Upgrade to 4.65 on USG110/210 breaks external access

BMS
BMS Posts: 21  Freshman Member
Second Anniversary
I have done all upgrades to 4.64 on my firewalls without a problem.  However, on upgrading from 4.64 to 4.65 I am running into an issue where the allowed external admin port no longer works.

So on 4.64, I assigned a port (22443) for external admin use for one IP.  It worked fine and I've had no problems.  But when I upgraded to 4.65 from 4.64 I can no longer access the firewall from the allowed IP.  I've had to add a special rule to allow access from there.  I can provide configs.

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited July 2021 Answer ✓
    Hi @BMS,

    I load your configuration file to our USG210 but the following error appears.
    ERROR: zymesh-profile ZyMesh_AP  ssid

    Hence, I remove this line from the configuration file and upload it to USG210 again.
    Need to enter the commands to access the web GUI no matter from LAN or WAN.
    Router(config)# ip http secure-server
    Router(config)# write

    Besides, the configuration file you provided is not the full startup-config.conf.
    There are no secure-policy in the file.
    If possible, please download the startup-config.conf directly and send this file to me. Thanks!

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @BMS,
    Could you send the startup-config.conf to me in private message?
    I'd like to check the settings in security policy rules.
  • BMS
    BMS Posts: 21  Freshman Member
    Second Anniversary
    I sent you the full config, let me know if you see anything.  If you can tell me how I can get access back from the command line (I have ssh access) it would be great.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited July 2021 Answer ✓
    Hi @BMS,

    I load your configuration file to our USG210 but the following error appears.
    ERROR: zymesh-profile ZyMesh_AP  ssid

    Hence, I remove this line from the configuration file and upload it to USG210 again.
    Need to enter the commands to access the web GUI no matter from LAN or WAN.
    Router(config)# ip http secure-server
    Router(config)# write

    Besides, the configuration file you provided is not the full startup-config.conf.
    There are no secure-policy in the file.
    If possible, please download the startup-config.conf directly and send this file to me. Thanks!

Security Highlight