help USG20- vpn

Options
baudetd
baudetd Posts: 40  Freshman Member
First Anniversary 10 Comments
in Security

Hello

I have a problem with a UGS20-VPN router.
and I'm really pissed off...

following an update to 5.36, it reset itself,

I therefore wanted to import the config but this one does not want it, it runs in endless loops.

How can we downgrade?

thanks very much !!!!

«13

All Replies

  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Reboot to the other slot firmware

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 767  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @baudetd ,

    Greeting Forum,

    Did you have serial console cable ? May I have remote session to check the issue today ?

    Please kindly provide teamviewer/anydesk if you are available. Thank you

  • WJS
    WJS Posts: 133  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    so device reboot itself endless loop ?

    If so, you should not be able to log in the GUI or CLI , you need to fix it it by console cable..

  • baudetd
    baudetd Posts: 40  Freshman Member
    First Anniversary 10 Comments
    Options
     
    hello

Here is what I did to fix the problem:

the router had reset, I accessed the interface via the default ip address.
I downgraded the firmware to 5.35.

then I reinjected my config and it worked.


However, I still have some issues. when I connect to the interface, the cpu quickly rises to 100% and from time to time during the day I no longer have access to the interface and I have small vpn connection problems (because for information, I have 2 vpn to mount on 2 other ugs20)

    then I have a "gateway timeout".
as if overloaded

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,367  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @baudetd

    ZLD5.36 Patch 2 Firmware has released. This update includes fixes for vulnerabilities, ensuring enhanced protection for your device against potential security risks.

  • baudetd
    baudetd Posts: 40  Freshman Member
    First Anniversary 10 Comments
    Options

    are you sure i didn't have problem like the previous version 5.36

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,076  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hello @baudetd

    Because V5.36P2 has CVE fixes for CVE-2023-33009 and CVE-2023-33010 and according to the symptom you mentioned "gateway timeout", we strongly suggest you update to our latest V5.36P2 firmware.

    You can follow below steps to update firmware:

    Step 1: Disconnect the WAN port connection and reboot your device.

    Step 2: Access the device's Web-GUI using the LAN port.

    Step 3: Update the firmware to our latest version, V5.36P2.

    Thanks.

  • baudetd
    baudetd Posts: 40  Freshman Member
    First Anniversary 10 Comments
    Options
    image.png

    this is my router ,

    for update

    with file for 1 running and 2 standby ?

  • Zyxel_James
    Zyxel_James Posts: 618  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @baudetd you may upgrade to both partitions. I strongly suggest you backup the configuration file

  • PeterUK
    PeterUK Posts: 2,763  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Are you able to unplug from WAN? If not add a block rule for VPN services to Zywall and reboot then upgrade standby to V5.36P2

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)