-
What is the scheduled reboot behavior in device HA mode?
Question: What is the scheduled reboot behavior in device HA mode? Answer: When we configure scheduled reboots in device HA mode, the standby device will reboot first. Once the standby device has rebooted successfully, the original active device will proceed to reboot.
-
How to check if DoH(DNS over https) is enable on Windows?
Question: How do we check if the DoH is enable on Windows? Answer: To check if DNS over HTTPS (DoH) is enabled on Windows, you can follow these steps: Open Command Prompt by searching for "cmd" in the Windows search bar and selecting the Command Prompt app. In the Command Prompt window, type the CLI netsh dns show global,…
-
Unable to import PFX file with intermediate certificates
Symptom: Unable to import PFX file with intermediate certificates Workaround: The import of PFX files containing intermediate certificates is not supported. Please import them separately.
-
What does the common error code mean when activating SecuExtender IPSec VPN client?
Error 000: This may happen if you didn't activate SecuExtedner with administrator rights. Please activate the software again with the administrator rights of the Windows OS. Error 031: It means the license number is incorrect, please confirm the license key number again. Error 033: It means the license may have already…
-
How to activate Trace mode on the SecuExtender IPSec VPN client?
What is Trace mode? Trace mode allows the VPN application to save logs and debug information to your PC. It gives us more information in Trace mode, it helps us to debug and solve your problem more efficiently. How to activate the Trace mode? Run the SecuExtender. Open the connection panel and press Ctrl+Alt+T How to find…
-
Reserved Usernames in USG/ATP Series
In the USG FLEX/ATP series, certain usernames are reserved for system use and cannot be selected by users. These reserved usernames are integral to the system's operation and are pre-defined for specific functionalities. The following is a list of these reserved usernames: It's important to avoid these reserved names when…
-
Is it possible to specify the maximum number of simultaneous login actions for non-Hotspot models?
Question: Is it possible to specify the maximum number of simultaneous login actions for non-Hotspot models? Answer: The default action is to block access when the maximum number of logins per account is reached. However, in Non-Hotspot models, you can change this behavior to 'Remove previous users and allow the new login'…
-
Why is the firewall unable to mount USB storage?
Question Why is the firewall unable to mount USB storage? Answer Please check the USB storage file system to ensure it is formatted as either FAT16, FAT32, EXT2, or EXT3. The firewall may not recognize other file systems, such as NTFS.
-
How to check IPv6 DHCP client DUID in firewall?
Question: If we want to assign a static IPv6 address to a client, we need to know the DUID in the lease object settings. How do we obtain the DUID from the firewall? Answer: You can view the DUID by using the CLI command: Router# show ipv6 dhcp6 binding. In the image below, the DUID is displayed as:…
-
How to avoid web cache affecting functional testing
Scenario: You added web content filter to limited client access. However, you may find client still can access web which you blocked. Workaround: There are exist web cache (cookie, keep-alive). so we will recommend : 1)Using incognito mode. 2)Using curl command. For example: curl https://www.zyxel.com 3)Tryting to send…
-
How to import the certificate for local GUI used
To prevent certificate warning message, You have to sign a public certificate then apply to Firewall. With the following command, combine the private key and certificate to pkcs12 format. openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem Then import to Firewall. Configuration > Objects > Certificates > My…
-
What do 3 temperature sensors stand for?
Question: When using the follwowing commands to show the device's temperature, there are Sensor[0], Sensor[1] and Sensor[2]. What do 3 temperature sensors stand for? Router> debug hardware Router(debug hardware)# fan-get Answer: The 3 temperature sensors are CPU, HW monitor, switch. Sensor[0]: CPU Sensor[1]: HW monitor…
-
How to search our FAQ by Google Engine
You're used to search Technical/License documents by google engine. This article will teach you how to quickly use the google engine to find our FAQs. For example: 1)Find keyword:VPN in site: community.zyxel.com , and we also recommend that seach time for 2022~2023 year to avoid expired inforamtion 2)You will have the…
-
What should we check if the synchronization of the standby device fails?
Question: What should we check if the synchronization of the standby device fails? Answer: We can access standby device terminal, and by typing CLI Router# show device-ha2 trace-log, With the result, we can determine in which phase the standby device's synchronization failed."
-
What debug information should I collect when CPU usage is high?
Question: What debug information should I collect when CPU usage is high? Answer: Use the commands to collect the detailed information of CPU usage. Router> debug system show cpu all Router> show cpu average Router> debug system ps Router> debug system top iterations 3 Connect the console cable between the device and a…
-
How to perform HA synchronization manually by CLI?
Question: How can I manually perform HA synchronization by CLI? Answer: We can run the CLI Router# device-ha2 sync_to_passive in active device, or run the CLI Router# device-ha2 sync_from_active in standby device to perform HA synchronization manually.
-
Verify UserAgent and URL when connected to WebGUI
We have new mechanics in 5.37 that verify UserAgent/URL when client connected to Firewall WebGUI, If not in the list will be forbidden To show current config: Router(config)# show ip http web-auth To modify config: Router(config)# ip http web-auth Router(ip-http-web-auth-options)# pattern-uri <pattern>…
-
Captive Portal does not work on iOS device
Symptom iOS device will not redirect URL to authentication page due to some reason Workaround: 1)Browse http://captive.apple.com manually, It will redirect to authentication page.
-
How to remove the use of RC4 and DES ciphers?
Question: How to remove the use of RC4 and DES ciphers? Answer: Use the following commands to remove RC4 and DES Router# Router# configure terminal Router(config)# show ip http server secure status active : yes port: 443 certificate: default force redirect: yes authentication client: no strong cipher suite: yes customized…
-
Is there any way to remove saved IP from SecuExtender History?
Question Every time when we connect to a new device via SecuExtender. It will save IP to server list. The server IP list becomes longer. Is there any way to remove saved IP from SecuExtender History? Answer Yes, the IP information is save to an xml file which is located at windows user's folder, just edit this file to…