USG FLEX 500: Web browsing unavailable for 5 minutes on some clients, no session limit

basq
basq Posts: 5  Freshman Member
First Comment Third Anniversary

I have a USG Flex 500 and I find that internet browsing (http + https) to the outside does not work on some clients. I mean that while one pc can't browse the other pc's on the network can. While it doesn't work you still manage to ping external websites such as www.google.com for example. Sites in the intranet always work correctly instead. Something like this had happened to me when a limit was set on the number of sessions, but now this limit is turned off. I have done several tests, turning off and on session limit, security policies, web filtering, and IPS and could not figure out what causes this problem. To solve it momentarily and get the single location back to surfing, you just need to reconnect the network card to the LAN. Do you have any idea what to look at to try to solve the annoying problem?

Regards.

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 2023

    disable content filtering on rules and disable ADP

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 892  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @basq ,

    Greeting Forum,

    The issue only on certian client PCs or random ? Could you find something in logs?

    Please kindly provdie the diaginfo when issue happened and give the problem address.

    Thank you

  • basq
    basq Posts: 5  Freshman Member
    First Comment Third Anniversary
    edited November 2023

    Hi Zyxel_Kevin,

    The problem occurs randomly.
    I attach the diagnosis file retrieved this morning

    For example, two LAN IPs that have this problem this morning:
    192.168.10.48
    192.168.10.58

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 892  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @basq,

    Thank your information.

    I found fireawall have many DNS request to different IP. It may real DNS from your ISP, but I guess it didn't recevie correct respond. so it will affect feature of UTM.

    Please kindy fixed the Zone Forwarder and keep monitoring.

    Thank you