Best Of
Re: How to enable SNMP AP nwa50ax
Hi @write4nik
At this time, the NWA50AX does not support SNMP functionality, as this model is designed primarily for home and small business environments.
However, we recognize the importance of such features for certain users and are keen to understand your requirements better, could you share more about your specific use case for SNMP on the NWA50AX?
Re: How to enable SNMP AP nwa50ax
However, we recognize the importance of such features for certain users and are keen to understand your requirements better, could you share more about your specific use case for SNMP on the NWA50AX?
That's very unusial than your decided snmp is an enterprise feature
That's quite old function and all other devices other vendors has it by default, even 20$ devices(nwa50 $100+)
"your specific use case for SNMP on the NWA50AX? "
-That's not specific. Typical monitoring process, that's not an enterprise function like guest portal or radius etc.. why did you block monitoring function to my devices?
Re: How to enable SNMP AP nwa50ax
Hello, we have many of this devices in the field and we need SNMP for monitoring. Can You add this functionality to GUI or CLI? When I check it, that setting are here but not configurable. Thank You
Re: Flex H Models Routing Protocols e.g. BGP
I just purchased this unit to setup a new Branch location, expecting us to use the traditional routing protocols always included in ZyXel Routers for years. We now get to migrate to a purely static environment, assign dozens of IP addresses, and input all the subnet route gateways.
Thanks for adding 2 days to my work load! Why you released a product that does not come with basic functions that have always been included is beyond me. If ZyXel believes this is good business practices, we will have to consider another manufacturer for our needs, and our customers.
Re: IPSec sessions on the firewall not terminated after a while of being idle?
Hi @Zyxel_USG_User ,
We would like to update you regarding this case.
The symptom you observed is due to a design limitation. The firewall does not actively initiate DPD (Dead Peer Detection) checks to verify if the StrongSwan VPN client is still connected. As a result, both the dashboard and Monitor page will continue to show the VPN as connected when the phone is in the Airplane mode.
Regarding the User idle detection feature, this only applies to local user login sessions. The system will detect idle time for local GUI logins, but this does not affect or monitor VPN connection users.
[Nebula] What should I check besides raising session limit when I keep reaching the session limit?
Question:
I keep reaching the maximum session. In addition to raising the value of the session limit, what else should I check?
Answer:
By default, the session limit per host is 1000, and sometimes we may see event logs like "Maximum sessions per host(1000)". At this time, the PC host may encounter service outage because the sessions are dropped. To avoid this situation, we can raise the value of the session limit, or set it as 0 which means unlimited.
However, we better check the network traffic to identify the root cause of high session usage, it could be brute force attacks or Denial of Service attacks.
Investigate the active session to identify which IP addresses or services are consuming the most sessions, so that the user can determine which host or application service could be abnormal.
- Connect to the firewall using the console port or the SSH protocol.
- Input CLIs to check which source, destination, and service have the most sessions.
show conn ip-traffic source
show conn ip-traffic destination
show conn service any
If a local host generates a great number of sessions, please check if it's running downloads of torrents, viruses (trojans), or rogue devices and malware. In this case, many active network session would be created on the computer.
If it's an external source, it could be DoS attacks (Denial of Service), and you can implement IPS to detect the attacks.
Moreover, this CLI "debug system show conntrack" shows the details of the complete active sessions, it can help you identify and mitigate the root cause of your firewall reaching the maximum session limit.
Re: AP offline in NCC
The issue was resolved, there was a blocking at the provider level.
Re: H Series - Virtual Server NAT loopback bug?
Then NAT loop back is not to do with Zyxel it be down to router WITH the WAN IP because thats how it works and works on any other router.
when you connect from 192.168.168.22 > 93.x.x.200 because the Zyxel does not have 93.x.x.200 it will not NAT loopback only when it goes to the router with 93.x.x.200 does NAT loopback apply.
Now some ISP router don't support NAT loopback which means your out of luck or if you can't put the ISP router in bridge mode.
But is there a way to do NAT loopback which this limitation? yes but it has to be written because no one I know has done it.
it will look some thing like this.
This way when 192.168.168.22 > 93.x.x.200 and 93.x.x.200 is the IP for bridgemode.bounceme.net it will NAT loopback to 192.168.255.193 even if the Zyxel does not have 93.x.x.200
This might be a interesting read
PeterUK