Does the USG FLEX Series have Port Forwarding problems?

PaoloFracas

To keep the community updated...

After having performed some tests with the VPN "Site to Site" the problem seems to focus on the internal communication of the USG FLEX.

Only by setting the Services to "Any" in the communication rule (Firewall) between External Source and NAS (both with VPN and Port Forwarding) does Hyper Backup work regularly

At least in terms of internal tests.

In the case of Port Forwarding, security should still be guaranteed by the redirection of only TCP Port 6281.

It should be understood why the anomaly affects the USG FLEX Family and not the USG.

PaoloFracas

I ran further tests and used the Log filters to understand if there was any traffic beyond TCP Port 6281 but this is not the case.

Either using the filter with the Source only or with the Destination only.

This behavior of the USG FLEX Series makes no sense.

PaoloFracas

I ran the ultimate test tonight by backing up the customer with over 1.5 million files and the USG FLEX 100 with the latest verified configuration as the destination.

Backup performed successfully.

As further confirmation that the anomaly is not in the Port Forwarding but in the Firewall section.

It was the last piece.

Best Regards

Paolo Fracas

Zyxel_Jeff

Hi @PaoloFracas

OK, thanks for your verification. We will keep confirming it internally, thanks.

Zyxel_Jeff

Hi @PaoloFracas

We found that when the Anti-Malware is enabled and the service "TCP 6281" of security policy is chosen, the traffic would pass through the Anti-Malware engine, and the NAT data transfer rate might a little bit unstable because of the Anti-Malware engine being busy. So, can you disable the Anti-Malware and configure an IP Exception to test it for us?

(1). Disable Anti-Malware to test NAS backup.


(2). Once (1). is working for you. You can configure an IP Exception profile to define the direction from the source IP(the initiated IP) to the destination IP(NAS server IP 192.168.101.163), as below:


The IP Exception can bypass the inspection of Anti-Malware.


It might a workaround solution for you.
Thanks.

PaoloFracas

Hi Jeff,

I remembered that the verification of the deactivation of the "Anti-Malware" option had been done when you connected from Taiwan but I checked it again just to be careful.

It does not work.

In addition to this, I had already independently tested the exception in July as communicated with my email dated 08/07/2022 (dd/mm/yyyy).

The exception also doesn't work.
But if you allow me, you are looking in the wrong place.

By using "Any" in the "Service" field, if it were an "Advanced Services" problem, the situation would go even further into crisis.

I want to take a test that I haven't done yet.

As soon as I have the result I will inform you.

Best Regards

Paolo Fracas

PaoloFracas

I wanted to do a test by changing the port of the Backup Program to understand how the USG FLEX behaved but it is not possible to do it on the destination NAS so it would not make sense because Port Forwarding works.

Zyxel_Jeff

Hi @PaoloFracas

Thanks for the verification so far. We are preparing a date firmware to fix it, please wait for our update. Thanks.

Zyxel_Jeff

Hi @PaoloFracas

We already provided the date firmware to you via private message, please check your inbox. Thanks.

PaoloFracas

Loading the "Beta" Firmware made a mess.

Luckily I can recover a configuration saved on 10/27/2022 otherwise I would have had to configure everything from the beginning.

It's a nightmare.

Two backups from November (the last one from 11/23/2022) are no longer uploaded.

The latter had been restored without problems a few days ago.

As soon as I have carried out all the checks I will report to you.

Zyxel Italy assistance NON EXISTENT!!!

Best Regards

Paolo Fracas