Does the USG FLEX Series have Port Forwarding problems?

24567

All Replies

  • PaoloFracas
    PaoloFracas Posts: 46
    First Comment
     Freshman Member
    Maybe I made some mistakes in the configuration but the Support had a chance to verify it and nothing came out.

    After I send all possible log, with no result.

    Regarding the behavior of the backup program, after some time it seems to fall asleep.

    Sometimes it resumes, other times, after a long period of activity, it generates an error, consolidates what has been saved and starts again.

    This with a small number of files. With a high number (not necessarily many MBytes) it crashes.

    I have to interrupt the communication to stop the Backup.

    With USG FLEX, every backup communication is like a rollercoaster as you can see in a previous image.
  • PaoloFracas
    PaoloFracas Posts: 46
    First Comment
     Freshman Member
    I asked Synology Support to check the backup logs but nothing came up.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 529
    50 Answers 500 Comments Friend Collector Second Anniversary
     Guru Member
    Hello @PaoloFracas

    Thanks for your response.
    (1). While the "rollercoaster " symptom appears, are there any block or drop messages on your Monitor Log of USG Flex100?
    (2). Did you try to use another port (not TCP 51200  ) to backup files to NAS? Is it working for you?
    (3). What is the "Synology Backup Program"? Where did you execute this program in your topology? From the internet? or LAN domain? 
    (4). What is your MTU size of USG40 and USG Flex100? Are they the same?
    Thanks.
  • PaoloFracas
    PaoloFracas Posts: 46
    First Comment
     Freshman Member
    (1). While the "rollercoaster " symptom appears, are there any block or drop messages on your Monitor Log of USG Flex100?
    I have no message
    I see something when the traffic restart but with no error (Port TCP 6182)

    (2). Did you try to use another port (not TCP 51200  ) to backup files to NAS? Is it working for you?
    The standard port of the Program is not the TCP 51200 but the TCP 6281


    The TCP 51200 is the port indicated by Zyxel Support which would appear to affect the Backup Program traffic when installing the USG FLEX 100
    There is no reference about that in Synology
    There is no reference with USG 40
    On wednesday I will change the default TCP 6182 and made a check.
    I can't do that before.
    If I can I send you a message.

    (3). What is the "Synology Backup Program"? Where did you execute this program in your topology? From the internet? or LAN domain?
    The Program is "Hyper Backup" and I execute that from Internet.
    Is a Backup from remote site to internal network.

    (4). What is your MTU size of USG40 and USG Flex100? Are they the same?
    Thanks.
    I will answer you on wednesday.
    I can't check the USG FLEX 100 at the moment but I think it is 1500 (for sure in the USG 40 - WAN Port)

    Thanks to you.


  • mMontana
    mMontana Posts: 1,093
    1000 Comments 25 Answers Friend Collector Third Anniversary
     Guru Member
    edited October 2022
    I'm a bit confused.
    You have a group for Hyper Backup Vault. That's fine. It's a group of two TCP Ports. So why there are two port rules for the forward?

    In my personal opinion, this should be the NAT rule.

    and this one, if wan related, the Security policy rule. Source WAN, destination LAN1. But whatever...

    (seem the images have been shrinked. sorry abot bad quality)
  • PaoloFracas
    PaoloFracas Posts: 46
    First Comment
     Freshman Member
    What do you mean when you say "two port rules".
    Do you refer to the highlighted element?

  • mMontana
    mMontana Posts: 1,093
    1000 Comments 25 Answers Friend Collector Third Anniversary
     Guru Member
    You have two NAT entries.
    The first one is "Hyper_Backup_Vault" as external port and as internal port (I don't know why, the first one is not considered object, but whatever) Then the second one, with "TCP_6281" ad external and internal port; both seems considered objects.
    But. Into the object "Hyper_Backup_Vault" you already have port TCP_6281, plus port TCP_51200; this arrangement in 99.9% of case should not create any issue. However, there should be at least one Security policy for allowing comunications. Or a rule with both services allowed (using the "Hyper_Backup_Vault" service group object) Or two rules, one for port TCP 6281 and one for port TCP 51200.

    I don't remember if ZLD 5.x (the latest firmware generation) allows to write down security policies with manually written ports.
  • PaoloFracas
    PaoloFracas Posts: 46
    First Comment
     Freshman Member
    The second ("TCP_6281") is an inactive rule.
    The first I created.

  • PaoloFracas
    PaoloFracas Posts: 46
    First Comment
     Freshman Member
    The Security policy rule is present.
    At the moment I can't send you the image because I'm out of office and the USG 40 is in.
    The USG FLEX 100 is off.

  • mMontana
    mMontana Posts: 1,093
    1000 Comments 25 Answers Friend Collector Third Anniversary
     Guru Member
    Would you please delete the inactive rule and try again?
    BWM is enabled in USG Flex 100? Is there any other payed service enabled?
    (when you'll have time and occasion to test)

Security Highlight