Zyxel C3000Z - Found to be defective, Need help securing my network?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Zyxel C3000Z - Found to be defective, Need help securing my network?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Zyxel C3000Z - Found to be defective, Need help securing my network?
Zyxel C3000Z - Found to be defective, Need help securing my network?
2022-06-03 20:22:52 - last edited 2022-06-06 01:02:56
Model: AC50  
Hardware Version: V4
Firmware Version: 4.0.3 Build 20190227 Rel.48206

Model: TL-R600VPN v4.0

 

Problem Background:

I bought this modem years back, yesterday CentryLink had me do a forced firmware update to be able to connect, the update does not allow me to disable the 5G network, hide the SSID nor change the password. I don’t want to use it at all, in fact I’m searching to replace this modem with a wired only modem, I’m using tp-link’s EAP225-Wall.

So I want to open the case and disconnect the wireless circuit but, I can not find the board layout. 1) does anyone now where I can find one or 2) direct me how to disconnect it without disabling the modem?

 

TODAY:
Just spoke with CentryLink and after further diagnostic with the Tech, its found that my modem is defective. So I have to order a new one anyway but, until then I need help in securing my network from the possibility of discovery of this weak default password, being I’m unable to change it. My network looks like this:

 

aa806f527c444bbcb4aa5a72956d69f3

 

My question what rule can I add in my TL-R600VPN to deny any LAN connections from the C3000Z?

  0      
  0      
#1
Options
1 Reply
Re:Zyxel C3000Z - Found to be defective, Need help securing my network?
2022-06-07 01:26:45

  @nasheayahu 

Sorry that I am not rude to you. But your map looks like not right at all. 

Not sure the centurylink. Are you running two NATs or triple? 

What I see R600 got its WAN and LAN IP + pfsense got its WAN IP and LAN IP. While the pfsense does not look right at all. If your map is like this, I can only assume "WAN" is mistaken. That is LAN? R600 is on sunbnet 192.168.0.1/24

 

First off, why would you need triple or double NAT for the whole network? More NATs are adding up unnecessary layers to the network. People want to remove as many nats as possible. 

PS i believe you have triple nats after reviewing your words multiple times and trying to figure out what's best for you. centurylink is a wireless modem router. 

 

While any devices on centurylink LAN can access R600 by the WAN IP on R600 which means you need to either set a firewall rule on centurylink to allow a single IP(in the centurylink LAN) or you set a remote management on R600(not sure if you got this function on R600, I know omada certainly does it).

The rule should be like 192.168.1.100/32 which 255.255.255.255 indicates a single IP. So the computer or whatsoever using the IP in centurylink LAN(192.168.1.1/24) can access the WAN IP of the R600. 

 

BTW, if you are not talking about this, but worried about the network security, not too many aspects you should be worried about, because that NAT is some kind of firewall that can help protect the devices in the network. 

 

 

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#2
Options