IP Exception
Overview
IP Exception allows incoming IP packets to bypass specific security services based on the packet’s source or destination address. Bypassing a security service means the security service does not intercept nor inspect the packet. IP Exception supports bypassing the following security services:
• Anti-Malware (including sandboxing)
• URL Threat Filter
• IPS (Intrusion Prevention System)
• IP Reputation.
• DNS Threat Filter
Please note that your Zyxel Device does not support sandboxing and IP reputation by default. You need to purchase a Gold Security Pack license; see
Gold Security Pack License and UTM Bundled License for more information.
The IP Exception Screen
Use this screen to view the IP exception list for the specified services. The Zyxel Device will not inspect incoming packets that match the listed source and destination IP address(es) wit h the specified services.
Use Add to put a new entry in the list or Edit to change an existing one or Remove to delete an existing entry.
The following table describes the fields in this screen.
Configuration > Security Service > IP Exception
LABEL | Description |
|---|
IPv4/IPv6 Exception List Settings |
Add | Click this to create a new entry. |
Edit | Select an entry and click this to be able to modify it. |
Remove | Select an entry and click this to delete it. |
# | This is the entry’s index number in the list. |
Name | This field displays the descriptive name of this entry. |
IPv4/IPv6 Source | This field displays the source IP address (or address object) of incoming traffic. It displays any if there is no restriction on the source IP address. |
IPv4/IPv6 Destination | This field displays the destination IP address (or address object) of incoming traffic. It displays any if there is no restriction on the destination IP address. |
Service to Bypass | This field displays which services will not inspect matched packets. |
Log | This field displays if the Zyxel Device will generate a log when the incoming traffic is in the exception list. |
The IP Exception Add/Edit Screen
Use this screen to add or edit entries of IPv4 or IPv6 address in the IP exception list.
The following table describes the fields in this screen.
Configuration > Security Service > IP Exception > Add/Edit
LABEL | Description |
|---|
Create New Object | Use this to configure any new settings objects that you need to use in this screen. |
Name | Enter a descriptive name of this entry. |
Description | Enter the description for this entry. You can use 1 to 63 single-byte characters, including 0-9a-zA-Z!”#$%’()*+,-/:;=?@_ &.<>[\]^‘{|} are not allowed. |
Source | Select any or an address object of the source IP address for this entry. Select any so there’s no restriction on the source IP address. |
Destination | Select any or an address object of the destination IP address for this entry. Select any so there’s no restriction on the destination IP address. |
Log | Select Yes to have the Zyxel Device generate a log when the incoming traffic is in the exception list. Otherwise, select No. |
Service to Bypass | Selected services do not inspect packets that match source/destination criteria above. Non-selected services do inspect packets that match source/destination criteria above. |
OK | Click OK to save your customized settings and exit this screen. |
Cancel | Click Cancel to exit this screen without saving. |
Example: Bypass a Website
You often access a website 1.1.1.1 that you are sure is safe. Every time you access the website, the packets sent by the website will be inspected by the Zyxel Device security services, such as anti-malware, reputation filter and IPS.
This not only causes your web browser to take more time to load the website, but also takes up more Zyxel Device resources than necessary.
In the figure below, you create an IP Exception profile for the website 1.1.1.1. IP exception allows incoming IP packets from the website 1.1.1.1 (A) to bypass specific security services. Bypassing a security service means the security service does not intercept nor inspect the packet.
This example uses the parameters given below.
Address Object Configuration Example
name | address type | ip address |
|---|
TrustedWebsite | Host | 1.1.1.1 |
IP Exception Configuration Example
name | source | destination | log | services to bypass |
|---|
ForTrustedWebsite | TrustedWebsite | Any | No | Anti-Malware URL Threat filter IPS |
1 Go to Configuration > Object > Address/Geo IP > Address and click Add.
3 Go to Configuration > Security Service > IP Exception and click Add.