USG210 no connection to Internet, fresh out of the box
Freshman Member
Hi to all
Yesterday my Cisco Firewall went dead so I ordered and received today a Zyxel USG210. Now I am trying to set it up and get a connection outside but it doesn't work and I don't know why.
My Settings:
On Wan1: Ethernet (no PPToE) fix IP Adress and Subnet, as in the previous Firewall
On Lan1, Port4: Fix IP Adress and Subnet, no DHCP active. I have a dhcp server and the fix IP address of the firewall is the gateway for the clients.
Is it possible with a fresh USG210, after the settings above, to connect to the Internet or do I have to make some new rules somewhere? I just need to get the connection to the Internet for my company at first, then I will look at vpn and port forwarding stuff.
Thanks from Switzerland
Dejan
Yesterday my Cisco Firewall went dead so I ordered and received today a Zyxel USG210. Now I am trying to set it up and get a connection outside but it doesn't work and I don't know why.
My Settings:
On Wan1: Ethernet (no PPToE) fix IP Adress and Subnet, as in the previous Firewall
On Lan1, Port4: Fix IP Adress and Subnet, no DHCP active. I have a dhcp server and the fix IP address of the firewall is the gateway for the clients.
Is it possible with a fresh USG210, after the settings above, to connect to the Internet or do I have to make some new rules somewhere? I just need to get the connection to the Internet for my company at first, then I will look at vpn and port forwarding stuff.
Thanks from Switzerland
Dejan
0
Comments
-
Hi Dejan. While I haven't worked with a 210 just yet, I've been using Zyxel security devices for years and - yes - they all worked a-ok out of the box for/when connecting to the Internet.
Given the specifics of your setup, I wonder if this might be a DNS issue ?
Also, perhaps power-cycle any switches that are in the path in case of a stale ARP cache.
I'd also take the step of specifically clearing the ARP cache on a Windows workstation that's having a problem getting out to the Internet, ie: run command as an admin and invoke:netsh interface ip delete arpcache
Hope that helps !Best,-- David0 -
Hi David
Thanks for your fast answer.
I also thought about DNS. My Server gives the DNS Servers to the clients. But anyway I put the DNS Servers from my provider in the /System/DNS/Domain Zone Forwarder.
But this is not the main problem. I cannot even ping the google DNS, 8.8.8.8.
And I am trying with a Mac and a Windows Client.0 -
Ok, but a switch that has a stale ARP cache will still need to be power-cycled, that's what this really sounds like.
Can you ping the USG210 at it's LAN ip address ? You should be able to and if not, disable any firewall on the client machine, and clear the ARP cache.
On a Mac this is done via (the Terminal with the command, invoked by pressing Enter):<span>sudo </span><b>arp</b><span> -a -d</span>
0 -
Hi @Deki,
Here the steps that you can check the issue.
1. On USG CLI,
(1) # ping <wan gateway ip address>
(2) # show arp-table ; to check if the gateway reply arp
2. On client in lan side, ping 8.8.8.8
(1) On USG CLI,
# packet-trace interface lan1 ip-proto icmp ; check if the ping is go into lan of USG or not
# packet-trace interface wan1 ip-proto icmp ; check if the ping is go out from wan of USG or not
1
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
