USG 100 Flex stuck twice in two weeks

mMontana

Facts

January 28 roughly 10:00 am customer calls me reporting not working internet access. Already contacted the ISP, which says "Our CPE is fine, you're not flowing any traffic among your interfaces.
I contacted ISP too, verifying that the connected device (USG 100 Flex) was not making any traffic, while seeing the device connected on the CPE port.

Device was power-disconnected, waited roughly 1-2 minutes, then restarted. Worked without hiccups since.

I was contacted more or less 1 hour ago (February 13, 09:30), a more skilled person was handling the issue onsite.
Situation was more or less the same, my remote monitoring told me than since 4:00AM CET a port-forwarding server was not accessible, whatever the USG was reachable and "queriable" at least from the monitoring.
No internet traffic possible.

The person onsite reported me that the device was way hotter than expected. For giving contest: this person had USG40 working almost flawlessly from 2017 until the dismissal, during 2022 for this USG Flex 100. Devices are more or less in the same spot (1cm left or right, same rack space, same height, same dust level).
Device is in a closed, rack, 1 door away from an office which is heated during winter and cooled in summer; normal ambient temperature is roughly 22°C in winter and 27°C in summer.

After two power cycles (the first one lead to still an hiccup situation) the device is reporter "normally warm" for a metal cased Zyxel firewall. Now the device works.

Services Running

-AP controller
-DHCP server
-DNS server
-GEO IP db used
-firewall rules (total rule number 34)
-IPSec gateway (1 connection, since evening the AES IPSEC connection sends data for offsite backup)
-L2TP gateway (weekly used)
-SSLVPN Gateway (never used)
-WAN1 continuosly active + 2 LANS continuosly active + 3 vLans continuosly active + DMZ continuosly active + WAN2 configured as backup and now disconnected (4g router ready to power on)
-DMZ is directly connected to a computer, not mediated by a switch.

No subscriptions active.

Configuration is roughly the same of the replaced USG40, way distant from the device capabilities, AFAIK.
Latest Firmware (5.39P1). Serial number starts with S22, available to share with Zyxel representatives. For remote access permission has to be requested.
Available to share more details about config if necessary.

Question for Zyxel

Are you aware of any batch of USG Flex 100 with thermal issues?
I am aware of recent content filtering "bad moment" stucking devices but this one never activated, outside the forced trial, content filtering…

Are you aware about device that might be get stuck in too much power consumption that leads to thermal hiccup?

Is there any temperature sensors in the device? Temperature data is accessible from the web interface? Or can be reported via eMail as timed report?

Zyxel_Melen

Hi @mMontana,

Are you aware of any batch of USG Flex 100 with thermal issues?

Could you provide me with the serial number to check if your device is in the range of issues? Also, please help by sharing the diagnostic info if you have collected it after the problem happened.

Are you aware about device that might be get stuck in too much power consumption that leads to thermal hiccup?

The maximum power consumption will not lead to overheating unless the user places any device on the firewall, which can cause poor heat dissipation. In previous cases, the device will reboot when overheating.

Is there any temperature sensors in the device? Temperature data is accessible from the web interface? Or can be reported via eMail as timed report?

No, USG FLEX 100 can't get the temperature data since it doesn't have a fan and sensor.

mMontana

Hi @Zyxel_Melen,

you received the serial via PM.

no info was collected after the device started.
However, I did not received any alert about something going wrong. If you think is useful, I'll follow any procedure to collect diagnostic info and provide it to you.

No device is put on top of USG Flex 100.
While in a rack is on a rack mounted slotted tray, with provided rubber feets installed on the lower panel and more ore less 8-10 centimeters of free air before reaching the next rack-mounted device.
The firewall is aside to a desktop NAS carrying 3,5" drives… so there's reasonable space for heat dissipation and air movement; in the same exact location USG 40 worked uninterrupted for 5 years (and serving me now quite nicely)

I'm curious about the "device rebooted itself". for overheating. How this could be possible, considering there's no thermal sensor on USG Flex 100 board? Thermistore on the board?

Zyxel_Melen

Hi @mMontana,

Our engineer asked for the diagnostic info so they can check if there are any error logs when the issue happens. I will send a request in our previous private message.

No device is put on top of USG Flex 100.

While in a rack is on a rack mounted slotted tray, with provided rubber feets installed on the lower panel and more ore less 8-10 centimeters of free air before reaching the next rack-mounted device.

The firewall is aside to a desktop NAS carrying 3,5" drives… so there's reasonable space for heat dissipation and air movement; in the same exact location USG 40 worked uninterrupted for 5 years (and serving me now quite nicely)

💯 I just share our experience because a few users stacked their firewall with other devices…

I'm curious about the "device rebooted itself". for overheating. How this could be possible, considering there's no thermal sensor on USG Flex 100 board? Thermistore on the board?

The information I referenced is in this FAQ. In addition, the reboot behavior is based on the behavior of the USG FLEX 500/700, which has a fan and sensor. USG FLEX 100 might not be the same, but I will confirm the behavior and update you.

mMontana

I hope to put what comes next in the most proper way…

From the faq, the phrase might be uncorrect.

However, USG FLEX 50/100/200 are smaller models that do not have fans. So we cannot check the temperature of the unit.

"Check" means know/verify/read… "Control" should mean change in some way.
Therefore

AFAIK most of the fans used in IT/networking are not temperature sensor equipped, while having some metodologies to regulate and sense the speed (PWM and so forth). In USG20 (not VPN) there is a tachometer fan.
So
The device should know and understand if the fan is operating… while having sensors on the board for check the temperature and… start the fan if necessary.

What does not have much sense to me is the "reboot if overheated" behavior… without any temperature sensor available. I made the guess thermistor because the resistance change would trigger a electric device if needed… like a "reset switch". This works even without any logic reacting into the software.

mMontana

No answers… but whatever.

Diagfile provided.