Fred_77  Ally Member

Ok your log is filtered or ordered.. any dhcp record?

Hi @ITS i think it might depend on the user configuration. By default re-auth limit is 1440min (24h.). You can modify ths value, but i think that "unlimited" is not recommended.

HI @CcHuMi just for recap: you are talking about embedded WiFi controller "Pro" ssid has parent zone Lan1 "Guest" ssid has parent zone Lan2 right? did you check the DHCP server configuration on Lan1? system log may help you understand what happened when a client tries to connect ... can you see something "strange"?

Hi @Fender i got the same error on a ATP due to date/time mismatch between ATP and mobile (daylight saving was the issue).

Hi @the_maxtor just thinking... you could try with only one route policy with "trunk" as next hop.

i have to apologize, i forgot to mention that an addon was required: an avahi proxy was needed to get around the limitation James was talking about. It was a virtual machine running on Synology nas with 2 nic (one for each vlan) and provided the multicast dns. However, the security aspect of this scenario must be taken…

Hi @Zyxel_James i did the same configuration a couple of years ago with an ATP200 in a B&B and it worked quite fine. Sorry i can't handle the davice any more, B&B closed due to a pandemy. Fred

Sorry for obvious questions... Have you created a zone for each vlan? Configuration>Object>Zone (i.e. Vlan1_Zone; Vlan2_Zone) Did you make the association of the vlan with it's zone? Configuration>Interface>Vlan Have you Configured all the services listed above? (and grouped them...) Have you configured security policy…

Hi @IMD just a couple of questions: vlan1 only manages your AP's or is the vlan for your guest device? a security policy vlan1 > Vlan2 and Vlan2 > Vlan1 where all the needed ports/services are allowed ? Here a list of services for Airplay 80 TCP HTTP - AirPlay 320 UDP PTPv2 - Precision Time Protocol 443 TCP HTTPS - AirPlay…

Hi @GeorgiTodorov It seems to me that this has been the case since zyxel split the SSL port from the one for remote management. Fw 4.70 is the same. (not sure in 4.68).... Fred

Hi @Zyxel_James my intention was indeed to apply fw 5.30 patch released a couple of days ago... I preferred to wait to apply the previous 5.30 due to reported SSL VPN issues. Web access was already filtered... What to say... this time i arrived late. Thanks Fred

Hi @ITS same issue this morning on ATP200. With Surprise i've found this configuration: So i was able to connect to web gui with port 4337 (changed not by me) ... OK i've got back the management of the device, but now i've to understand what happened.. Hope this can help Fred

@Gel sorry but i've not so clear your scenario: ip 192.141.XX.XX is on LAN2 or is a WAN ip? Maybe you need to configure a bridge interface?

Well, i suppose the client you are pinging for usg on is in the same zone/subnet right? If so, enabling icmp and ping services in Lan2-to-Zywall should be enought Or is your scenario little more complex?

Hi @Gel it is a somewhat vague request. However assuming 192.141.xxx.254 is the ip of Lan1 on usg, you need to create a Lan1-to-Zywall security Policy where icmp is allowed. But it should already be that way by default. even better would be a clarification on how you configured the usg Fred