-
How to remove all DHCP binding entries at once via CLI?
Question Normally, we can remove the DHCP binding entry by Router# clear ip dhcp binding x.x.x.x But how can we remove all DHCP binding entries at once? Answer To remove all DHCP binding entries, please input Router# clear ip dhcp binding *
-
What can I do when SecuReporter upload fail?
Question Some users may encounter a problem that SecuReporter cannot show the statistics data and logs, meanwhile the device event log shows [SecuReporter] Upload fail [SecuReporter] Upload fail when https post. Server response:400/40003/The request is expired Answer It could be caused by the date/time not corresponding to…
-
How to configure mail server by Web-GUI and CLIs ?
Question : How to configure mail server by Web-GUI and CLIs ? Answer : Please navigate to Configuration > Notification > Mail Server to configure mail server by local Web-GUI. Additionally, you can configure the relevant parameters by CLIs as well. Router# configure terminal Router(config)# mail-server…
-
How to flush connection by CLI
Scenario: You'd like to flush all connection Command: Router# debug conntrack flush
-
How to force-logout users
Scenario: You'd like to force-logout users who log in to firewall Command: Router> configure terminal Router(config)# users force-logout user <user name>
-
If the WAN port is down, can the user still log in to the device using a 2FA code?
Scenario & Question: Sometimes we might encounter a situation where the WAN port is down, resulting in no internet connectivity due to unexpected reasons. In this scenario, can the user still log in to the device using a 2FA code? Answer: Yes, the user can still utilize the Google Authenticator code or backup codes to…
-
How to restrict SSH login?
Question : There are many internet suspicious attacks on the internet including unauthorized SSH login. This article will guide how to prevent it. Answer : You can add a a security policy to enable remote SSH access to your firewall from specific IP addresses (such as WAN IP, Geo-IP, etc.), as shown below: Once a…
-
What happens after enabling IP/MAC Binding and DHCP Enforcement?
Question: What does the option "enable IP/MAC Binding and DHCP Enforcement" means? Answer: After enabling this option, the following types of hosts will be blocked Host with Static IP but MAC address is not in the static DHCP table Host with DHCP IP but not get the IP address from this firewall
-
What's the difference between the admin account and limited-admin user account?
Question: What is the difference between the privileges of admin and limited-admin? Answer: Admin: Change the configuration (Console, Telnet, SSH, WWW, FTP) Limited-Admin: Only look at the configuration and able to run the diagnostic features. (Console, Telnet, SSH, WWW)
-
What can I do when I get locked out due to activating "Authenticate Client Certificates"?
Question: Some users may encounter a problem that after enabling Authenticate Client Certificates, the web GUI login page is not available. What can we do when we're in this scenario? Answer: We can use CLI command to disable it. Router# configure terminal Router(config)# no ip http secure-server auth-client For how to use…
-
How to clear ARP table, or remove a specific ARP entry?
Question: How to clear the ARP-Table or remove a specific ARP entry? Answer: You can use CLI command to clear the ARP table Router# Router# configure terminal Router(config)# arp-table flush For a specific ARP entry Router(config)# show arp-table Address HWtype HWaddress Flags Mask Iface 192.168.1.33 ether…
-
How to unlock the user who has been locked out due to multiple login failures?
Question: When there is a user gets locked out because he attempt to log in and failed multiple times? Answer: The user is blocked by User IP Lockout Settings, which means the IP address of the user would be blocked if fails 6 times The admin account can unlock the user's IP address by CLI command. First, check the IP…
-
Why is there a “Session Limit Maximum sessions per host (1000) exceeded” message in the Monitor Log?
Background and Scenario: We have noticed that some users reported seeing multiple instances of "Session Limit Maximum sessions per host (1000) exceeded" in the Monitor Log. Answer: The log message means the host has reached our default session limit of 1000. To avoid this, please increase the session limit number or set it…
-
If the SYS LED keeps flashing, what steps can you take to address the issue?
Background and Scenario: When you see the SYS LED keeps flashing, what steps can you take to address the issue? Answer: If you still can access the device: (1). Please back up your current running startup-config file. (2). Please collect the diag-info log for us for further investigation. You could collect the diag-info…
-
How to set up self-signed cert to access web GUI from WAN interface without "Not Secure" warning?
Question: When users access the web GUI from the internet, the HTTPS not secure warning always shows up. How to avoid it? Answer: Navigate to Configuration > Object > Certificate > My Certificates, and click +Add to generate a self-signed certificate. Input the WAN IP address to Host IP Address Enable Server Authentication…
-
How to unlock blocked account/IP in FLEX/ATP?
Question If users enter wrong username/password too many times and get locked, how to unlock the account? Answer Go to Console> Type Router(config)# show lockout-users> Type "unlock lockout-users XX.XX.XX.XX"
-
Do I need to upload certificate again when I boot up from standby partition?
Question Do I need to upload certificate again, when I boot up from standby partition? Answer No, the certificate files are in the shared partition. There is no need to upload certificates file again.
-
What does it mean by console log “kernel: Port x receive error code 10, packet dropped”?
Question When I set debug kernel console level to 8, I can see many log “kernel: Port x receive error code 10, packet dropped”, what does it mean? Answer The error debug code is normal behavior, it shows that when device receive Ethernet packets with incorrect length. It mostly happens when some network equipment doing…
-
Why am I unable to access device web GUI after applying customer’s configure file
Question After applying configuring file, I am unable to access device web GUI from wan side. Anything I can check on startup configure file? Answer Please check the following items in configure file 1) Web GUI port. Make sure the web GUI access port is correct ip http port 888 ip http secure-port 4433 2) Admin service…
-
How can I check the unit temperature on USG FLEX 50/100/200?
Question: Is there any way to check the temperature of the unit with web GUI or CLI? Answer: Yes, we can check the unit temperature by CLI For example: Router# debug hardware Router(debug hardware)# Router(debug hardware)# fan-get Sensor[0]:56 degree Sensor[1]:35 degree Sensor[2]:40 degree FAN[0]:5781 RPM FAN[1]:5750 RPM…