number gets larger as new signatures are added.

This field displays the number of signatures in this set.

This field displays the date and time the set was released.

Click this to go to the Configuration > Licensing > Signature Update screen to check for new signatures at myZyxel. You can schedule or immediately download signatures.

Apply

Click Apply to save your changes.

Reset

Click Reset to return the screen to its last-saved settings.

URL Blocking

Enable

Select this option to turn on URL blocking on the Zyxel Device.

Action

Set what action the Zyxel Device takes when it detects a connection attempt to or from the web pages of the specified categories.

block: Select this action to have the Zyxel Device block access to the web pages that match the categories that you select above.

warn: Select this action to have the Zyxel Device display a warning message to the access requesters for the web pages before allowing users to access web pages that match the categories that you select above.

pass: Select this action to have the Zyxel Device allow access to the web pages that match the categories that you select above.

Log

These are the log options:

Message to display when a site is blocked

Denied Access Message

Enter a message to be displayed when the URL Threat filter blocks access to a web page. Use up to 127 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%,”). For example, “Access to this web page is not allowed. Please contact the network administrator”.

It is also possible to leave this field blank if you have a URL specified in the Redirect URL field. In this case if the URL Threat filter blocks access to a web page, the Zyxel Device just opens the web page you specified without showing a denied access message.

Redirect URL

Enter the URL of the web page to which you want to send users when their web access is blocked by the URL Threat filter. The web page you specify here opens in a new frame below the denied access message.

Use “http://” or “https://” followed by up to 262 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%). For example, http://192.168.1.17/blocked access.

Security Threat Categories

Select the categories of web pages that may pose a security threat to network devices behind the Zyxel Device.

Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous fashion, whether to circumvent Web filtering or for other reasons.

Sites that contain browser exploits. A browser exploit is any content that forces a web browser to perform operations that you do not explicitly intend.

Sites that have been identified as containing malicious downloads or malware harmful to a user's computer.

Sites that install unwanted software on a user's computer with the intent to enable third-party monitoring or make system changes without the user's consent.

Sites that are used for deceptive or fraudulent purposes, such as stealing financial or other user account information. These sites are most often designed to appear as legitimate sites in order to mislead users into entering their credentials.

Sites that have been promoted through spam techniques.

Sites that contain spyware, adware or keyloggers.

Test URL Threat Category

 

Enter a URL using http://domain or https://domain and click the Query button to check if the domain belongs to a URL threat category.

Signature Information

The signatures for DNS Filter and URL Threat Filter are the same. These signatures are continually updated as new malware evolves. New signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the URL Threat filter signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for URL Threat filter service in order to be able to download new signatures from myZyxel (see the Registration screens).

The following fields display information on the current signature set that the Zyxel Device is using.

Current Version

This field displays the signature set version number currently used by the Zyxel Device. This number gets larger as new signatures are added.

Signature Number

This field displays the number of signatures in this set.

Released Date

This field displays the date and time the set was released.

Update Signatures

Click this to go to the Configuration > Licensing > Signature Update screen to check for new signatures at myZyxel. You can schedule or immediately download signatures.

Apply

Click Apply to save your changes.

Reset

Click Reset to return the screen to its last-saved settings.

White List

Add

Click this to create a new entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

#

This is the entry’s index number in the list.

White List

This field displays the URL of this entry.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

Black List

Add

Click this to create a new entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

#

This is the entry’s index number in the list.

Black List

This field displays the URL of this entry.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

URL Blocking For External DB

Enable URL Blocking For External DB

Select this check box to have the Zyxel Device block the incoming packets that come from the listed addresses in the black list file on the server.

Add

Click this to create a new entry.

Edit

Select an entry and click this to be able to modify it.

Remove

Select an entry and click this to delete it.

#

This is the entry’s index number in the list.

Name

Enter an identifying name for the black list file. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.

Source

Enter the exact file name, path and IP address of the server containing the black list file.

For example, http://172.16.107.20/blacklist-files/myip-ebl.txt

The server must be reachable from the Zyxel Device.

Description

Enter a description of the black list file. You can use alphanumeric and ()+/:=?!*#@$_%- characters, and it can be up to 60 characters long.

 

New IP reputation signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the IP reputation signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for IP reputation service in order to be able to download new signatures from myZyxel (see the Registration screens).

Schedule signature updates for a day and time when your network is least busy to minimize disruption to your network.

Update Now

Click this to have the Zyxel Device immediately check for new signatures at myZyxel. If new signatures are found, they are then downloaded to the Zyxel Device.

Auto Update

Click this to have the Zyxel Device automatically check for new signatures regularly at the time and day specified. You should select a time when your network is not busy for minimal interruption.

