Upgrade to 4.65 on USG110/210 breaks external access

BMS

I have done all upgrades to 4.64 on my firewalls without a problem.  However, on upgrading from 4.64 to 4.65 I am running into an issue where the allowed external admin port no longer works.

So on 4.64, I assigned a port (22443) for external admin use for one IP.  It worked fine and I've had no problems.  But when I upgraded to 4.65 from 4.64 I can no longer access the firewall from the allowed IP.  I've had to add a special rule to allow access from there.  I can provide configs.

Zyxel_Emily

Hi @BMS,

I load your configuration file to our USG210 but the following error appears.

ERROR: zymesh-profile ZyMesh_AP  ssid

Hence, I remove this line from the configuration file and upload it to USG210 again.

Need to enter the commands to access the web GUI no matter from LAN or WAN.

Router(config)# ip http secure-server

Router(config)# write

Besides, the configuration file you provided is not the full startup-config.conf.

There are no secure-policy in the file.
If possible, please download the startup-config.conf directly and send this file to me. Thanks!

Zyxel_Emily

Hi @BMS,

Could you send the startup-config.conf to me in private message?

I'd like to check the settings in security policy rules.

BMS

I sent you the full config, let me know if you see anything.  If you can tell me how I can get access back from the command line (I have ssh access) it would be great.

Zyxel_Emily

Hi @BMS,

I load your configuration file to our USG210 but the following error appears.

ERROR: zymesh-profile ZyMesh_AP  ssid

Hence, I remove this line from the configuration file and upload it to USG210 again.

Need to enter the commands to access the web GUI no matter from LAN or WAN.

Router(config)# ip http secure-server

Router(config)# write

Besides, the configuration file you provided is not the full startup-config.conf.

There are no secure-policy in the file.
If possible, please download the startup-config.conf directly and send this file to me. Thanks!