-
UDP Flood issue (Zywall USG 100)
Hello. Today internet works slow. I noticed, that CPU overload (98%) and the Active session list is full too. I visited log and saw a lot of ADP records: In the ADP profile I turned logging off and decreased the threshold from 1000 to 500: In the Firewall menu, I turned on Session limit for 300 second and 50 Sessions per…
-
Order of processing Question (USG flex 500)
Hi, From a course way back with the zywall 50 i thinking that Firewall happens first then the NAT.Ie if your port translating 444 to 443 you firewall 444 because firewall processes first then nat. Is this true and where does IDP come in ? reason i ask : I have a geo block on all Russian IP addresses, but when i look in IPS…
-
Client L2tp connect to Ipsec tunnel on flex200
Hi, local subnet 192.168.10.0/24 VPN1 site to site remote policy 192.168.192.0/24 Server001 192.168.192.3 VPN2 L2tp over IPsec subnet range 192.168.150.10-192.168.150.15 Local subnet connection with site to site and Server001 OK Client L2tp connection with remote local subnet OK Remote L2tp client connection with site to…
-
ATP let VoIP Pass truth?
Hi Maybe someone have a good idea why the VoIP from my ISP get blocked?! Security Policy Control Match default rule, DROP [count=5] XXX.XXX.XXX.XXX:5060 YYY.YYY.YYY.YYY:40259 ACCESS BLOCK x= IP from my ISP for VoIP (how it seem like) y= My Fix Wan IP via a PPoE "Dialup" to my ISP 5060 is the "default" Port for VoIP. So…
-
Negative effect from using "Geo IP" ?
Hi Another Question are someone here see and negative effect from using "Geo IP" to block all Traffic outside of your Region? I only allow Traffic from Europe where I life since I travel around and want use an VPN on my Phone to connect and allow other People to use my Server Data for there Project. Outgoing Traffic I…
-
ipv6 with ZyWALL 110
servas, i've been assigned a segment of 1234:1234:1234:18::/64 for my server in the datacenter. i tried to follow various howto's now but did not succeed up to now to get traffic OVER the zyxel (from WAN to LAN and vice versa). my configuration currently is: WAN2: Enable SLAAC (but disabling does not affect the stiation)…
-
Sandbox false positive .NET 6.0.11 Update
It seems, that the sandbox has a false positive on the windows update for the .net application. URL: au.download.windowsupdate.com/c/msdownload/update/software/crup/2022/10/windowsdesktop-runtime-6.0.11-win-x64_b9e3ab8e3048170d9e3eabf6761d423eb4c93c6d.exeHash value: 5cd9064d70607bd1cb8b6eb6405360f9Is there no way to…
-
VPN50 Firmware Upgrade
I've upgraded my Zyxel vpn to Firmware 5.01. Now any user cannot connect to SSL VPN. How can i do?
-
monitoring usg 60
Good day! We use USG 60, we want to put the network interfaces of the device on monitoring. We tried through Zabbix, but we did not find the required template.Tell me a template or how can I monitor device interfaces from a local network?Thanks
-
USG110 VPN LDAP Security Group Recursive not working
We have several USG110. (Firmware 4.33 (AAPH.0) Users can connect from outside via L2TP VPN. As authentication method we use an Active Directory (LDAP) query. Allowed users are all users in the Domain Security Group gRemoteAccess. This is working fine, as long as the users are directly in this Security Group. If this…
-
Delete USG20W-VPN unused SSID
Device installed during 2019 with 4.x firmware. Works nicely. Has 4 SSIDs configured. Item #1 maybe is born with the device. Was not interested, left it there. Item #2 and #3 were created by me on ZLD 4 firmware. Item #4 maybe arrived with later update.Button Add works, but tells me "too many SSIDs". Fine. No delete…
-
USG40 log entry: possible ARP spoofing
Hi, the following entry pops up in the firewall log periodically: Possible ARP spoofing attack on IP 192.168.1.140. Current hardware address is XXX where XXX is the correct MAC address for the IP. The IP used to belong to another device. Question: how can I get rid of the entry? It is only a minor nuisance, but still...…
-
Cannot upgrade firmware on my USG 20W
Hi I'm trying to upgrade from 3.30(BDR.5) but it always fails with the error code : 42008 "Firmware not compatible" I have tried with ZyWALL USG 20_3.30(BDQ.9)C0 from your download site - but also version BDQ.8 & BDQ.7 with same error Currently the USG 20W reboots every 20-30 minutes with a app watch dog error - and cpu…
-
ATP not respecting DNS request order
Hi, i have a ATP500 (V5.32(ABFU.0) / 2022-10-04 01:59:13) and I've been facing an issue that the ATP does not follow the correct DNS order inside its DNS section. I have a default trunk at ge2 and a PPPoE at ge3, both interfaces online. when I nslookup the ATP, it directs the request to the "DEFAULT" at ge3_ppp. Shouldn't…
-
ATP800 HA Cloud Configuration
Hi! I was wondering if it would be possible to configure the ATP800 in HA Pro mode trough Nebula (Cloud managed). We would rather manage the device through the cloud, but an HA configuration is necessary. Correct me if I'm wrong, but I can't seem to find any documentation. Thanks in advance!
-
USG FLEX 200.Access to Web interface troughth WAN2(P2)
Hello. I have USG Flex 200 with firmware V5.32(ABUI.0). WAN1(P2) - main provider. WAN2(P3) - reserved provider. I can't get access to Web interface when I try connected via WAN2(P3) but via WAN1(P2) - OK. I changed settings on WAN2(P3) and connected my main provider, disable firewall, but i still can't connected. What am I…
-
Flex 700 - Certificate download has failed
I have a USG Flex 700 running firmware version 5.31(ABWD0) which is having the same continuous error "2022-09-26 14:45:03 error myZyXEL.com Certificate download has failed.). I have tried unsuccessfully to perform the update manually, but it continues to fail that way as well. "SSL Certificate download has failed. (failed)…
-
Autoupdate didn't....why?
V4.50(ABFW.0) Have autoupdate and autoreboot enabled. But for 2 days, the ATP has not rebooted. The V4.55 is waiting on deck. Yes, it's set for daily update. What have I missed?
-
I-Phone 14 Issue in wifi enviroment
hi guys,i'm wandering around a issue with iphone14 in a wifi enviroment with an internal MS Exchange Server.This is the scenario:Usg 310 is the AP controller and the DHCP server for Vlans.Vlan33 (192.168.33.XXX) is the vlan with internal DNS Server 192.168.33.100 and LAN interface of MS Exchange Server 192.168.33.15DNS…
-
Can i Allow list a IP addredd against ADP Scan-Detection on USG FLex 500?
Afternoon, were using ADP Scan-Detection, however there are network inventory applications on a server within the network that trips this alarm every few hours. Can we permit this IP at all please ? crit adp ACCESS
FORWARD Rule_id:1 from
LAN to Any, [type:Scan-Detection(33)] tcp filtered distributed portscan
Action:No…
