Flex200 doing lots of trace route by itself
Guru Member
USG FLEX 200
V5.38(ABUI.0)
So I have a way of allowing USG to connect to its servers by VLAN443 and I allow it to route for HTTPS looking at Wireshark for all my taffic I was seeing some ping requests I tracked it down to the Flex200 and see I was blocking port 4335 so I routed that down VLAN443 and it connects fine looks to be for Nebula Cloud even if I run as stand alone. And now the Flex will not stop trace routing to your servers? Is this normal? I routed ICMP down VLAN443 and all theses trace route pings get no reply I put one of these IP on a ping check site and it gets no reply.
So whats the Flex upto and will it stop as some point?
Also a reboot does not stop it
Me thinks its a type of TTL test to your servers that port 4335 relay back and that the servers do receive a ping when the right TTL hits it but does not need to reply back as it got what it needed?
Accepted Solution
-
Hi @PeterUK
As discussed in our private msg, we accessed your device via remote SSH and noticed that it is currently in Cloud Monitoring mode but has not successfully connected. This has caused the device to repeatedly attempt to connect to the Nebula server. After disabling Cloud Monitoring mode, the device stopped making continuous connection attempts.
Kay
0
Zyxel Employee
All Replies
-
Hi @PeterUK
We couldn't replicate the same behavior on our end. Here are the settings we used and the results:
- Settings
- Result: No sign of icmp/trace route
To assist you further, could you please provide additional information? Specifically, we would appreciate if you could share the following:
- Your device’s configuration (
startup-config.conf)file. - Packet captures or logs relevant to the trace route activity.
Thank you for your cooperation!
Kay
0 - Settings
-
info sent
Interestingly if a disable the sfp the trace route stop happening
0 -
Hi @PeterUK
After reviewing your case, it seems that the device was previously in Nebula cloud mode and then reset to standalone mode. Upon the first boot after the reset, the device activates the watchdog to connect to the Nebula server, which explains the behavior you described.
Please reboot the device again, and it should operate normally.
Kay
0 -
Nope did a reboot still sending out trace route
and have deleted Organization and Site and rebooted still doing it
0 -
It seems it really don't like my routeing Zywall TCP 4335 out VLAN443 and would like to go out the SFP…
0 -
Hi @PeterUK
As discussed in our private msg, we accessed your device via remote SSH and noticed that it is currently in Cloud Monitoring mode but has not successfully connected. This has caused the device to repeatedly attempt to connect to the Nebula server. After disabling Cloud Monitoring mode, the device stopped making continuous connection attempts.
Kay
0
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
