Problem after firmware update on a USG flex 500

Darryl
Darryl Posts: 13  Freshman Member
10 Comments Friend Collector
It seems that after a firmware update, my connection to the internet is always down.  I'm using a cable modem, and everything else is working.  A simple renew of the dynamic DHCP address gets the FW the same information, but still no connection to The Internet.  Resetting the cable modem and then doing a renew seems to resolve this issue.

I don't think an update to firmware should leave the network effectively down.  This has happened now twice with this FW.   I came from a USG 100 (yeah, it's old) and this never happened with that device.

Thoughts?
«1

All Replies

  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @Darryl,
    Welcome to Zyxel community!

    Please confirm the information for further checking.
    1. Did you set up the connectivity check on your tested interface? If so, what's the target IP address?
    2. Please provide two diag-info files, one is captured when the issue occurs, and another is captured after the issue is fixed. (after rebooting the modem)
    You can collect diag-info at Maintenance > Diagnostics > Diagnostics > Files > Diagnostic files.


    Thanks,
    James
  • Darryl
    Darryl Posts: 13  Freshman Member
    10 Comments Friend Collector
    Thanks for the welcome and your reply.   I will have to wait until the next firmware update to grab the diagnostics you requested.   This happened when I first installed the firewall with new firmware, and I thought it might have been just a fluke.  When I installed 5.32, the problem reoccurred and exhibited the same symptoms.  Currently the diagnostic files section is empty (i.e. no entries in the table), but I may have also rebooted the firewall after the modem to be sure things were in a "fresh" state.  I do export syslog data to a NAS, and I was getting alerts that the firewall was dumping over 100 log entries / second to the NAS during the time that it couldn't connect to the Internet.

    As far as the connectivity check is concerned, I use devanno.com and comcast.net (comcast is my provider).   I have tried pinging known IP addresses in addition to these connectivity checks, with a computer that clearly is "talking" to the firewall (I can be logged into the firewall interface).  Such pings will work if the connection is up... but I get destination unreachable.

    Thanks,
    Darryl
  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @Darryl,
    The dia-info could be collected at the moment. You may collect it when the problem occurs.
    Maintenance > Diagnostics > Controller, click Collect Now, and you will see the entry at Maintenance > Diagnostics > Files.


    James
  • Darryl
    Darryl Posts: 13  Freshman Member
    10 Comments Friend Collector
    Thanks, James... got it!  Sill do this next go-around. 
    ...Darryl
  • Darryl
    Darryl Posts: 13  Freshman Member
    10 Comments Friend Collector
    Ok... tonight sometime after 11pm, I lost Internet connectivity.   I gathered the diagnostic data, tried a DHCP Renew on the primary address, no joy there.  I -could- ping the gateway address, however that was given to the FW.  So, I collected diagnostic data as requested.  I then gave the command from the service provider's end (using my cell phone and data connection) to restart the modem.   After it restarted, I still couldn't connect until I forced a DHCP Renew and then I was able to connect to the Internet again.  I collected another set of diagnostic data.  I tried to attach the files here but it says "file format not allowed" so I zipped 'em up.

    ...Darryl

  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @Darryl,
    When was this provided diag-info collected? After DHCP renew, right?
    Could you provide the diag-info when you lose the internet connection? Thank you.

    Moreover, just to clarify the symptom when you lost the internet connection.
    When you lose the internet connection.
    1. DHCP renew > issue exists
    2. Ping WAN gateway > success
    3. How about ping the target IP address of connectivity check?
    4. Connect to the internet again after modem reboot and USG FLEX 500 renew WAN interface DHCP

    James
  • Darryl
    Darryl Posts: 13  Freshman Member
    10 Comments Friend Collector
    edited October 2022
    James, it happened again roughly 24 hours after the last hit got resolved ... then after I gathered this diagnostic information and got things back up, it took another hit.  In all cases, diagnostics from the ISP side of things show no issues.   It's now 02:00 hours here and I'm beat.  Attaching the first of tonight's diagnostic files.

    The second time this hit, I reset the modem (again) and also rebooted the Firewall.  It took quite a while to get things back up and running.  I did not collect diagnostics on the second hit.

    Thanks... Darryl
  • Darryl
    Darryl Posts: 13  Freshman Member
    10 Comments Friend Collector
    "Hello @Darryl,
    When was this provided diag-info collected? After DHCP renew, right?
    Could you provide the diag-info when you lose the internet connection? Thank you."

    James,
    Yes, first diag info was collected after attempting DHCP renew.  Second was after everything came back up again.   I will get a diag next time before I attempt a DHCP renew.  


    "Moreover, just to clarify the symptom when you lost the internet connection.
    When you lose the internet connection.
    1. DHCP renew > issue exists
    2. Ping WAN gateway > success
    3. How about ping the target IP address of connectivity check?
    4. Connect to the internet again after modem reboot and USG FLEX 500 renew WAN interface DHCP"

    I don't know that it's a DHCP Renew problem.  That seems to work, but it always returns the same information, which is typical for this ISP, of course. 

    Is there any way that I can find out from the firewall what the lease time is?  Since I've lost the network connection a couple of times, almost 24 hours apart, I'm wondering if there is a renew problem...at lease expiration.  If that were the case, I'd think that a manual renew would resolve it, but it typically does not.  I can Ping the :renewed: address with success. 

    I always try pinging target sites AND a different IP address that I know is a valid DNS.  Pings anywhere on The Internet fail.   It seems to take quite a while before the Firewall declares the port "down" ...   the reconnect sometimes doesn't work after a renew, and I have to ping the gateway address for things to "wake up" and I get WAN connectivity again.

    On the second failure of early this morning (I had one at about 00:20 hours, and got it back around 01:00, and then at about 01:30 had the second this morning), I rebooted the modem AND the firewall, and things wouldn't come back until I pinged the gateway address... by then it was around 02:00 as I indicated in my previous post, and I was having trouble staying awake, so as I indicated, I didn't grab diag data then.

    Each diagnostic data file I send has two files zipped together, one is the "before" and the other the "after."

    James

    Thank you!
    ...Darryl
  • Darryl
    Darryl Posts: 13  Freshman Member
    10 Comments Friend Collector
    James, 
    Took another hit today just after noon local time.   I couldn't get to The Internet.  Collected diagnostic data (that's the first file).   I rebooted the modem and still couldn't get to The Internet, did NOT do a DHCP Refresh on the WAN1 connection (P2).   -Finally- after doing a DHCP refresh on P2 (WAN1) TWICE, the network came alive, and that's the third diagnostic file.  All attached in one zip.

    ...Darryl
  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Two things to try:

    1. disable the WAN connectivity check on interface

    2. inactivate the WAN interface and then activate when problem happens


Security Highlight