Reset firewall

Options
LeviPonti
LeviPonti Posts: 30  Freshman Member
First Anniversary 10 Comments
I have a big problem:I manage a network with 310 computers and for some time often especially at the beginning of work the usg210 firewall crashes and the only solution is to remove the power supply and restart it. what can it be ?

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @LeviPonti 

    May I know what is the specific symptom of the USG210 crash? Did it reboot by itself? Or, you cannot login to the device Web-GUI? How often this symptom occurs? Is it a random symptom in your environment? What is the firmware version you are using now? Besides, we suggest you can type the command "debug kernel console-level 8" to enable kernel-debug-level 8 and keep collecting the console log with the timestamp from the USG210 then providing the console log and remote Web-GUI link to us via private message, the historical console log can help us clarify situation more clearly. I will send a private message to you about how to configure remote Web-GUI for Zyxel HQ.  Thanks.

  • LeviPonti
    LeviPonti Posts: 30  Freshman Member
    First Anniversary 10 Comments
    Options
    there are no symptoms. at some point you can't ping the firewall anymore. The firmware version is: 4.72 (AAPI.0)
    These are the log lines. as you can see it works until 8.25 then I had to disconnect the power and restart it.
    
    2022-10-03 08:25:31,192.168.9.33:59885                              ,104.77.185.58:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.39:52796                              ,34.104.35.123:80                                ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.23:54693                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.12.6:51410                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.12.6:54578                              ,20.40.136.238:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:13, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.29:63935                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.29:63032                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.99.195:59470                            ,220.95.41.179:43514                             ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.18:60344                              ,209.197.3.8:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.36:51757                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.39:52797                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.110:52791                             ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.99.195:30418                            ,34.94.213.23:6969                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:8, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.99.195:59471                            ,202.86.124.159:33347                            ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.32:59284                              ,104.77.185.24:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.20:62692                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.20:50662                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.32:59285                              ,104.77.185.24:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.14:58675                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.15:61822                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.31:53604                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:26,                                                ,                                                ,     info               ,sso                   ,CONFIG CHANGE        ,                        ,                      ,                     ,     SSO agent config change
    2022-10-03 08:40:28,                                                ,                                                ,     error              ,myzyxel-dot-com       ,                     ,                        ,                      ,                     ,     Connection error has occurred.
    2022-10-03 08:40:32,                                                ,                                                ,     alert              ,system                ,                     ,                        ,                      ,                     ,     Port 4 is up!
    2022-10-03 08:40:32,                                                ,                                                ,     alert              ,system                ,                     ,                        ,                      ,                     ,     Port 1 is up!
    2022-10-03 08:40:32,                                                ,                                                ,     alert              ,system                ,                     ,                        ,                      ,                     ,     Port 2 is up!
    2022-10-03 08:40:32,                                                ,                                                ,     info               ,policy-route          ,INTERFACE ALIVE      ,                        ,                      ,                     ,     Interface lan1 alive, related policy route rules will be re-enabled.
    2022-10-03 08:40:32,                                                ,                                                ,     info               ,policy-route          ,INTERFACE ALIVE      ,                        ,                      ,                     ,     Interface lan1 alive, related policy route rules will be re-enabled.
    2022-10-03 08:40:32,                                                ,                                                ,     info               ,policy-route          ,INTERFACE ALIVE      ,                        ,                      ,                     ,     Interface lan1 alive, related policy route rules will be re-enabled.
    2022-10-03 08:40:36,192.168.12.6:62047                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.195:60345                            ,45.154.253.5:80                                 ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.14:48759                             ,142.251.209.10:443                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.14:44625                             ,149.154.167.91:443                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.14:42412                             ,142.251.209.42:443                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.1.99:55604                              ,8.8.4.4:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.8.3:64556                               ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.195:60344                            ,107.152.127.9:6969                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,t
    
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Please prepare a PC with Teraterm and type the command "debug kernel console-level 8" to keep collecting the complete console log with the timestamp until the next time this issue occurs again. The kernel-debug-level 8 console log can help us do more clarification.

    Besides,  is there any CLI response on the console during this issue occurring?  If so, please enter the CLI "diaginfo collect ac" and wait for a few minutes(about 3~5mins) to collect the diag-info for us, you can enter the CLI "show diaginfo collect ac status" to check if the diaginfo file is already been collected yet, thanks.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Besides, not sure if you already web-auth feature on USG210, to reduce the HTTP related session pressure on the USG 210, you could restrict the max HTTP session number per IP via the below CLI:
    Router> configure terminal
    Router(config)# ip http max-connection-per-ip 10
    Router(config)# write
    Router(config)# exit
    We suggest you can enter the CLIs and monitor your device for a few days.
    Maybe it's helpful to you, thanks.
  • LeviPonti
    LeviPonti Posts: 30  Freshman Member
    First Anniversary 10 Comments
    Options
    i have sso authentication and now i typed the commands you suggested (ip http max-connection-per-ip 10) now i will monitor the situation. possibly how can I go back?
    thanks
  • LeviPonti
    LeviPonti Posts: 30  Freshman Member
    First Anniversary 10 Comments
    Options
    it happened that in a subnet of 30 PCs they were doing a test and the navigation was blocked but I was still pinging the firewall. by diverting that subnet to another firewall, navigation is restarted.
    The subnet in question has finished testing and everything is back to normal
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    LeviPonti said:
    i have sso authentication and now i typed the commands you suggested (ip http max-connection-per-ip 10) now i will monitor the situation. possibly how can I go back?
    thanks
    Hi @LeviPonti

    You can enter below CLIs to recover the previous setting(it means no http max-connection-per-ip limit) 
    Router> configure terminal
    Router(config)# no ip http max-connection-per-ip 
    Router(config)# write
    Router(config)# exit
    Thanks.

Security Highlight