Current staging/testing policy for firewall's firmware release

mMontana
mMontana Posts: 1,421  Guru Member
50 Answers 1000 Comments Friend Collector Fifth Anniversary
in Security
How and how long a firmware is tested/staged before public release?

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,311  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Before release an official firmware, the Zyxel team will perform many function items verification of beta firmware.
    The detailed function items include networking, routing, VPN services, Security services, Security policy, maintenance, fixed bug, new features, etc.
    The Zyxel team will continuously enhance the quality of the beta firmware until it can work perfectly and then be able to officially release to our customer.

  • mMontana
    mMontana Posts: 1,421  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    Why the hotfix for VPN2S take three months for being released only via FTP (no auto-update, no firmware on the website)?

    From the release notes...

    VPN2S Date Code Release Note

    20210624
    [BUGFIX][System] VPN2S vulnerability fix.
          fix issue :
                 1.      CVE-2021-35027: Web server 'zhttpd' directory traversal vulnerability
                         this issue is from begin of zhttpd.
                         filter the danger string ".." to avoid path traversal vulnerability
                 2.      CVE-2021-35028: CGI function 'ContentF_UrlTest' command injection vulnerability
                         this issue is from commit bebf8140 2018/04/12
                         filter the danger keywword like ";" "&&" "||" to avoid command injection.

    Write date on ftp.zyxel.com
    (sorry for the italian language, should be understandable anyway)
    Suppor zyxel website


    Neverthless, the hotfix currently is released...
    and available.

    Zyxel has a lot of devices. This means a lot of work to support them correcly. But during the last 12 months a lot of "hiccups" has happened.
    I can understand, i've been also being patient.

    Still device to cover. Or not, after more than 4 month still to declare it.

    Please take a different direction...
    Less products. Less "V"'s. Less wishes soon to be dead, like the cloud cameras announced few weeks ago stopping working at the end of the year.
    A lot of customers would love something better.
  • mMontana
    mMontana Posts: 1,421  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    I'm really sorry to see that currently ftp.zyxel.com and ftp2.zyxel.com are refusing connection from the public.
  • PeterUK
    PeterUK Posts: 3,645  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I think Zyxel want to EOL the VPN2S its only good for being a firewall due to the limited performance when doing QoS at 50Mb you get 1 year of content filter and thats it no renew then again I wonder how much performance loss would happen with it on. One said on amazon “No longer supported by Zyxel”.


  • mMontana
    mMontana Posts: 1,421  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    edited September 2021
    Maybe this person has more "backoffice info" than what's publisher here.
    Anyway, for a "no longer supported device" has...
    • no EOL list entry, which has for NAPxxx products and "convenient" split-service iCards for firewall devices, now replaced by "all inclusive" services (which are way more expensive)
    • an "official" firmware released during the end of 2020 (but no updated 3G and 4G device list for supported firewalls)
    • an hotfix firmware. "Leaked" to the pubblic 3 months later the release and... related to a 3 years ago commit. You can chech my post or i can provide you the files, if you wish.
    I can also understand the "low computational power". But it's still cheaper to by than a soon-dead USG20W-VPN (I don't think that we'll see again firewalls with integrated wireless modules), if you don't have a such fast FTTC or FTTB connection. And in italy, copper connections are still a lot.
    VPN2S also allow to pay this device instead of 3 GreenBow-skinned IpSec VPN licenses... Which i'm betting are gonna be traded for 1-year subscription soon.

    And eats way less power than any small-size computer with a Laptop Power Adapter with a linux distro... I mean, 6W instead of 45W tops.

    Not suitable for every occurences? I can relate, best value-to-price currently seems a "promotional" USG40W, which can carry two ISP via Ethernet plus (if you can reach the device) a USB 4G adapter and two manageable Access Points (if you can jump on a sale or on used ones).
    But still close to 3X than VPN2S price. And as far as i can see on the "river market", prices for Zyxel devices... Skyrocketed.

    Final Fun Fact: according to this PDF...
    USG40 is EOL since Jan 2021. VPN2S no.
    Maybe it's only for US market, IDK...

  • Asgatlat
    Asgatlat Posts: 107  Ally Member
    First Comment Friend Collector Seventh Anniversary
    mMontana said:
    I'm really sorry to see that currently ftp.zyxel.com and ftp2.zyxel.com are refusing connection from the public.
    indeed, since yesterday i can't connect anymore to the ftp :anguished:
  • Zyxel_Vic
    Zyxel_Vic Posts: 283  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary
    Hi @mMontana
    Thanks for your feedback, to your questions:

    Why the hotfix for VPN2S take three months for being released only via FTP (no auto-update, no firmware on the website)?
        --> The VPN2S does not support to download from cloud directly at this moment so users still needs to download the hot fix and upgrade it locally. Here it is the download link: V1.20(ABLN.2)_00210624C1
     
    no EOL list entry, which has for NAPxxx products and "convenient" split-service iCards for firewall devices, now replaced by "all inclusive" services (which are way more expensive)
         -->The suggestion will be further evaluated base on the the input we've received. 

    an "official" firmware released during the end of 2020 (but no updated 3G and 4G device list for supported firewalls)
         -->Since there're too many brands/models of the dongles in the world and it's difficult to support all of them, if you have specific model need to be supported, please feel free to feedback your requirement to our local representative so that we can evaluate on it with our local representative
     
    an hotfix firmware. "Leaked" to the pubblic 3 months later the release and... related to a 3 years ago commit. You can chech my post or i can provide you the files, if you wish.
        --> Sorry I didn't get the meaning. Can you describe further?

    By the way, the USG20/20W-VPN is not a "soon-dead" model, actually we just released a new firmware for it which supports on-cloud capability

    @Asgatlat
    You can download the required firmware from Zyxel download library instead. Link as below:
    https://www.zyxel.com/support/download_landing.shtml

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)