USG FLEX 500: Web browsing unavailable for 5 minutes on some clients, no session limit

basq

I have a USG Flex 500 and I find that internet browsing (http + https) to the outside does not work on some clients. I mean that while one pc can't browse the other pc's on the network can. While it doesn't work you still manage to ping external websites such as www.google.com for example. Sites in the intranet always work correctly instead. Something like this had happened to me when a limit was set on the number of sessions, but now this limit is turned off. I have done several tests, turning off and on session limit, security policies, web filtering, and IPS and could not figure out what causes this problem. To solve it momentarily and get the single location back to surfing, you just need to reconnect the network card to the LAN. Do you have any idea what to look at to try to solve the annoying problem?

Regards.

PeterUK

disable content filtering on rules and disable ADP

Zyxel_Kevin

Hi @basq ,

Greeting Forum,

The issue only on certian client PCs or random ? Could you find something in logs?

Please kindly provdie the diaginfo when issue happened and give the problem address.

Thank you

basq

Hi Zyxel_Kevin,

The problem occurs randomly.
I attach the diagnosis file retrieved this morning

For example, two LAN IPs that have this problem this morning:
192.168.10.48
192.168.10.58

Zyxel_Kevin

Hi @basq,

Thank your information.

I found fireawall have many DNS request to different IP. It may real DNS from your ISP, but I guess it didn't recevie correct respond. so it will affect feature of UTM.

Please kindy fixed the Zone Forwarder and keep monitoring.

Thank you