Does the USG FLEX Series have Port Forwarding problems?

12346

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,250  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Thanks for your update. Normally, we advise the customer to back up the device config file before updating the firmware in case there is an accident. Currently, you can report this issue to us directly and we can keep following this case here. Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    I probably didn't explain myself well.
    I have a series of backups but since I tried to install the beta firmware the last two (11/17/2022 - 11/23/2022) generate errors and are not loaded.
    The latest one on 11/23/2022 was definitely working before installing the beta firmware because I used it on 11/23/2022 itself after trying the backup simulation with a different port.
    As soon as I integrated the configuration changes of 10/27/2022, I report what happened.
    Best Regards

    Paolo Fracas
  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    Yesterday at about 14:00 local time I installed the V5.32 beta update package (V5.32(ABUH.0)ITS-22WK41-1125-221101280).
    After about 15 minutes of inactivity, unable to contact the Firewall, I had to disconnect the power and then reconnect it to see if it restarted.
    The device restarted with the previous Firmware version (V5.32(ABUH.0)) but with the factory settings, also requiring the setting of the password (IP address 192.168.1.1).
    In consideration of the boot firmware version I tried to restore the backup configuration of 11/23/2022 (last with changes) but without success.
    So I tried with the previous version of 11/17/2022 but again without success.
    At this point I became concerned and contacted Zyxel Support in Italy who to date have not responded despite having read the messages.
    Given the time, I proceeded to disconnect the USG FLEX 100 and put a USG 110 on the network which in this period I used to perform Synology backups and which obviously does not have the Advanced Services Licenses.
    With the USG FLEX 100 disconnected from the network I then tried to install the beta version again and this time the outcome was positive.
    As there was the default configuration, I restarted with the latest definitive firmware available (V5.32(ABUH.0)) and then tried to load the configurations of 23 and 17 November 2022 with the "Apply" option but without success.



    I therefore tried to load the configuration of 10/27/2022 which gave a positive result.
    Something is missing but better than having to redo the whole configuration from scratch.
    Restored the configuration of 10/27/2022 I tried to restart with the beta firmware but again the configuration was reset to the factory version.
    Before reverting to firmware V5.32(ABUH.0) I checked the "Configuration" tab and found a large discrepancy in content compared to what was displayed with the consolidated firmware.

    Beta

    Consolidated


    I therefore performed a reboot with the consolidated firmware version, restored the 10/27/2022 configuration and integrated the missing parts (at least in part).
    My fear now is that the next backups won't load.
    I will run a test as soon as possible.
    This is what happened.
    Best Regards.

    Paolo Fracas
  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    Recovery verified.
    Fortunately it works.
    Best Regards

    Paolo Fracas
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,250  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Hi @PaoloFracas

    We are glad that you recovered the service eventually. May I know the date firmware is working for you or not? (I mean the data transfer rate for NAT port forwarding of TCP6281.) Thanks.


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    edited November 2022
    When I wrote "Restore verified" I meant that after integrating the 10/27/2022 backup I could do a backup/restore configuration test, not that I could restore the 11/23/2022 configuration.
    This means that every time I restart the Firewall with the beta Firmware the configuration is restored to the factory values and consequently I cannot run any tests.
    My fear was that given the problem with two configuration backups, the restore would also fail with the subsequent ones.
    Thankfully that didn't happen.
    Best Regards

    Paolo Fracas


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,250  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Yesterday at about 14:00 local time I installed the V5.32 beta update package (V5.32(ABUH.0)ITS-22WK41-1125-221101280).
    After about 15 minutes of inactivity, unable to contact the Firewall, I had to disconnect the power and then reconnect it to see if it restarted.
    The device restarted with the previous Firmware version (V5.32(ABUH.0)) but with the factory settings, also requiring the setting of the password (IP address 192.168.1.1).

    (1).May I know did the device reboot from V5.32(ABUH.0)ITS-22WK41-1125-221101280 to V5.32 automatically? Do that two firmware run on the same partition or different partitions?  
    (2).Did the boot status appear "Fallback to system default configuration" when fallback to V5.32 firmware?


    In consideration of the boot firmware version I tried to restore the backup configuration of 11/23/2022 (last with changes) but without success.
    Maybe you can select "Ignore errors"  while applying the config by Web-GUI or CLI, as below example:


    CLI example Router# apply /conf/531ABUH0-2022-11-15-10-31-37.conf ignore-error


    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • I guess so. Because I have been noticing the anomalities for a while, as well. It may be malfunctioning.  :o
  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    (1).May I know did the device reboot from V5.32(ABUH.0)ITS-22WK41-1125-221101280 to V5.32 automatically? Do that two firmware run on the same partition or different partitions?
    After about 15 minutes of inactivity, unable to contact the Firewall, I had to disconnect the power and then reconnect it to see if it restarted.
    Different Partitions

    (2).Did the boot status appear "Fallback to system default configuration" when fallback to V5.32 firmware?



    A question... Is it normal that the "MAINTENANCE - File Manager - Configuration File - Configuration" tab is completely different depending on the firmware partition from which you boot?
    Best Regards

    Paolo Fracas

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    Hi sandra_sa,
    From my analysis the problem is not in the Port Forwarding itself but in the "Firewall Rule" that manages it.
    If I limit communications to the affected Port only (in my case TCP 6281 for Synology Backup) I have problems.
    If I allow communication to all services ("Any" parameter) and trust the Port Forwarding Rule for security, I don't see any problems.
    The strange thing is that the Log shows the traffic only for the interested port which is a nonsense.
    If the rule allows traffic outside the specific port it should highlight this.
    Regards.

    Paolo Fracas

Security Highlight