Big traffic made through NAT freezes ZyWALL USG 200

darock

Hi all!
First of all I what to thank you all for this large community! It Helped me a lot these days to understand how Zywall USG 200 works.

Here's my situation:
internet cable is connected to WAN1 and I'm connecting to internet using a PPPOE connection.
PPPOE external IP is named EXTERNAL_IP
my local FTP server is called SERVER_DEV
And I made a NAT in order  to access the local FTP SERVER from wan.


In the firewall section I have created a policy in order to be able to access the local FTP only from a specific IP Address under the name GALAXY_SERVER.


the problem is that every time I want to transfer some backups archives (size ~10Gb) to the FTP server after a few seconds the firewall stops responding or rarely is rebooting.
I've changed the adaptor(in the idea that the adaptor may not work properly) and the restarts have stopped(I think) but the firewall keeps freezing.
And while does that I cannot access it by ssh, gui, ping, etc...and neither the logs are kept.

I'm a doing something wrong ?

Thanks

Zyxel_Emily

Hi @darock,

You can follow the guide in this FAQ to check the CPU usage.

https://community.zyxel.com/en/discussion/510/how-can-i-be-sure-that-the-cpu-high-usage-is-due-to-heavy-traffic-loading

Besides, you can also onnect console and monitor the CPU status when the issue happens. If the CPU usage is quite high and the message "99% of CPU usage" appears on the console , maybe the system capavity of ZyWALL USG 200 is not enough to handling the traffic in your network. You may consider to upgrade the old model to a new model with higher system capacity. 

https://www.zyxel.com/global/en/products/next-gen-firewall/usg-flex-firewall-usg-flex-200/license-and-spec

darock

I think the problem has been solved!

I managed to capture a log entry right before a reboot


from what I read seems that this is caused by the FTP server whish is on active mode instead of passive.
Sadly I cannot change the mode of operation so I applied this instructions:
https://support.zyxel.eu/hc/en-us/articles/360001445493-Abnormal-TCP-flag-attack-detected

Now everything seems to work properly!

Is there another solution beside: firewall abnormal_tcp_flag_detect deactivate ?

Cheers!

darock

Hi Emily,
thanks for your replay.
Meanwhile I managed to fix the problem after I capture a log entry right before a system reboot



The problem was caused by a LAN FTP server whish is on active mode instead of passive.
Sadly I cannot change the mode of operation so I applied this instructions:
https://support.zyxel.eu/hc/en-us/articles/360001445493-Abnormal-TCP-flag-attack-detected


Now the system works ok, except that after a while is blocking all my connections, ports, lan, wan ssh, everything...and works only after a reboot.

I know that this system is old but right now we cannot change it.

Cheers!