Networking - Zyxel Community

Why one of firewall client encounters slow Internet speed? The firewall livetool traffic seems good.
In this scenario, the firewall live tool traffic shows good throughput, event log shows normal, your network doesn't have any broadcast or multicast storm. We can have some check like: Check the client's public IP. This is to check which WAN interface is the client accessing the Internet. If the result is one of your…
[ATP/FLEX] How to configure and enable Cloud Monitor mode on device HA?
Prerequisites Reset two ATP/USG FLEX firewalls to factory default settings before deploying device HA. Deploy two ATP/USG FLEX firewalls with device HA. Two devices must be the same model. The running firmware partition must the same position on two devices. For example, The running partition of the Active device is…
Why the host can not get an IP from DHCP?
Question: Why the host can not get an IP from DHCP? Answer: you can check the dhcpd process is running. Login to firewall via SSH > debug system ps | match "dhcp" Capture packet and check if the firewall reply to the DHCP request.
Can I modify implicit allow rules?
Question: Can I modify implicit allow rules? Anwer: No, you cannot directly modify or disable implicit allow rules in Security policy. However, you can create new deny rules with higher priority to block traffic as needed. The firewall evaluates traffic based on the order of the rules: custom policies are checked first,…
How to properly use Layer2 Isolation on USG ATP/FlEX
Question How can I effectively use Layer2 Isolation on the USG ATP/FLEX to ensure some clients communicate while others remain isolated? Answer: Layer2 Isolation on the USG ATP/FLEX is designed to allow or block communication between clients on the same subnet. If you think it's not working as expected * Try flushing the…
How can I find the mac address of nebula firewall?
Question: How can I find the mac address of nebula firewall? Answer: Please log in SSH and perform following command: Router# debug system ip addr
How to configure two LAN IPs on a Nebula firewall?
Question: How to configure two LAN IPs on a Nebula firewall? Answer: We are unable to configure the secondary IP on Nebula Firewall
How to check Policy Route on Nebula Firewall
Question: How to check policy route on Nebula Firewall? Answer: Log in Firewall by SSH and perform "debug sdwan show bpolicy running-config" The policy route will be present as following format
How to check static route on Nebula Firewall
Question: How to check routing on Nebula Firewall? Answer: Log in Firewall by SSH and perform "debug sdwan show route running-config " The static route will be present as following format
How to Create a Guest Network on Nebula firewall?
Question: How do I create a guest network on Nebula? Answer: To create a guest network on Nebula: Navigate to Site-wide > Configure > Firewall > Interface. Enable the Guest option. Once the guest network is enabled, clients connected to this interface will only have Internet access and will be restricted from accessing…
[ATP/FLEX] When WAN1 comes back online, why does the traffic continue to stay on WAN2?
Question: I have configured Weight Round Robin setting from Nebula firewall and also setup WAN2 interface as Backup interface. But why the traffic still keep on WAN2 interface even the WAN1 interface has fallback completely? Answer: The firewall will keep the old session on WAN2 interface until it has transmitted…
How to Configure NAT 1:1 Firewall on Nebula?
Question: How can I configure a NAT 1:1 firewall on Nebula? Answer: Go to Site-Wide > Configure > Firewall > NAT, and click Add to create a 1:1 NAT rule. Public IP: Wan interface IP LAN IP: The IP address of the LAN host Uplink : Wan1 or Wan2 Note: The public IP address used for NAT cannot be the same as the WAN interface…
How to Route Traffic from One LAN to the Internet via a Specific WAN?
Question: How can I route traffic from one LAN to the internet via a specific WAN? Answer: Navigate to Site-Wide > Configure > Firewall > Routing. Click Add to create a policy route. Source: Internal subnet or interface Destination: Any Type: Internet Traffic Next-Hop: External WAN interface
[ATP/FLEX] Why is Guest network on lan2 interface grayed out?
Question: I would like to turn on Guest network on lan2 interface but it is grayed out. How to turn it on? Answer: This is because this interface is using VPN in the site-to-site VPN. If you need to turn on Guest on the interface, disable VPN usage on this interface and you can turn on Guest on the interface.
[ATP/FLEX] How to configure IPv6 on Nebula firewall?
Question: How to configure IPv6 on wan and lan interfaces on Nebula firewall? Answer: Currently, Nebula firewall does not support IPv6. You can configure IPv6 on the firewall's web GUI and use Cloud Monitoring Mode to manage the device in Nebula.
How do I check the connectivity check failure log on the Nebula firewall?
uestion : Once the user configures the connectivity check the settings, as shown below: How to check the connectivity check failure log on the Nebula firewall? Answer : The user can navigate to Side-wide > Monitor > Firewall > Event log and select the Category to 'System' to search the historical log. For instance, if the…
[ATP/FLEX]Why NAT loopback does not work on USG FLEX/ATP Series?
Question: A user can access an internal website with Internal IP but not on WAN IP. How can this issue be resolved? Answer: It might be NAT loopback does not work as expected. Please ensure the Virutal server WAN address in setting page is bound to the public IP instead of Any. If you use "ANY", the Firewall will not…
Why am I unable to add a NAT rule with a specific port range?
Why am I unable to add a NAT rule with a specific port range? Question: Why can't I add a NAT rule for the port range 51000-52000 on my firewall? Answer: The issue arises because of overlapping port ranges in your existing NAT rules. Specifically, RuleX is already using the port range 49152-65535, which overlaps with the…
How to configure remote access to a PC via Nebula?
Question: I am trying to configure remote access to a PC via Nebula. How to configure on Nebula firewall? Answer: You can follow the guides in these FAQs to configure a NAT rule with RDP port 3389 on Nebula firewall. [ATP/FLEX] How to configure a NAT Rule (Virtual Server) on Nebula? [ATP/FLEX] How to configure a NAT rule…
How do I configure vlan to vlan communication on firewall?
Question: How do I configure vlan to vlan communication on firewall? Answer: Once vlan interfaces are created, they can communicate with each other because of the default implicit allow rule. You can add extra security policy rule (Deny, Source and Destination) to block traffic between vlan interfaces. If you just allow…

Welcome!

It looks like you're new here. Sign in or register to get started.