-
How to check if the firewall is connected to the NCC?
Question: How do I check if the firewall is connected to the NCC? Answer: You can check the connection status using the following CLI command: show gui nebula status
-
How to check the organization or site name using the CLI without login Nebula?
Question: How do I find the organization or site name using the CLI without login Nebula? Answer: You can check the organization or site name using the following CLI command: show gui nebula info
-
How to check the last reboot time status?
Question: How do I check the last reboot time status? Answer: You can check the last reboot time using the following CLI command: show gui dashboard boot-status
-
How to check the firewall link speed or its up/down status?
Question: How do I check the firewall link speed or its up/down status? Answer: You can check the link speed and status using the following CLI command: show port status
-
How to query an IP address to find out its category and threat level?
Question: How do I query an IP address to find out its category and threat level? Answer: You can check the category and threat level by using the following CLI command: cmd ip-reputation-query ip x.x.x.x Replace x.x.x.x with the actual IP address. For example: cmd ip-reputation-query ip 8.8.8.8
-
How to query a URL to find out which category it belongs to?
Question: How do I query a URL to find out which category it belongs to? Answer: You can check the category by using the following CLI command: cmd url-category-query search xxxxxx Replace xxxxxx with the actual URL. For example: cmd url-category-query search google.com
-
How to clear the Sandboxing cache for debugging purposes?
Question: How do I clear the Sandboxing cache for debugging purposes? Answer: You can flush the Sandboxing cache using the following CLI command: cmd sandbox-cache-flush
-
How to the clear Anti-Malware cloud query cache for debugging purposes?
Question: How do I clear the Anti-Malware cloud query cache for debugging purposes? Answer: You can flush the cloud query cache using the following CLI command: cmd debug anti-malware cloud-query cache flush
-
Is there any way to trace reboots via CLI, web GUI, or scheduled reboots?
Question: Is there any way to trace reboots via CLI, web GUI, or scheduled reboots? Answer: Yes, we can check the logs by running the following CLI commands: cmd debug show sys-mgnt-log | match "schedule" cmd debug show sys-mgnt-log | match "CLI" cmd debug show sys-mgnt-log | match "GUI"
-
CloudFlare DNS (1.1.1.1) is not functioning properly on WebGUI test
Question: CloudFlare DNS (1.1.1.1) is not functioning properly when tested via a Zyxel Firewall's WebGUI, leading to resolution failures or timeouts. How can this be resolved? Answer: The issue where CloudFlare DNS (1.1.1.1) appears not to function correctly during a Zyxel Firewall's WebGUI test, resulting in "Not…
-
Resolving 'Invalid DN Syntax' Error in Active Directory Authentication for VPN Users
Question: How to resolve the "Invalid DN Syntax" error when configuring Active Directory authentication for VPN users on a Zyxel Firewall? Answer: The "Invalid DN Syntax" error typically occurs during Active Directory (AD) connection testing when the Bind DN setting does not correctly specify the location of the VPN user…
-
SNMP Monitoring of Zyxel USG FLEX 700H Interfaces (ifSpeed vs. ifHighSpeed)
Question: How to accurately monitor 10Gbps SFP interface speeds on Zyxel USG FLEX 700H using SNMP? Answer: The discrepancy in reported speeds and the appearance of unfamiliar interfaces during SNMP polling are due to the specific OID limitations and the internal architecture of the Zyxel USG FLEX 700H. Root Cause: ifSpeed…
-
Device Insight Status show Verifying
Question: What is the meaning of the "Verifying" status in Device Insight, and how does it relate to displaying device online/offline status in the DHCP list? Answer: Understanding the "Verifying" status in Device Insight and the availability of device status information requires looking at different functionalities.…
-
IKEv1 to IKEv2 VPN Conversion Limitations from FLEX to H series
Question: What are the limitations regarding converting IKEv1 VPN configurations to IKEv2 on a Zyxel USG FLEX 700H, especially when using a configuration converter? Answer: The direct conversion of IKEv1 VPN configurations to IKEv2 is not supported, and manual reconfiguration is required.
-
2FA Functionality with VPN Clients
Question: What is the process for using Two-Factor Authentication (2FA) with different VPN clients, especially when using OpenVPN? Answer: The way 2FA functionality is presented varies between the Zyxel VPN Client (SecuExtender) and other third-party VPN clients. * Root Cause: The automatic display of the 2FA…
-
WebGUI Access for User-Type Accounts on Zyxel H series
Question: What is the reason that 'user-type' accounts cannot log in to the WebGUI of new Zyxel security appliances, and how should port-opening scenarios based on user login be handled? Answer: On new generation H series , 'user-type' accounts are intentionally restricted from logging into the WebGUI. This is a design…
-
USG FLEX 700H DHCP Server: Issuing DHCP Option 24 for VOIP Equipment
USG FLEX 700H DHCP Server: Issuing DHCP Option 24 for VOIP Equipment As part of a recent POC (Proof of Concept) for VOIP integration, questions arose regarding the capability of the USG FLEX 700H DHCP server to issue DHCP option 24 to VOIP equipment. This functionality is crucial for VOIP devices to automatically retrieve…
-
How to redial the PPPoE interface using the command line?
Question: How do I redial the PPPoE interface using the command line? Answer: You can run the command cmd dial pppoe ge1_PPP to force a PPPoE redial. Replace ge1_PPP with the actual name of your PPPoE interface.
-
How to flush the content filter without power cycling the firewall?
Question: How do I flush the content filter without power cycling the firewall? Answer: You can flush the firewall's content filter cache using the CLI command cmd content-filter-cache-flush.
-
How to check the device's active sessions and supported session count?
Question: How do I check the device's active sessions and supported session count? Answer: You can obtain this information using the CLI command show conn status.