Trouble with Virtual Server NAT problems
USG FLEX 200H V1.20(ABWV.0)ITS-m4447
USG60W
WAN link to internet
LAN2 192.168.254.9 255.255.255.248
NAT rules for port 80 and 443 to 192.168.254.10
Flex200H
ge3 WAN3 DHCP 192.168.254.10 / 255.255.255.248
ge4 VLAN47 192.168.255.39 / 255.255.255.240
two Virtual Server NAT at rule number 22 and 23
test server on VLAN47 192.168.255.40
Incoming Interface ge3 WAN3
Source IP any
External IP INTERFACE IP, ge3
Internal IP 192.168.255.40
port
TCP 80 and the other rule 443
Enable NAT Loopback off
Problem 1
If the above rules on Flex are disabled on reboot the rules are disabled as expected but when you enable them the rules don't work then you reboot then they work.
Problem 2
On a bootup with the rules enabled all works then on USG60W you IP/MAC Binding the Flex200H WAN3 to IP 192.168.254.14 along with the NAT rules to that IP on USG60W wait on a short lease time to have the Flex change IP and test all works then disable the NAT rules on the Flex test again and the rules still work when it shouldn't.
All Replies
-
"Problem1" Yes, we are experiencing the same with Flex500H
0 -
-
I just run the test of Problem 1.
If the above rules on Flex are disabled on reboot the rules are disabled as expected but when you enable them the rules don't work then you reboot then they work.I just run the test with the follwing steps.
Internet----(10.214.48.46)USG60W----(DHCP: 192.168.254.10)USG FLEX 200H----(DHCP: 192.168.255.40)ZyWALLStep 1. Disable NAT rules on USG FLEX 200H.Step 2. Reboot USG FLEX 200H. Enable NAT rules on USG FLEX 200H again.
Test Result 1:Failed to access ZyWALL GUI because the ZyWALL's IP becomes 192.168.255.41 after USG FLEX 200H reboots.
Test Result 2:
If I set static IP 192.168.255.40 on ZyWALL, NAT rule is still working after USG FLEX 200H reboots.
Want a FREE Access Point? Participate in our campaign and share your network setup for a chance to win!
0 -
Hi Emily,
thanks for your tests but i think your lab configuration is not the same as our beacuse you are testing with only one nat rule.
In my 500h this issue appeared after some rules (5, if i remember right) and currently i have the problem active, for every new nat rule i have to reboot the firewall otherwise it doesn't work.
0 -
I can't even access the NAT page via the GUI anymore, all I get is spinny circle and it never loads, tried latest firmware 1.20ADWV.2 still doesn't work, I have 6 rules, I can see them via SSH, but can't figure out how to delete them via command line.
Also GUI pages for VPN > IPSec VPN > Remote Access VPN have no apply button so can't actually change anything
0 -
Hello @Zyxel_Emily,
i'm still here! I just installed the new firmware versione V1.20(ABZH.2) on my 500 FlexH
I created a new Nat rule (virtualserver number 14), it didn't work.
I rebooted the device and it started to work!
Do you have any news for me/us?
Thank you
0
Zyxel Employee
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight
