USG110 Not communicating with HTTP/S

Agron
Agron Posts: 5
First Anniversary First Comment
edited April 2021 in Security
I am trying to sync time and also register my device with portal.myzyxel.com but zyxel is failing on each call.
All resources routed from this devices are working properly, ( I can load portal from my laptop normally ).

Can someone help on this issue, No IDP Signature, Firmware, Antivirus Signature is getting updated.
Devices are licensed.

Error when trying to Register: Fail to connect to portal.myzyxel.com  
Error when trying to Sync NTP Time: 
CLI Number: 1
Error Number: -21023
Error Message: 'NTP synchronization has timeout.'

DNS is configured properly ( I think ) See Below:

All Replies

  • dpipro
    dpipro Posts: 64  ZCNE Certified
    First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
    edited March 2021
    Hi @Agron,

    specify the wan port at Query via field
    Best regards
  • timjohn
    timjohn Posts: 3
    First Comment
    All resources routed from this devices are working properly, ( I can load portal from my laptop normally )
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @Agron,

     Can you please try to choose wan1 interface for Query via option in the following path;

     Configuration > System > DNS > Domain Zone Forwarder > DNS Server with 8.8.8.8 IP address.



    Best regards.
  • Agron
    Agron Posts: 5
    First Anniversary First Comment
    edited March 2021
    Hi All,

    Apparently having WAN1 and WAN2 activated at the same time was not allowing my devices to communicate with Zyxel Portal.
    I keep both WANs active because of fail-over, but I need my signatures up to date so I had to disable WAN2.

    Maybe Zyxel has to check further on this. Fail-over does not also work properly even if WAN1 is down, unless i remove the cable from port.

    Thank you for your effort.
  • PeterUK
    PeterUK Posts: 2,702  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    I think their needs to be a option to make the USG use a set interface for communicate with Zyxel Portal and signatures up to dates.

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @Agron,

    Can you please share some information for better understanding;

    1- Did you set DNS forwarder for both wan interfaces as I mentioned above and try that?
    2- Can you please test signature update when only wan1 interface is plugged and only wan2 interface is plugged?
    3- Can you please go to Maintenance > Diagnostics > Network Tool > PING IPv4 and try to ping google.com both for 2 interfaces as following?

    4- Can you please tell me how do you test the failover function?
    5- If adding the DNS forwarder doesn't solve your problem, can you please send me your startup-config.conf by private message?

    Best regards.


Security Highlight