Real DMZ type 2.1 broken in V1.3

PeterUK
PeterUK Posts: 3,326  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited October 25 in USG FLEX H Series

USG FLEX 200H V1.30(ABWV.0)

Well this is sad in V1.21 the traffic blocking worked fine but in V1.30 there is session dropping for the bridge due to how Real DMZ type 2.1 works. So what will happen is you can get to a site fine but then oven time the FLEX200H drops the session causing loading for the connection to restart in loading things like anything a simple test is GRC.com DNS Nameserver Spoofability Test you run it then at the end it should show right away Query distribution but there is a delay.

Here is a setup of how real DMZ type 2.1 is and was fine with V1.21 I would really appreciate it if this could be fixed or a option by SSH I don't know about thanks.

VLAN443 is on port 4 of FLEX H for internet by other real DMZ setup

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,305  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @PeterUK,

    Since your DMZ setup is more complicated than the normal setup, we will ask for a remote to check the traffic flow for this issue.

    In addition, I have tested V1.30 with a normal DMZ setup, the DMZ works well.

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 29

    hi Melen

    So they are looking in to it under case #466656 so see what they say then if your still interested I give you remote access to V1.21 that works and you can switch to V1.30 to see the TCP session problem with a simple test which is

    http://www.httpvshttps.com/

    test to HTTP then HTTPS wait 20 seconds click HTTP test again and it stalls with a delay loading the page for the test