Recovery Steps for Nebula USG FLEX/ATP Series Application Patrol Signature Issue
Zyxel Employee
Symptom:
The App Patrol signature release V1.0.0.20220310.0 may create parsing error on device for both on-premises and on-cloud modes, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting further no matter manually or by schedule
Solution:
The App Patrol signature release V1.0.0.20220310.0 have been removed.
New urgent patch ZLD5.21 P1 will be available by Wednesday (3/16) avoiding the parsing issue.
Remark:
If App Patrol signature of your device is updated to version 1.0.0.20220310.0 but not affected, do NOT reboot the device before ZL5.21 P1 is released. Use the command to check signature version.
Access firewall using this link https://"firewall IP"/webconsole input the following command to check signature version:
Router# show app signatures status
REMINDER: Firewall local credentials are located at Site-wide > Configure > General settings.
current version: 1.0.0.20220310.0
If you need to restart the device before 5.21 patch 1 is released for some reasons, here is a solution to overcome this issue BEFORE rebooting your device. Please follow the steps.
1. Access firewall using this link https://"firewall IP"/webconsole input the following command:
Command: packet-trace extension-filter -w /db/etc/app_patrol/.md5sum
2. Ctrl + C to terminate packet-trace
3. Reboot device
If you need technical assistance, please send your request to support@zyxel.com.tw.
***If the firewall has been rebooted***
Recovery steps as follows:
Before ZLD5.21 P1 is released, follow the instructions to recover the affected device temporarily.
Nebula mode
1. Connect the device directly via the console port using a terminal emulation program. Reboot the device and enter debug mode.
2. Switch to another firmware partition. Type atcd 1 to use firmware partition 1.
3. Type atgo to boot up device.
- If the device is still stuck in reboot loop, repeat the step 1 and step 2 to retry. In step 2, type atcd 2 to use firmware partition 2 to boot up.
Note:
- If the device still fail to reboot, please contact the regional support team for the recovery process.
- After device reboots, check the running firmware version. If the firmware version is ZLD4.29, please contact the regional support team for the recovery process.
4. Press RESET button on the device to reset to factory default settings.
5. Re-login device Web GUI, choose Nebula Mode to connect device to Nebula.
- If wan interface is static IP or PPPoE, please configure WAN settings after choosing Nebula Mode
Note: If wan interface is DHCP, you can skip this step. The device will connect to cloud automatically after wan interface gets IP address.
Configure WAN settings.
Categories
- All Categories
- 392 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
