Upgrade to 4.65 on USG110/210 breaks external access
I have done all upgrades to 4.64 on my firewalls without a problem. However, on upgrading from 4.64 to 4.65 I am running into an issue where the allowed external admin port no longer works.
So on 4.64, I assigned a port (22443) for external admin use for one IP. It worked fine and I've had no problems. But when I upgraded to 4.65 from 4.64 I can no longer access the firewall from the allowed IP. I've had to add a special rule to allow access from there. I can provide configs.
So on 4.64, I assigned a port (22443) for external admin use for one IP. It worked fine and I've had no problems. But when I upgraded to 4.65 from 4.64 I can no longer access the firewall from the allowed IP. I've had to add a special rule to allow access from there. I can provide configs.
0
Accepted Solution
-
Hi @BMS,I load your configuration file to our USG210 but the following error appears.ERROR: zymesh-profile ZyMesh_AP ssidHence, I remove this line from the configuration file and upload it to USG210 again.Need to enter the commands to access the web GUI no matter from LAN or WAN.Router(config)# ip http secure-serverRouter(config)# writeBesides, the configuration file you provided is not the full startup-config.conf.There are no secure-policy in the file.
If possible, please download the startup-config.conf directly and send this file to me. Thanks!0
All Replies
-
Hi @BMS,Could you send the startup-config.conf to me in private message?I'd like to check the settings in security policy rules.0
-
I sent you the full config, let me know if you see anything. If you can tell me how I can get access back from the command line (I have ssh access) it would be great.0
-
Hi @BMS,I load your configuration file to our USG210 but the following error appears.ERROR: zymesh-profile ZyMesh_AP ssidHence, I remove this line from the configuration file and upload it to USG210 again.Need to enter the commands to access the web GUI no matter from LAN or WAN.Router(config)# ip http secure-serverRouter(config)# writeBesides, the configuration file you provided is not the full startup-config.conf.There are no secure-policy in the file.
If possible, please download the startup-config.conf directly and send this file to me. Thanks!0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight