-
[FLEX/ATP]Why am I unable to upgrade firmware by Cloud Helper?
Question: Why am I unable to upgrade firmware by Cloud Helper? Answer: If device firmware is date firmware, Cloud Helper will restrict the user downloading the FCS firmware from Cloud because it forces the user to confirm the release note and make sure the issue has been fixed in the FCS version to avoid the issue…
-
[FLEX/ATP]How do I dump AAA log to console for log analysis?
Question: How do I dump AAA log to console for log analysis? Answer: Use the commands below,. Router# debug authentication server log activate Router# debug authentication server log dump to console
-
[FLEX/ATP]How to fix the issue when seeing App watch dog try to recover httpd log in the console?
Question: Somehow, I am unable to access the web GUI of my USG, and the device reboots periodically. Connected serial console to USG, it indicated that httpd is dead, and App watch dog is trying to recover it. What could be the reason that httpd is dead and what should I do for now? Console log Answer: It is because the…
-
How to collect "diaginfo" by CLI
Enter the configuration mode by typing configure terminal on your router. To start collecting diagnostic information: Router#config terminal Router(config)# diaginfo collect ac Wait for the process to complete as the system collects information. And use below command show the progress Router(config)# show diaginfo collect…
-
What can I do when the error message "Connect to myZYXEL.com server has failed" appears?
Question: Some users may encounter a problem when trying to activate a license, that is, once click on Service License Refresh, the error message "Connect to myZYXEL.com server has failed" shows up. Answer: It could be a bad DNS setting, resulting in the device not resolving towards portal.myzyxel.com, which is used for…
-
How to check Device Insight list by Web-GUI and CLI?
Scenario: When the user enables Device Insight, how to check the current Device Insight list by Web-GUI and CLI? Answer : Please navigate to Monitor > Network Status > Device Insight > To check the current list. The user also can use the CLI "show device info all" to check the current list.
-
How can I check the End-of-Life (EOL) information for Zyxel products?
Question How can I check the End-of-Life (EOL) information for Zyxel products? Answer The information can be found at .
-
How to clear the ARP table in Firewall?
Question How do we clear the firewall's ARP table to troubleshoot layer 2 issues? Answer Show ARP table Router(config)# show arp-table Clear ARP table Router(config)# arp-table flush
-
How to recover/regenerate the device's default certificate using the CLI?
Question After checking, it appears that the firewall's default certificate is corrupted, and I am unable to log in to the device's web GUI. How can I recover/regenerate the device's default certificate using the CLI? Answer We can connect to device using SSH, and type CLI Router> debug _ca regenerate to generate new…
-
How to configure LAN3 zone on USG20(W) and USG Flex 50(W) models?
Scenario: Because USG20(W) and USG Flex 50(W) don't have LAN3 zone by default. I the user wants to add a LAN3 zone to manage the LAN clients more flexibly how to deploy it? Answer: If the customer would like to use P3 for the LAN3 zone with IP 192.168.66.1 and DHCP server, please refer to the below steps: Configuration >…
-
How to disable DHCP settings and set the LAN2 port as a locally managed port?
Scenario : This article will guide you on how to disable DHCP settings and set the LAN port as a locally managed port for better security for you. Answer : For example, if the user wants to restrict administrator access to only lan2 for firewall management, they should navigate to Configuration > Networks > Interface >…
-
How to configure a VLAN interface with DHCP server in on-premise mode firewall?
Scenario : The user may wish to configure a VLAN interface with a DHCP server. This article will guide you on how to deploy a VLAN interface with VLAN ID 10 and a DHCP server. Answer : Please navigate to Configuration > Network > Interface > VLAN > Add a VLAN interface and configure Interface Properties, IP Address…
-
How to flush DNS cache in firewall?
Question: How do we flush DNS cache in firewall if we would like to troubleshoot DNS issue. Answer: We can enter CLI Router> ip dns server cache-flush to clear firewall DNS cache.
-
How to remove all DHCP binding entries at once via CLI?
Question Normally, we can remove the DHCP binding entry by Router# clear ip dhcp binding x.x.x.x But how can we remove all DHCP binding entries at once? Answer To remove all DHCP binding entries, please input Router# clear ip dhcp binding *
-
What can I do when SecuReporter upload fail?
Question Some users may encounter a problem that SecuReporter cannot show the statistics data and logs, meanwhile the device event log shows [SecuReporter] Upload fail [SecuReporter] Upload fail when https post. Server response:400/40003/The request is expired Answer It could be caused by the date/time not corresponding to…
-
How to configure mail server by Web-GUI and CLIs ?
Question : How to configure mail server by Web-GUI and CLIs ? Answer : Please navigate to Configuration > Notification > Mail Server to configure mail server by local Web-GUI. Additionally, you can configure the relevant parameters by CLIs as well. Router# configure terminal Router(config)# mail-server…
-
How to flush connection by CLI
Scenario: You'd like to flush all connection Command: Router# debug conntrack flush
-
How to force-logout users
Scenario: You'd like to force-logout users who log in to firewall Command: Router> configure terminal Router(config)# users force-logout user <user name>
-
If the WAN port is down, can the user still log in to the device using a 2FA code?
Scenario & Question: Sometimes we might encounter a situation where the WAN port is down, resulting in no internet connectivity due to unexpected reasons. In this scenario, can the user still log in to the device using a 2FA code? Answer: Yes, the user can still utilize the Google Authenticator code or backup codes to…
-
How to restrict SSH login?
Question : There are many internet suspicious attacks on the internet including unauthorized SSH login. This article will guide how to prevent it. Answer : You can add a a security policy to enable remote SSH access to your firewall from specific IP addresses (such as WAN IP, Geo-IP, etc.), as shown below: Once a…