Reset firewall

LeviPonti
LeviPonti Posts: 32  Freshman Member
First Comment Fourth Anniversary
I have a big problem:I manage a network with 310 computers and for some time often especially at the beginning of work the usg210 firewall crashes and the only solution is to remove the power supply and restart it. what can it be ?

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @LeviPonti 

    May I know what is the specific symptom of the USG210 crash? Did it reboot by itself? Or, you cannot login to the device Web-GUI? How often this symptom occurs? Is it a random symptom in your environment? What is the firmware version you are using now? Besides, we suggest you can type the command "debug kernel console-level 8" to enable kernel-debug-level 8 and keep collecting the console log with the timestamp from the USG210 then providing the console log and remote Web-GUI link to us via private message, the historical console log can help us clarify situation more clearly. I will send a private message to you about how to configure remote Web-GUI for Zyxel HQ.  Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • LeviPonti
    LeviPonti Posts: 32  Freshman Member
    First Comment Fourth Anniversary
    there are no symptoms. at some point you can't ping the firewall anymore. The firmware version is: 4.72 (AAPI.0)
    These are the log lines. as you can see it works until 8.25 then I had to disconnect the power and restart it.
    
    2022-10-03 08:25:31,192.168.9.33:59885                              ,104.77.185.58:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.39:52796                              ,34.104.35.123:80                                ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.23:54693                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.12.6:51410                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.12.6:54578                              ,20.40.136.238:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:13, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.29:63935                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.29:63032                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.99.195:59470                            ,220.95.41.179:43514                             ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:31,192.168.9.18:60344                              ,209.197.3.8:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.36:51757                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.39:52797                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.110:52791                             ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.99.195:30418                            ,34.94.213.23:6969                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:8, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.99.195:59471                            ,202.86.124.159:33347                            ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.32:59284                              ,104.77.185.24:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.20:62692                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.20:50662                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.32:59285                              ,104.77.185.24:443                               ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.14:58675                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.15:61822                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:25:32,192.168.9.31:53604                              ,13.107.4.52:80                                  ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan2                  ,tcp                  ,     priority:14, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:26,                                                ,                                                ,     info               ,sso                   ,CONFIG CHANGE        ,                        ,                      ,                     ,     SSO agent config change
    2022-10-03 08:40:28,                                                ,                                                ,     error              ,myzyxel-dot-com       ,                     ,                        ,                      ,                     ,     Connection error has occurred.
    2022-10-03 08:40:32,                                                ,                                                ,     alert              ,system                ,                     ,                        ,                      ,                     ,     Port 4 is up!
    2022-10-03 08:40:32,                                                ,                                                ,     alert              ,system                ,                     ,                        ,                      ,                     ,     Port 1 is up!
    2022-10-03 08:40:32,                                                ,                                                ,     alert              ,system                ,                     ,                        ,                      ,                     ,     Port 2 is up!
    2022-10-03 08:40:32,                                                ,                                                ,     info               ,policy-route          ,INTERFACE ALIVE      ,                        ,                      ,                     ,     Interface lan1 alive, related policy route rules will be re-enabled.
    2022-10-03 08:40:32,                                                ,                                                ,     info               ,policy-route          ,INTERFACE ALIVE      ,                        ,                      ,                     ,     Interface lan1 alive, related policy route rules will be re-enabled.
    2022-10-03 08:40:32,                                                ,                                                ,     info               ,policy-route          ,INTERFACE ALIVE      ,                        ,                      ,                     ,     Interface lan1 alive, related policy route rules will be re-enabled.
    2022-10-03 08:40:36,192.168.12.6:62047                              ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.195:60345                            ,45.154.253.5:80                                 ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.14:48759                             ,142.251.209.10:443                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.14:44625                             ,149.154.167.91:443                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.14:42412                             ,142.251.209.42:443                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,tcp                  ,     priority:8, from LAN1 to WAN, TCP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.1.99:55604                              ,8.8.4.4:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.8.3:64556                               ,8.8.8.8:53                                      ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,udp                  ,     priority:10, from LAN1 to WAN, UDP, service others, ACCEPT
    2022-10-03 08:40:36,192.168.99.195:60344                            ,107.152.127.9:6969                              ,     notice             ,secure-policy         ,ACCESS FORWARD       ,     lan1               ,wan1                  ,t
    
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Please prepare a PC with Teraterm and type the command "debug kernel console-level 8" to keep collecting the complete console log with the timestamp until the next time this issue occurs again. The kernel-debug-level 8 console log can help us do more clarification.

    Besides,  is there any CLI response on the console during this issue occurring?  If so, please enter the CLI "diaginfo collect ac" and wait for a few minutes(about 3~5mins) to collect the diag-info for us, you can enter the CLI "show diaginfo collect ac status" to check if the diaginfo file is already been collected yet, thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Besides, not sure if you already web-auth feature on USG210, to reduce the HTTP related session pressure on the USG 210, you could restrict the max HTTP session number per IP via the below CLI:
    Router> configure terminal
    Router(config)# ip http max-connection-per-ip 10
    Router(config)# write
    Router(config)# exit
    We suggest you can enter the CLIs and monitor your device for a few days.
    Maybe it's helpful to you, thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • LeviPonti
    LeviPonti Posts: 32  Freshman Member
    First Comment Fourth Anniversary
    i have sso authentication and now i typed the commands you suggested (ip http max-connection-per-ip 10) now i will monitor the situation. possibly how can I go back?
    thanks
  • LeviPonti
    LeviPonti Posts: 32  Freshman Member
    First Comment Fourth Anniversary
    it happened that in a subnet of 30 PCs they were doing a test and the navigation was blocked but I was still pinging the firewall. by diverting that subnet to another firewall, navigation is restarted.
    The subnet in question has finished testing and everything is back to normal
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    LeviPonti said:
    i have sso authentication and now i typed the commands you suggested (ip http max-connection-per-ip 10) now i will monitor the situation. possibly how can I go back?
    thanks
    Hi @LeviPonti

    You can enter below CLIs to recover the previous setting(it means no http max-connection-per-ip limit) 
    Router> configure terminal
    Router(config)# no ip http max-connection-per-ip 
    Router(config)# write
    Router(config)# exit
    Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

Security Highlight