Best Of

Re: Problem with update ZyWall USG-100Plus to firmware 330 AACV v3.30P9 (WK48)

https://www.4shared.com/s/fh5TPiR0Tjq

a1601

1

Re: Does Content Filter No Longer Work On USG40/60's

Hello @JCE,
For HTTPS traffic, please apply SSL inspection which allows you to check SSL-encrypted packages to let Content Filter works with HTTPS traffic.
Please refer to this knowledge base article

https://community.zyxel.com/en/discussion/464/how-to-block-https-websites-using-content-filtering-and-ssl-inspection

James

Zyxel_James

1

Re: Does Content Filter No Longer Work On USG40/60's

Hello @JCE,
We still provide services for Anti-Virus and Content Filter.
May I know more information about what you encounter? which website? how's the log display? Could you clear the browser cache and test again?

James

Zyxel_James

1

Re: LTE5388-M804 loses network after some time

https://community.zyxel.com/en/discussion/comment/49896#Comment_49896

Probably a ZySH command. Wonder if the trick there could help:

https://community.zyxel.com/en/discussion/12377/lte5398-m904-zysh-command-to-reboot-lte-connection

JeanFrancois

1

Re: Cross LAN access to ChromeCast

Hello @RSaull @flefebure

Zyxel Firewall does not support that routing multicast cross subnets, and currently we don't have a plan to implement this feature this year.

James

Zyxel_James

1

Re: Odd 2FA Security Issue With The USG40

I would guess, that maybe the former session/s get cached and since it's the same client/machine the credentials are still valid? Or the 2FA has a general grace period per user/machine?

Are the links you receive maybe even the same?

I would try logging in, clicking the 2FA, logging out immediately, logging in, compare the links.

Next I would try different clients and see if the 2FA can be skipped with those too.

If it just applies to the same client, the real world implications would exist, but the chances of exploiting this are very slim.

StefanZ

1

Re: Odd 2FA Security Issue With The USG40

Hi @JCE,

Can you test again and check if the IP shows up in twofa-ipsec-ip? It should be listed in twofa-ipsec-ip before clicking the authorization email.
Once you click the authorization email, it will be delisted from twofa-ipsec-ip.

Here are the steps:

Connect the VPN client.
Type the CLI command "debug system ipset" to check if the VPN client's IP address is listed in twofa-ipsec-ip."

e.g.
Name: twofa-ipsec-ip
Type: hash:ip
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16496
References: 2
Members:
X.X.X.X <= You should be able to see the IP address in the member list before clicking the authorization email

Zyxel_Cooldia

1

Re: SMS 2FA On Usg 40 (Latest FW) Question For UK Based Unit

Hi @JCE ,

You can use ClickSend to send SMS for 2FA. Please refer to the link below for instructions on how to configure two-factor authentication (2FA).

https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018012&lang=EN

Zyxel_Cooldia

1