USG40W hangs upon small basic changes

SecCon
SecCon Posts: 51  Ally Member
edited May 9 in Security
I had my USG40 for a few months, only today I felt was a good time to test to put it as Router/Firewall on my network. Firmware is the latest 4.62. The device is found by ZON on W10.

The only port used is LAN1. It goes via a Patch Panel to my Ubiquiti EdgeMAX 24 Port Switch and via a second Patch Panel to my network ports. Everything wired, everything works, everything CAT6 UTP or above. I have built it all myself with some measuring tests and advice by a network technician I know from work, certified professional with years and years of experience and all the Fluke testing tools you wish you had but can't afford.

Initial configuration went fine, but the interface is kinda sluggish and it seems prone to hanging, also hanging my network.

During and after the Setup I had to change a few things.
  • I turned off Wifi, I have an AP.
  • DHCP Pool started at 192.168.1.33, I changed that to 192.168.1.2 since I have my switch on *.5 with a static address and my FileShare on *.10, also with a static allocation..
  • I also expanded DHCP pool from 200 to 240 since I have my Virtual servers above *.230
I did all these changes in the Ethernet interface of "lan1" since there is where it goes and where I had it on my other Router.

Doing these the USG40 would sometimes gracefully accept them, and sometimes just hang, causing the network to fall out.

I also went into Wireless > AP Management to add my AP, or to see if I could manage its connectivity through there - it is an Asus device, not Zyxel - but every time I went to that place the USG40 hung, as mentioned before.

The DHCP never got around to even fully list network devices, I never got to see the USG40 working for more than 15 minutes at a time, and the ONLY purchased feature I actually activated via the Licensing was IDP, so I really do not get why it would hang at the above described actions.

This evil circle - setup > configure > change > hang > dead > reset > start over - was repeated with mixed results 6 times until I gave up.

I realize USG40W is not a performance choice, I bought it second hand, renewed the IDP license, and have been testing it on and off to check for any stability issues or anything that could have popped up browsing the interface and upgrading the FW. It should be able to handle a DHCP pool that I specify, it should be able to enumerate 15 fixed computers on a Wired LAN, but it doesn't. It has NO Wifi chewing additional resources. I have been following the manual as much as is relevant - all the 1162 pages from October 2020.

Any advice?




Best Answer

  • SecCon
    SecCon Posts: 51  Ally Member
    Accepted Answer

    It seems more stable, but having deactivated FW and IDP that could be the reason for that. I have ZON installed locally on my main workstation for scanning and stuff. Will activate FW today - as I write this - and we shall see what happens.
    Also making sure logging is disabled in Monitor > UTM stats > Logging. One of those things that may impact performance.
    It is kinda confusing that in some places in the interface the ports are referred to as p1-p5 and in others as wan-lan1-lan2- etc....
    Just look at Monitor > System status > Port statistics, vs Monitor > System Status > Interface Status.
    I guess Port is not really the same as Interface...

    Why is there a wan1_ppp ? Not using it....



    And I also see my DDNS settings did not work - or I need to read up on how Zyxel wants them to work - so I guess I have to make a traditional Port Forward to my SFTP server. Why so complex: https://kb.zyxel.com/KB/searchArticle!viewBlob.action?attOid=14435 ?

    Anyhow, activating FW and seeing how that fares.

«13

Answers

  • mMontana
    mMontana Posts: 424  Master Member
    Would you please disable IDP as test?
  • SecCon
    SecCon Posts: 51  Ally Member
    I will... thanks. Just need a test window where no one but me is using the lan.... maybe in a couple of days.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 963  Zyxel Employee

    Hi @SecCon  

    We have fixed some of stability issue in forum release.

    You may upgrade your USG40W first and check if it helps your issue.

  • SecCon
    SecCon Posts: 51  Ally Member
    Ok, will look in to upgrading that asap
  • mMontana
    mMontana Posts: 424  Master Member
    edited May 12
    Question about firmware update, @Zyxel_Stanley: is upgrade from WK14 version to newer (4.63 maybe?) supported via automatic update?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 963  Zyxel Employee

    Hi @mMontana

    If you would like to upgrade firmware from WK14, then you have to download firmware from Myzyxel.com and upgrade firmware locally.
  • SecCon
    SecCon Posts: 51  Ally Member
    edited May 12
    SecCon said:
    Ok, will look in to upgrading that asap

    Firmware upgraded to WK14, IDP disabled. Will put it "live" later today or tomorrow.
  • mMontana
    mMontana Posts: 424  Master Member
    Let me express that this way of updating is... not that nice.
    I mean...
    For having the automated update working again the steps are..

    • upgrade one of the images on a forum version
    • reboot
    • use the device with the forum version while paging the update stream until a new version
    • reboot on the older firmware version (hoping that the config template is still the same)
    • upgrade to the new automated update (hoping that the config template is still the same)
    or
    • upgrade one of the images on a forum version
    • reboot
    • use the device with the forum version while paging the update stream until a new version appear
    • download the new version on a computer
    • upgrade the forum version image
    • reboot
    neither of that is quite pleasant.
    On other devices (computers) when you use a "supported beta" version you can go straight on the new stable version without so much hassle...

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 963  Zyxel Employee

    Hi @mMontana

    The forum release includes those fixes feedback by users, however, some fixes in the forum release may not be included in the formal release version due to the further fix adjustment/complement are required.

     If users directly upgrade the firmware from forum release to formal release automatically, user may miss some fixes. That’s why we don’t let forum release users to upgrade their firmware from cloud directly.


  • SecCon
    SecCon Posts: 51  Ally Member

    Wait. Is the WK14 a BETA!!!???

    I do not use betas on my network devices. Ever!. So if that is the case I totally wash my hands for any issues I may encounter. If it is a BETA you are supposed to name it as such and not use some obscure internal denomination instead that no one gets.

Security Highlight