Amazon fire blocked by USG 60 W?

2»

All Replies

  • Dovetail_MD
    Dovetail_MD Posts: 81  Ally Member
    First Comment Second Anniversary
    Good morning,

    Sorry to take so long in coming back - yes the topology is ISP------Draytek 2925AC ) ) ) ) Amazon Fire.

    However over the last three or four weeks the Amazon Fire has found its way out to the interweb.

    There has been an intervening update of the USG 60 W so perhaps something has changed there or perhaps Amazon have changed something.

    Either way, all is well just now.

    Perhaps more importantly I'm trying to understand the logs as to what is being blocked and what is being allowed to come through to our system  - is there an easy guide to what is what here?

    I ask because occasionally web destinations I used to be able to get to with the Draytek I cannot get to using the USG 60 W and I've been trying to check out what exactly is being blocked.

    Best

    Andy
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @Dovetail_MD

    If USG blocked device, you can check Category to know which function block device, and then check Source IP and Destination IP to infer which rule was hit cause blocking occur.


    Charlie
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited January 2019
    @Zyxel_Emily @Dovetail_MD
    i'm not sure, but Entertain and other Streaming services required IGMPv3 and my last information is, that a ZYWALL 40/60 (W) modell is not supporting IGMPv3.
    In my case, i'm not able to use T-Entertain (IP-TV) behind a ZYWALL 40/60 (W) until IGMPv3 is embedded in a further Firmware.

    Regards
    Christian
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @ChristianG
    Regarding to IGMPv3,
    you can enable IGMPv3 in CLI interface and apply the command as below (assuming that lan1 is where you want to enable)

    After that you can do wireshark /packet capturing from the interface, you will see the version it uses:


    Charlie
  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    @Zyxel_Charlie
    thanks for the good news =)in 2017/2018 was the statement "not supported" =)
    Good to know, it's possible to enable IGMPv3

    Regards
    Christian
  • Dovetail_MD
    Dovetail_MD Posts: 81  Ally Member
    First Comment Second Anniversary
    Okay - so doing as you suggest I find that all the blocking is being done by Security Policy Control - and looking at that does not take me much further really

    Again is there a fool's guide to what this does?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @Dovetail_MD
    Can you screenshot the log page for check further?
    Currently, we do not have guide which described the details of log message, however, if you face or some information cannot understand, we can discuss on the forum. 
    Charlie

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)