USG110 Firewall Inability to Block Websites Due to TLS 1.3 Kyber Incompatibility
Options
Zyxel_Kevin
Posts: 975 
Zyxel Employee
Zyxel Employee
in Maintenance
Question:
USG110 Firewall is not effectively blocking certain websites (e.g., social media, YouTube, online shopping, pornography) despite correct configuration. What is the cause, and how can this be resolved?
Answer:
The issue where a Zyxel USG110 firewall is unable to effectively block websites, particularly those utilizing newer encryption protocols like TLS 1.3 Kyber, is due to the device's End-of-Life (EOL) status.
- Root Cause:
- The USG110 is an End-of-Life (EOL) model and, as such, no longer receives firmware updates.
- TLS 1.3 Kyber is a new-era post-quantum cryptography feature introduced in recent firmware releases.
- Older devices like the USG110 do not possess the necessary hardware or software capabilities to effectively support or manage these newer protocols.
- This lack of support for modern protocols interferes with the firewall's ability to perform deep packet inspection and filter HTTPS domains, leading to blocking failures.
- Solutions:
- Upgrade to Newer Hardware (Recommended): The primary recommendation is to upgrade to a newer H series Zyxel device. These newer models are specifically designed to support current and emerging security protocols, ensuring effective content filtering and security capabilities.
0
Categories
- All Categories
- 440 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 528 USG FLEX H Series
- 331 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 50 Wireless Ideas
- 6.9K Consumer Product
- 292 Service & License
- 462 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight