-
Why can't the SFP LAN interface assign a DHCP IP normally?
Question: The user may face an issue where the SFP interface is set as an internal LAN zone port, but it fails to assign a DHCP IP to the host client. What could be the possible reason, and how can this problem be resolved? Answer: The possible reason why the SFP interface fails to assign a DHCP IP to the host client is…
-
A Complete Configuration Guide to IP/MAC Binding
Introduction IP/MAC binding is a powerful tool in network security, allowing only authorised devices to access the network. This feature, configurable through a firewall, provides network administrators with better control and visibility over connected devices, helping to safeguard the network from unauthorised access.…
-
Is it possible to configure and advertise a default route through OSPF?
Question: Is it possible to configure and advertise default route through OSPF (not only static routes)? Answer: "Advertise default route through OSPF" is not supported on ATP/USG FLEX series.
-
How can I configure DHCP option 242 on my firewall?
I have IP phones requires to get SIP information from remote HTTP server, so it requires to get HTTP server information by DHCP option 242. How can I setup it in DHCP Extended Options? (1) Navigate to the DHCP server configuration section. (2) Create an extended option with the following details: - Code: 242 - Type: TEXT -…
-
How to use the Geo-IP feature?
Background In today's increasingly interconnected world, ensuring network security is paramount. One effective method is to block internet traffic from specific geographic locations known for high levels of malicious activity. Zyxel’s Geo-IP feature, introduced from firmware version 4.20, allows administrators to restrict…
-
What's TCP Flag detect ?
By default, ZyWALL will check the following invalid TCP Flags and drop the packets: -FIN,SYN,RST,PSH,ACK,URG are set at the same time -FIN,SYN are set at the same time -SYN,RST are set at the same time -FIN,RST are set at the same time -ONLY FIN is set. -ONLY PSH is set -ONLY URG is set
-
Why can't my device on vlan interface with its own zone ping gateway IP?
Question: I create a vlan interface with base port lan2 and assign it to a customized zone as follows. Why can't my device on this vlan interface ping gateway IP? Answer: If you have configured a device on VLAN interface with lan2 as the base port with its own zone but the device cannot ping or connect to gateway IPs, it…
-
Is it possible to restrict Remote Access VPN by single user
Question: Can I restrict access to a single user for a Remote Access VPN on Nebula? Answer: Currently, it is not possible to restrict access by single user. You can only implement security policies using External User Groups. This configuration cannot be applied to individual users directly. To implement this security…
-
How to check the vlan interface status via the CLI on ATP and USG Flex models?
Question : The user may need to use CLI commands to check vlan interface information for troubleshooting or maintenance purposes. This article will guide you on how to execute it. Answer : The user can use the CLI command "show interface all" to list the current firewall's interfaces first, as shown below: If the user…
-
How to check the firewall's DNS cache via the CLI?
Question: The user may wish to check the firewall's DNS cache via the CLI for troubleshooting purposes. This FAQ article will guide you on this. Answer : Please issue the CLI command "show ip dns server cache" to check it, as shown below:
-
How to Resolve HA Pro Sync Issue on ATP/USG FLEX?
Question: Why is the HA Pro synchronization failing on ATP/USG FLEX? Answer: Synchronization issues between active and passive devices in HA Pro setups can often be resolved by checking configuration settings. Please follow the steps below: * Make sure the passive device is reset to its default configuration. * Disable any…
-
Why can't I execute the FTP transmission successfully? How to avoid this?
Scenario : The customer may encounter a situation where they cannot execute the FTP transmission successfully. What are the possible causes and how can they avoid it? Answer : The possible reason is caused by "ICMP Unreachable", as shown in below : The user can issue CLI commands to disable icmp-destroy-session to avoid…
-
Which model can I transfer the SecuReporter data to another model?
Scenario: I want to purchase a new firewall to replace my older firewall, which model can I get so that I can transfer the SecuReporter data to? Answer: 1.Same model, but not same series. For example, ATP100 can transfer to ATP100, but not ATP200 2.USG40(W) can be transfered to USGFLEX100(W), but reverse doesn't.…
-
Why I cannot access specific websites?
Scenario: There are certain websites that I cannot access, but other websites are available. Answer: It could be ICMP TTL expired. By default, ICSA is enabled which means the connection will terminate when ICMP is unreachable or ICMP TTL expires. So if there are too many hops, it may cause TTL to expire. How to solve:…
-
How to change Firewall MTU
1)Network → Interface Ethernet, and click interface you want to change 2)Show Advance settings, You can change MTU value in Interface Parameters.
-
How to find IP address which FQDN object resolve to
Scenairo: You are unable to access certain websites but you have excluded possibility of them being blocked by UTM. If you are using FQDN objects, Please check if the blocked FQDN happens to resolve to the IP address of the website. Especially if it's a CDN service, this scenario is quite likely to occur. Workaround: Using…
-
What is the ARP table refresh time in USG Flex / ATP models?
Scenario : Users utilize the ARP table to monitor MAC and IP corresponding information. IP addresses may change or be released from time to time in users' network environment, and users may want to know the ARP table refresh time in USG Flex / ATP models. Answer : Users can use the CLI command "show arp-table" to monitor…
-
What's IGMP Proxy
Scenario: Your IGMP sender/receiver located on different subnets. To communate each other, you have to allow IGMP routing Concept: IGMP routing, or more accurately, multicast routing, is necessary to efficiently manage multicast traffic across multiple network segments or VLANs. Internet Group Management Protocol (IGMP)…
-
All the options in the WAN interface configuration
Interface Type: External is for connecting to an external network (like the Internet). The Zyxel Device automatically adds this interface to the default WAN trunk. Zone: Select the zone to which this interface is to belong. You use zones to apply security settings such as security policy, IDP, remote management,…
-
How to prioritize the policy route?
Scenario: In a scenario where you want to prioritize a policy route over a direct route, how can this be implemented? For instance, if a user wishes to prioritize a policy route to enable LAN2 employees to access the Employee_ERP_Server via the WAN interface, the configuration is as shown below: The priority of the Policy…