ZyXel USG20-W - internet failing and VPN issue.
Freshman Member
Hello, I am running quite old ZyXel USG20-W with latest firmware (upgraded today) and I started experiencing some issues couple days ago. We had internet connection outages while downloading big updates and so on. So we changed internet provider and swaped from 40Mb internet to 100Mb internet connection. We are now able to download large file without interupting rest of our Office but we have another issue. When we copy large files (8 - 35GB) thought IPsec VPN (there is only one tunnel) to our company internet connection fail, copy of files crashes (it is running during night time). I started to copy files now, ping to GW (USG20-W) is between 30 - 60ms and to internet between 50 - 120ms. I wanted to check ZyXel via web interface but it is not loading login page. I tried SSH also, but it is not able to connect. I tried ping from server (to which data are copied via IPSec tunnel) to internet and it works, but DNS is not translating while data copy on mentioned server (DNS is fine on other assets while data copying, DNS is ZyXel and second one is google).Do you think that our USG20-W is at the limit of service life? I would say it should be able to load login page at least. When we are not downloading login page works fine and SSH also. There is only FW running, no security features are on.
Thank you.
Accepted Solution
-
Hi @JanSery,
When the issue occurs, could you please confirm whether the CPU usage on the device is high? (If yes, do you know approximately how high it goes?)
Also, please confirm if the model you mentioned — “ZyXel USG20-W” — refers to the USG20W-VPN device? (Heavy IPsec VPN traffic can place a significant load on the device due to the encryption and decryption processes.)
From your description, it’s likely that the issue is related to CPU saturation, network instability, and management interface unresponsiveness under heavy load during large file transfers over the IPsec VPN. The fluctuating ping times you observed also suggest the device is under strain.
If the CPU usage is confirmed to be high, you may try the following temporary workaround: configuring Bandwidth Management (BWM) on the firewall to limit VPN traffic and prevent the device from running at full load.
- Go to Configuration > Bandwidth Management > Add/Edit → Enable it, then add a rule to limit the bandwidth for VPN traffic
Zyxel Tina
0
Zyxel Employee
All Replies
-
Hi @JanSery,
When the issue occurs, could you please confirm whether the CPU usage on the device is high? (If yes, do you know approximately how high it goes?)
Also, please confirm if the model you mentioned — “ZyXel USG20-W” — refers to the USG20W-VPN device? (Heavy IPsec VPN traffic can place a significant load on the device due to the encryption and decryption processes.)
From your description, it’s likely that the issue is related to CPU saturation, network instability, and management interface unresponsiveness under heavy load during large file transfers over the IPsec VPN. The fluctuating ping times you observed also suggest the device is under strain.
If the CPU usage is confirmed to be high, you may try the following temporary workaround: configuring Bandwidth Management (BWM) on the firewall to limit VPN traffic and prevent the device from running at full load.
- Go to Configuration > Bandwidth Management > Add/Edit → Enable it, then add a rule to limit the bandwidth for VPN traffic
Zyxel Tina
0 -
Hello Tina,
thank you for your answer. I have another answer from other source and problem is in ZyXel and its performance. As I am not able to log in to device while problem is occuring we decided to move to new HW from other vendor. Thank you for your answer.
0 -
Hi @JanSery,
Thank you for your feedback, and we're sorry to hear that you have decided to move to another vendor's hardware.
Should you consider Zyxel products in the future, we would recommend looking into our security models with higher CPU performance that would be better suited to handle your environment's requirements, particularly for demanding VPN workloads.
We appreciate your time in this community, and if there's anything else we can assist you with, please don't hesitate to reach out.
Zyxel Tina
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 202 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.3K Security
- 515 USG FLEX H Series
- 328 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.9K Consumer Product
- 288 Service & License
- 458 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 85 About Community
- 97 Security Highlight
