Other Topics - Zyxel Community

Why is the firewall unable to mount USB storage?
Question Why is the firewall unable to mount USB storage? Answer Please check the USB storage file system to ensure it is formatted as either FAT16, FAT32, EXT2, or EXT3. The firewall may not recognize other file systems, such as NTFS.
How to check IPv6 DHCP client DUID in firewall?
Question: If we want to assign a static IPv6 address to a client, we need to know the DUID in the lease object settings. How do we obtain the DUID from the firewall? Answer: You can view the DUID by using the CLI command: Router# show ipv6 dhcp6 binding. In the image below, the DUID is displayed as:…
How to avoid web cache affecting functional testing
Scenario: You added web content filter to limited client access. However, you may find client still can access web which you blocked. Workaround: There are exist web cache (cookie, keep-alive). so we will recommend : 1)Using incognito mode. 2)Using curl command. For example: curl https://www.zyxel.com 3)Tryting to send…
How to import the certificate for local GUI used
To prevent certificate warning message, You have to sign a public certificate then apply to Firewall. With the following command, combine the private key and certificate to pkcs12 format. openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem Then import to Firewall. Configuration > Objects > Certificates > My…
What do 3 temperature sensors stand for?
Question: When using the follwowing commands to show the device's temperature, there are Sensor[0], Sensor[1] and Sensor[2]. What do 3 temperature sensors stand for? Router> debug hardware Router(debug hardware)# fan-get Answer: The 3 temperature sensors are CPU, HW monitor, switch. Sensor[0]: CPU Sensor[1]: HW monitor…
How to search our FAQ by Google Engine
You're used to search Technical/License documents by google engine. This article will teach you how to quickly use the google engine to find our FAQs. For example: 1)Find keyword:VPN in site: community.zyxel.com , and we also recommend that seach time for 2022~2023 year to avoid expired inforamtion 2)You will have the…
What should we check if the synchronization of the standby device fails?
Question: What should we check if the synchronization of the standby device fails? Answer: We can access standby device terminal, and by typing CLI Router# show device-ha2 trace-log, With the result, we can determine in which phase the standby device's synchronization failed."
What debug information should I collect when CPU usage is high?
Question: What debug information should I collect when CPU usage is high? Answer: Use the commands to collect the detailed information of CPU usage. Router> debug system show cpu all Router> show cpu average Router> debug system ps Router> debug system top iterations 3 Connect the console cable between the device and a…
How to perform HA synchronization manually by CLI?
Question: How can I manually perform HA synchronization by CLI? Answer: We can run the CLI Router# device-ha2 sync_to_passive in active device, or run the CLI Router# device-ha2 sync_from_active in standby device to perform HA synchronization manually.
Verify UserAgent and URL when connected to WebGUI
We have new mechanics in 5.37 that verify UserAgent/URL when client connected to Firewall WebGUI, If not in the list will be forbidden To show current config: Router(config)# show ip http web-auth To modify config: Router(config)# ip http web-auth Router(ip-http-web-auth-options)# pattern-uri <pattern>…
Captive Portal does not work on iOS device
Symptom iOS device will not redirect URL to authentication page due to some reason Workaround: 1)Browse http://captive.apple.com manually, It will redirect to authentication page.
How to remove the use of RC4 and DES ciphers?
Question: How to remove the use of RC4 and DES ciphers? Answer: Use the following commands to remove RC4 and DES Router# Router# configure terminal Router(config)# show ip http server secure status active : yes port: 443 certificate: default force redirect: yes authentication client: no strong cipher suite: yes customized…
Is there any way to remove saved IP from SecuExtender History?
Question Every time when we connect to a new device via SecuExtender. It will save IP to server list. The server IP list becomes longer. Is there any way to remove saved IP from SecuExtender History? Answer Yes, the IP information is save to an xml file which is located at windows user's folder, just edit this file to…
If you are experiencing issues with AD authentication
Issue: If you have authentication issue with AD after enabled MSChapv2. Checking: 1)Please capture packets when client tried to authenticate. You will find AD reject Samba request. Root cause: 1)Due to Legacy USG only supporting SMBV1, if your AD server has disabled SMBv1 for security concern, it will result in a failure.
What licenses will be consumed if you have Bundle license and Gold Security Pack at the same time
Scenario 1 Activating the Gold Security Pack to a USG FLEX default bundled with 1YR UTM Pack in the on-premise mode For on-prem users, the new Gold Security Pack will start to consume when the current UTM Pack expires. Scenario 2 Activating the Gold Security Pack to a USG FLEX default bundled with 1YR UTM Pack in the…
Why the build-in AP model cannot modify its country code?
Background and Scenario: Why can a firewall with AP controller feature modify the country code (such as ATP800), but the built-in AP model (such as ATP100W) cannot modify the country code? As below: ATP800’s radio profile: there is a Country Code option. ATP100W’s radio profile: there is no Country Code option. Answer:…
Why the AP firmware version would be shown on the firewall?
Background and Scenario: Why when you check the log of the firewall and would see AP firmware related messages such as "AP firmware check successful. Available firmware: V6.50 Patch 1." Answer: Because Zyxel firewall supports AP controller feature, this message indicates that there is available firmware, V6.50 Patch 1,…
What is the difference between “Monitor interface” and “Enable Failover When Interface Failure”in HA
Question What is the difference between “Monitor interface” and “Enable Failover When Interface Failure” Answer Monitor Interface is for layer 1 physical link monitor, it is trigger by physical link up/down. Enable Failover When Interface Failure” works on layer 3, when you enable this, you also need to enable…
Why it does not work when we enable "Enable Highest Bandwidth Priority for SIP Traffic"
Question I had tick “Enable BWM” and “Enable Highest Bandwidth Priority for SIP Traffic” on “Configuration > BWM” Why it does not work when we enable "Enable Highest Bandwidth Priority for SIP Traffic" Answer It must enable SIP ALG on “Configuration > Network > ALG” when applying sip traffic QOS.
Why we are unable to access specific web site when hosts are behind FLEX/ATP?
Question Why some specific web sites are unable to access when hosts are behind FLEX/ATP, but those sites/URL can be access when bypass FLEX/ATP? Answer If web site has TTL expire issue, it leads to session drop by device. Please disable destroy session on this device and try it again. Router(config)# firewall icsa…

Welcome!

It looks like you're new here. Sign in or register to get started.