USG FLEX 500: Web browsing unavailable for 5 minutes on some clients, no session limit

Options
basq
basq Posts: 5
First Anniversary First Comment

I have a USG Flex 500 and I find that internet browsing (http + https) to the outside does not work on some clients. I mean that while one pc can't browse the other pc's on the network can. While it doesn't work you still manage to ping external websites such as www.google.com for example. Sites in the intranet always work correctly instead. Something like this had happened to me when a limit was set on the number of sessions, but now this limit is turned off. I have done several tests, turning off and on session limit, security policies, web filtering, and IPS and could not figure out what causes this problem. To solve it momentarily and get the single location back to surfing, you just need to reconnect the network card to the LAN. Do you have any idea what to look at to try to solve the annoying problem?

Regards.

All Replies

  • PeterUK
    PeterUK Posts: 2,865  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2023
    Options

    disable content filtering on rules and disable ADP

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 799  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @basq ,

    Greeting Forum,

    The issue only on certian client PCs or random ? Could you find something in logs?

    Please kindly provdie the diaginfo when issue happened and give the problem address.

    Thank you

  • basq
    basq Posts: 5
    First Anniversary First Comment
    edited November 2023
    Options

    Hi Zyxel_Kevin,

    The problem occurs randomly.
    I attach the diagnosis file retrieved this morning

    For example, two LAN IPs that have this problem this morning:
    192.168.10.48
    192.168.10.58

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 799  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @basq,

    Thank your information.

    I found fireawall have many DNS request to different IP. It may real DNS from your ISP, but I guess it didn't recevie correct respond. so it will affect feature of UTM.

    Please kindy fixed the Zone Forwarder and keep monitoring.

    Thank you

Security Highlight