Maintenance - Zyxel Community

How to restrict SSH login?
Question : There are many internet suspicious attacks on the internet including unauthorized SSH login. This article will guide how to prevent it. Answer : You can add a a security policy to enable remote SSH access to your firewall from specific IP addresses (such as WAN IP, Geo-IP, etc.), as shown below: Once a…
What happens after enabling IP/MAC Binding and DHCP Enforcement?
Question: What does the option "enable IP/MAC Binding and DHCP Enforcement" means? Answer: After enabling this option, the following types of hosts will be blocked Host with Static IP but MAC address is not in the static DHCP table Host with DHCP IP but not get the IP address from this firewall
What's the difference between the admin account and limited-admin user account?
Question: What is the difference between the privileges of admin and limited-admin? Answer: Admin: Change the configuration (Console, Telnet, SSH, WWW, FTP) Limited-Admin: Only look at the configuration and able to run the diagnostic features. (Console, Telnet, SSH, WWW)
What can I do when I get locked out due to activating "Authenticate Client Certificates"?
Question: Some users may encounter a problem that after enabling Authenticate Client Certificates, the web GUI login page is not available. What can we do when we're in this scenario? Answer: We can use CLI command to disable it. Router# configure terminal Router(config)# no ip http secure-server auth-client For how to use…
How to clear ARP table, or remove a specific ARP entry?
Question: How to clear the ARP-Table or remove a specific ARP entry? Answer: You can use CLI command to clear the ARP table Router# Router# configure terminal Router(config)# arp-table flush For a specific ARP entry Router(config)# show arp-table Address HWtype HWaddress Flags Mask Iface 192.168.1.33 ether…
How to unlock the user who has been locked out due to multiple login failures?
Question: When there is a user gets locked out because he attempt to log in and failed multiple times? Answer: The user is blocked by User IP Lockout Settings, which means the IP address of the user would be blocked if fails 6 times The admin account can unlock the user's IP address by CLI command. First, check the IP…
Why is there a “Session Limit Maximum sessions per host (1000) exceeded” message in the Monitor Log?
Background and Scenario: We have noticed that some users reported seeing multiple instances of "Session Limit Maximum sessions per host (1000) exceeded" in the Monitor Log. Answer: The log message means the host has reached our default session limit of 1000. To avoid this, please increase the session limit number or set it…
If the SYS LED keeps flashing, what steps can you take to address the issue?
Background and Scenario: When you see the SYS LED keeps flashing, what steps can you take to address the issue? Answer: If you still can access the device: (1). Please back up your current running startup-config file. (2). Please collect the diag-info log for us for further investigation. You could collect the diag-info…
How to set up self-signed cert to access web GUI from WAN interface without "Not Secure" warning?
Question: When users access the web GUI from the internet, the HTTPS not secure warning always shows up. How to avoid it? Answer: Navigate to Configuration > Object > Certificate > My Certificates, and click +Add to generate a self-signed certificate. Input the WAN IP address to Host IP Address Enable Server Authentication…
How to unlock blocked account/IP in FLEX/ATP?
Question If users enter wrong username/password too many times and get locked, how to unlock the account? Answer Go to Console> Type Router(config)# show lockout-users> Type "unlock lockout-users XX.XX.XX.XX"
Do I need to upload certificate again when I boot up from standby partition?
Question Do I need to upload certificate again, when I boot up from standby partition? Answer No, the certificate files are in the shared partition. There is no need to upload certificates file again.
What does it mean by console log “kernel: Port x receive error code 10, packet dropped”?
Question When I set debug kernel console level to 8, I can see many log “kernel: Port x receive error code 10, packet dropped”, what does it mean? Answer The error debug code is normal behavior, it shows that when device receive Ethernet packets with incorrect length. It mostly happens when some network equipment doing…
Why am I unable to access device web GUI after applying customer’s configure file
Question After applying configuring file, I am unable to access device web GUI from wan side. Anything I can check on startup configure file? Answer Please check the following items in configure file 1) Web GUI port. Make sure the web GUI access port is correct ip http port 888 ip http secure-port 4433 2) Admin service…
How can I check the unit temperature on USG FLEX 50/100/200?
Question: Is there any way to check the temperature of the unit with web GUI or CLI? Answer: Yes, we can check the unit temperature by CLI For example: Router# debug hardware Router(debug hardware)# Router(debug hardware)# fan-get Sensor[0]:56 degree Sensor[1]:35 degree Sensor[2]:40 degree FAN[0]:5781 RPM FAN[1]:5750 RPM…
What can I do when the warning message "Connect to myZYXEL.com server has failed" pops out?
If you encounter a warning message "Connect to myZYXEL.com server has failed" when clicking on Service License Refresh, it could be a misconfiguration on DNS settings resulting in failure to resolve portal.myzyxel.com which is used for this service. You will see the related logs like below if the device cannot communicate…
How to set user idle timeout
Object -> User/Group -> Setting -> Miscellaneous Settings Enable user idle detection. Firewall will kick user if there are no traffic from user. The idle detection will monitor Login Users, so it will be affected if user from external AAA server.
How to download configuration file from Standby partition?
Question: When the device boots up, system will apply the configuration which named "startup-config.conf" on running partition. Each partition has its own configuration files. How to download the configuration from Standby partition? Answer: Go to System > FTP and ensure FTP service is enabled. Access the device by FTP.…
Why there are many configuration files on the Configuration File Which one is the important?
Background and Scenario: If pasting long time and you will notice that there are many config files exist on the firewall but which one is important? Answer: The device would automatically back up the running-config file whenever firmware updating or if detecting the config be modified to avoid there is any accident…
How to check the CPU temperature and make sure the device is operating at a proper temperature?
Background and Scenario: To avoid potential overheating issues with your device and prevent unexpected problems such as freezing or sudden reboots, ensure that it is operating at the proper temperature. Answer: If you are using medium or larger models, such as the USG Flex 500, ATP800, or others, you could use the CLI…
Why am I unable to upgrade firmware by cloud?
Question Why am I unable to upgrade firmware by cloud? Answer If device firmware is weekly firmware or date code firmware, Cloud helper will restrict user download/upgrade FCS firmware from Cloud, because it need user confirm the release note and make sure the issue is fix on FCS, to avoid customer upgrade it, then the…

Welcome!

It looks like you're new here. Sign in or register to get started.