Select this to have the Zyxel Device check for new signatures every day at the specified time. The time format is the 24 hour clock, so ‘23’ means 11 PM for example.

Select this option to have the Zyxel Device check for new signatures once a week on the day and at the time specified.

Apply

Click Apply to save your changes back to the Zyxel Device.

Reset

Click Reset to return the screen to its last-saved settings.

Add

Click this to create a new entry. Select an entry and click Add to create a new entry after the selected entry.

Edit

Double-click an entry or select it and click Edit to open a screen where you can modify the entry’s settings.

Remove

Select an entry and click Remove to delete the selected entry.

#

This field is a sequential value showing the number of the profile. The profile order is not important.

Name

This displays the name of the profile created.

Description

This displays the description of the profile.

Configuration

 

Type the name of the profile. You may use 1-31 alphanumeric characters, underscores(_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. These are valid, unique profile names:

These are invalid profile names:

Description

Type a description for the profile rule to help identify the purpose of rule. You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is case-sensitive. This field is optional.

Action

Set what action the Zyxel Device takes when it detects a connection attempt to or from the web pages of the specified categories.

block: Select this action to have the Zyxel Device block access to the web pages that match the categories that you select above.

warn: Select this action to have the Zyxel Device display a warning message to the access requesters for the web pages before allowing users to access web pages that match the categories that you select above.

pass: Select this action to have the Zyxel Device allow access to the web pages that match the categories that you select above.

Log

These are the log options:

Scan Options

 

Select this check box to have the Zyxel Device not perform the URL Threat filter check on URLs that match the white list entries.

Select this check box to have the Zyxel Device perform the URL Threat filter check on URLs that match the black list entries.

Select this check box to have the Zyxel Device perform the URL Threat filter check on URLs that match the external black list entries.

Security Threat Categories

Select the categories of FQDNs that may pose a security threat to network devices behind the Zyxel Device.

Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous fashion, whether to circumvent Web filtering or for other reasons.

Sites that contain browser exploits. A browser exploit is any content that forces a web browser to perform operations that you do not explicitly intend.

Sites that have been identified as containing malicious downloads or malware harmful to a user's computer.

Sites that install unwanted software on a user's computer with the intent to enable third-party monitoring or make system changes without the user's consent.

Sites that are used for deceptive or fraudulent purposes, such as stealing financial or other user account information. These sites are most often designed to appear as legitimate sites in order to mislead users into entering their credentials.

Sites that have been promoted through spam techniques.

Sites that contain spyware, adware or keyloggers.

OK

Click OK to save your changes back to the Zyxel Device.

Cancel

Click Cancel to exit this screen without saving.

URL Blocking

Enable

Select this option to turn on URL blocking on the Zyxel Device.

Inspect all traffic, setting:

Select this to have all traffic inspected by the default_profile. You cannot rename or delete the default_profile profile, but you can edit it by clicking the link here.

Inspect by policy

If you configured a specific profile in the Profile tab for this service, select this to have specific traffic inspected by that profile. You must bind the profile to a policy in Security Policy > Policy Control.

Message to display when a site is blocked

Denied Access Message

Enter a message to be displayed when the URL Threat filter blocks access to a web page. Use up to 127 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%,”). For example, “Access to this web page is not allowed. Please contact the network administrator”.

It is also possible to leave this field blank if you have a URL specified in the Redirect URL field. In this case if the URL Threat filter blocks access to a web page, the Zyxel Device just opens the web page you specified without showing a denied access message.

Redirect URL

Enter the URL of the web page to which you want to send users when their web access is blocked by the URL Threat filter. The web page you specify here opens in a new frame below the denied access message.

Use “http://” or “https://” followed by up to 262 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%). For example, http://192.168.1.17/blocked access.

Test URL Threat Category

 

Enter a URL using http://domain or https://domain and click the Query button to check if the domain belongs to a URL threat category.

Signature Information

The signatures for DNS Filter and URL Threat Filter are the same. These signatures are continually updated as new malware evolves. New signatures can be downloaded to the Zyxel Device periodically if you have subscribed for the URL Threat filter signatures service.

You need to create an account at myZyxel, register your Zyxel Device and then subscribe for URL Threat filter service in order to be able to download new signatures from myZyxel (see the Registration screens).

The following fields display information on the current signature set that the Zyxel Device is using.

Current Version

This field displays the signature set version number currently used by the Zyxel Device. This number gets larger as new signatures are added.

Signature Number

This field displays the number of signatures in this set.

Released Date

This field displays the date and time the set was released.

Update Signatures

Click this to go to the Configuration > Licensing > Signature Update screen to check for new signatures at myZyxel. You can schedule or immediately download signatures.

Apply

Click Apply to save your changes.

Reset

Click Reset to return the screen to its last-saved settings.