Networking - Zyxel Community

Why I cannot access specific websites?
Scenario: There are certain websites that I cannot access, but other websites are available. Answer: It could be ICMP TTL expired. By default, ICSA is enabled which means the connection will terminate when ICMP is unreachable or ICMP TTL expires. So if there are too many hops, it may cause TTL to expire. How to solve:…
How to change Firewall MTU
1)Network → Interface Ethernet, and click interface you want to change 2)Show Advance settings, You can change MTU value in Interface Parameters.
How to find IP address which FQDN object resolve to
Scenairo: You are unable to access certain websites but you have excluded possibility of them being blocked by UTM. If you are using FQDN objects, Please check if the blocked FQDN happens to resolve to the IP address of the website. Especially if it's a CDN service, this scenario is quite likely to occur. Workaround: Using…
What is the ARP table refresh time in USG Flex / ATP models?
Scenario : Users utilize the ARP table to monitor MAC and IP corresponding information. IP addresses may change or be released from time to time in users' network environment, and users may want to know the ARP table refresh time in USG Flex / ATP models. Answer : Users can use the CLI command "show arp-table" to monitor…
What's IGMP Proxy
Scenario: Your IGMP sender/receiver located on different subnets. To communate each other, you have to allow IGMP routing Concept: IGMP routing, or more accurately, multicast routing, is necessary to efficiently manage multicast traffic across multiple network segments or VLANs. Internet Group Management Protocol (IGMP)…
All the options in the WAN interface configuration
Interface Type: External is for connecting to an external network (like the Internet). The Zyxel Device automatically adds this interface to the default WAN trunk. Zone: Select the zone to which this interface is to belong. You use zones to apply security settings such as security policy, IDP, remote management,…
How to prioritize the policy route?
Scenario: In a scenario where you want to prioritize a policy route over a direct route, how can this be implemented? For instance, if a user wishes to prioritize a policy route to enable LAN2 employees to access the Employee_ERP_Server via the WAN interface, the configuration is as shown below: The priority of the Policy…
How to check if an AP is able to be managed by ATP/USG FLEX?
Question: I'd like to use ATP/USG FLEX as a wireless AP Controller. How to check if an AP is able to be managed by ATP/USG FLEX? Answer: Check the list of Supported Managed AP. 2. Check the operating mode of the AP. In this example, NWA210AX supports the following operating modes only. It cannot be managed by ATP100 in…
Why is the throughput performance of LAN to LAN is better than VLAN to LAN?
Scenario : The user may find that the lan1 and vlan interfaces belong to the same LAN group; however, the throughput performance from LAN to LAN is better than from VLAN to LAN, as exemplified in the following examples: lan1 to lan1 and vlan100 to lan1. lan1 VLAN100 Answer : The traffic from LAN to LAN will be directly…
Why wan1 must be enabled when using wan1_ppp?
Question: Why wan1 must be enabled when using wan1_ppp? Ans: Ethernet WAN interface is the base interface of wan_ppp, so ethernet wan must be enabled. This concept also works with the VLAN interface, the base interface LAN should be enabled when using VLAN.
How to use CLIs to filter ICMP protocol from loging entries?
Scenario: The user usually relies on Monitor > Log to check the historical log messages to troubleshoot the network issue. Except for the Monitor > Log, the user also can use CLI "show logging entries" to dump recent historical logs. This article will guide you on how to filter ICMP protocol from this CLI. Answer : The…
How to use a dedicated WAN interface to access a specific IP address by Policy Route?
Scenario : If a user has dual WAN settings with TRUNK, when the LAN client tries to access a specific IP address but fails due to not trusting one of the WAN IP addresses from the firewall, how can this be resolved? For example, the ATP500 has dual WAN (ge2 IP 10.214.48.42 for WAN1 and ge3 IP 10.214.48.52 for WAN2), and…
Why ping 8.8.8.8 continuously successfully but there is only one log can be observed?
Scenario : Why does pinging 8.8.8.8 continuously succeed, but only one log entry can be observed, and not all ping session entries are shown? Answer : The security policy log is generated on a session-based basis. This means that a log is generated once a session is detected by the security policy. Only when the session…
Why the security policy cannot block the same LAN subnet client?
Scenario : The user may encounter a situation when creating a security policy to block the same LAN subnet (or LAN interface groups such as ge4 and ge5 that belong to the same LAN group) for clients, but it's not working. Answer : This is by design. For example, if the user designates ge4 and ge5 as part of the same LAN…
Captive portal not work as expected if you have reCAPTCHA
Scenario: You add reCAPTCHA element for your external captive portal. Issue: The portal not work expected. Reason: Since reCAPTCHA need to load by external site, so the request will be blocked before pass the authentication. Workaround: Please find the external site which reCAPTCHA used and add to WallGarden.
Why I can't receive DNS responses from Firewall?
Question I have created an address record on firewall such as "host.domain.com, IP address=x.x.x.x". However, I can't receive any response from Firewall when I query yahoo.com. Answer This is a design limitation on current ZLD design. For example, host is a part of the hostname, and domain.com is a part of the domain name.…
Why I cannot remove the default interface?
Question: Why I cannot remove the default interface? Answer: For on-premises mode devices, only the model above 500 can remove the default interface, such as USGFLEX 500/700, ATP 500/700/800. Please note that you must remove the reference settings to the default interface first. For the Nebula mode firewall, all the models…
How to monitor and configure the DHCP clients of the USG FLEX/ATP?
Question: How to monitor and configure the DHCP clients of the USG FLEX/ATP? Go to Monitor > Network Status > DHCP table Select the interface you would like to configure, and click Search Tick the DHCP client you would like to operate, and click the operation you want. Release: It allows you to remove a DHCP device from…
Why cannot get an IP address when there are many users?
Question: Why I cannot get an IP address successfully even though I perform IP renewal multiple times? Answer: It could be DHCP process time out due to so many ARP checks being performed. To get an IP address, the client will send ARP check to ensure if the IP address has already been used. So when more DHCP clients…
Why Device Insight does not show any entries on USGFLEX?
Question: Why Device Insight does not show any entries? Answer: It could be Fast Forwarding is enabled. It stops the service of Device Insight. Enabling Fast Forwarding is to improve the NAT/Routing/firewall performance, but the sessions will bypass scan & control for some features, Device Insight included. Please disable…

Welcome!

It looks like you're new here. Sign in or register to get started.