Other Topics - Zyxel Community

If you are experiencing issues with AD authentication
Issue: If you have authentication issue with AD after enabled MSChapv2. Checking: 1)Please capture packets when client tried to authenticate. You will find AD reject Samba request. Root cause: 1)Due to Legacy USG only supporting SMBV1, if your AD server has disabled SMBv1 for security concern, it will result in a failure.
What licenses will be consumed if you have Bundle license and Gold Security Pack at the same time
Scenario 1 Activating the Gold Security Pack to a USG FLEX default bundled with 1YR UTM Pack in the on-premise mode For on-prem users, the new Gold Security Pack will start to consume when the current UTM Pack expires. Scenario 2 Activating the Gold Security Pack to a USG FLEX default bundled with 1YR UTM Pack in the…
Why the build-in AP model cannot modify its country code?
Background and Scenario: Why can a firewall with AP controller feature modify the country code (such as ATP800), but the built-in AP model (such as ATP100W) cannot modify the country code? As below: ATP800’s radio profile: there is a Country Code option. ATP100W’s radio profile: there is no Country Code option. Answer:…
Why the AP firmware version would be shown on the firewall?
Background and Scenario: Why when you check the log of the firewall and would see AP firmware related messages such as "AP firmware check successful. Available firmware: V6.50 Patch 1." Answer: Because Zyxel firewall supports AP controller feature, this message indicates that there is available firmware, V6.50 Patch 1,…
What is the difference between “Monitor interface” and “Enable Failover When Interface Failure”in HA
Question What is the difference between “Monitor interface” and “Enable Failover When Interface Failure” Answer Monitor Interface is for layer 1 physical link monitor, it is trigger by physical link up/down. Enable Failover When Interface Failure” works on layer 3, when you enable this, you also need to enable…
Why it does not work when we enable "Enable Highest Bandwidth Priority for SIP Traffic"
Question I had tick “Enable BWM” and “Enable Highest Bandwidth Priority for SIP Traffic” on “Configuration > BWM” Why it does not work when we enable "Enable Highest Bandwidth Priority for SIP Traffic" Answer It must enable SIP ALG on “Configuration > Network > ALG” when applying sip traffic QOS.
Why we are unable to access specific web site when hosts are behind FLEX/ATP?
Question Why some specific web sites are unable to access when hosts are behind FLEX/ATP, but those sites/URL can be access when bypass FLEX/ATP? Answer If web site has TTL expire issue, it leads to session drop by device. Please disable destroy session on this device and try it again. Router(config)# firewall icsa…
Why does my IPTV streaming sometimes have lag/latency when it is behind ATP?
Problem Description I would like place TV box behind ATP for Internet protection. However, the video streaming has latency when the TV box is behind ATP. As confirmed, gateway is not in high CPU usage, IGMP works, and Internet bandwidth is still available. Everything looks good without issue. Why does my IPTV streaming…
Why does SecuReporter not show any source MAC address in Traffic?
Check if device insight is enabled on the device. Once Device Insight is enabled, gateway starts to collect client device’s information, and query the fingerprint database to deeply identify. On the device, go to CONFIGURATION > Object > Device Insight to check if "Enable" is checked and a profile is configured.
If you think the content filter is not working as expected
Symptom: If you think the content filter has not worked the webpage as expected. Checking: 1) Please block QUIC Ports. QUIC uses UDP port 80 and port 443. The complete TLS client Hello, including any TLS Server Name Indication (SNI) present, is sent in one or more CRYPTO frames across one or more QUIC Initial packets. 2)…
When the site to site VPN traffic cannot reach Peer’s LAN
Symptom: 192.168.8.0/24 can’t access 192.168.9.0/24 Checking: 1)The policy of Any to ZyWALL have allowed ESP service and also allow AH if you it. Please ensure there are no deny rules above it. 2)VPN -> IPSec VPN -> VPN Connection , please check you have set zone. If you have customize zone, please remember to add…
Why can't resolve a specific domain after manually add A record
Symptom: After added A record for “xxx.com”, a specific domain cannot be resolved. For example: You have record test.zyxel.com Then you cannot resolve IP address if the record exist. Root Cause: If a record is added, it will create a zone called “zyxel.com”. If the CNAME match the zone, this issue will occur. Workaround:…
How to register and unregister USG FLEX series on Nebula Control Center (NCC)?
The USG FLEX series are Zyxel’s powerful firewall products that have the precise protection, delivering high level of performance and security for SMB business networks. With the recent integration of USG FLEX firewall series into the NCC, Nebula cloud-managed platform is now further enhanced with zero-trust security…
Device HA Setup
Device HA Setup
What is Anti Spam?
E-mail is an indispensible form of communication that has made its way into every aspect of our modern lives. However, statistics show that more than 70 percent of all e-mail is spam, and more than 90 percent of spam carries some form of malware. To defend against spam, malware, and phishing attacks, it is essential to…
ZLD Series - Anti-Spam Troubleshooting
ZLD Series - Anti-Spam
What is Anti-Virus
ZyXEL Anti-Virus security subscription is a gateway-level antivirus utility targeting known malware including viruses, Trojans, worms, spyware and rogueware, ZyXEL Anti-Virus scans traffic on major protocols including HTTP, HTTPS, FTP, SMTP, and POP3. Gateway-level antivirus protection is first-line essential security for…
Anti-Virus Troubleshooting

Welcome!

It looks like you're new here. Sign in or register to get started.