USG 1100 critical issue - after upgrading from v4.31 to v4.33 routing from/to vlans stops working
Once I upgraded to v4.33 the following routing scenarios (which work with firmware v4.31) stopped working:
- ping the USG from a device on a vlan
- access the internet from a device on a vlan
- ping from any device on a vlan to a device on a lan
- ping from any device on a lan to a device on a vlan
- ping from any device on a vlan to a device on another vlan
- device on a vlan can not get an IP address from DHCP
The following routing scenarios continued to work as expected on v4.33:
- ping the USG from a device on a lan
- access the internet from a device on a lan
- ping from any device on a lan to a device on another lan
- device on a lan can get an IP address from DHCP
All network devices get their IP address from DHCP which is configured on the USG for each lan and vlan utilizing IP/MAC binding. In my list above a device described as on a "lan" has network traffic which is untagged and gets its IP address from the subnet defined on the Ethernet tab of Network/Interface of USG. In my list above a device described as on a "vlan" has network traffic which is tagged with a vlan and gets its IP address from the subnet defined on the VLAN tab of Network/Interface of USG.
When I roll the USG 1100 back to v4.31 (without any other changes) everything starts working again.
I'm happy to provide any additional information to get this critical issue resolved. Currently the USG 1100 is back on 4.31. I have several other USGs and Zywalls that are waiting to be upgraded but I am holding off until this problem is fixed.
Accepted Solution
-
Hi @imaohw,
Yes, you can upgrade directly from v4.31 to v4.35.
In the following example, the original firmware of the running partition is 4.31.
Running – 4.31
You can upload 4.35 to the standby partition and reboot the device.
The firmware in the running partition now is 4.35. The firmware 4.31 is still kept in standby partition.
Standby – 4.31
Running – 4.35
5
All Replies
-
Going to V4.33 for a VLAN what zone have you selected?
Form a device with static IP on the VLAN when you ping the internet (8.8.8.8) does it show as blocked in the logs?
try changing on the VLAN interface type from internal to general
0 -
@PeterUK - thanks for responding. No changes in the configuration have been made from v4.31 to v4.33. Different vlans are in different zones depending on the security policy that needs to be applied to traffic on that vlan. See example below:
Interestingly there are no log entries for traffic from the vlan (I tried pinging 8.8.8.8) even when there is a security policy for all traffic in that zone set to log. It is as if the USG is not "seeing" the traffic from vlans.
I will try changing the interface type to general. Any particular reason for that suggestion?0 -
Changing the interface type to general is a mix of external and internal and maybe there is a bug with VLAN's and internal unlikely but you never know.
Maybe a bug or change with – or _ try with base port without – or guest and Zone without _ names you may have to remove the VLAN and add it back in on V4.33
0 -
0
-
@Zyxel_Emily - can I upgrade directly from v4.31 to v4.35?
I would like to keep v4.31 on the USG so I can roll back to a known working firmware if I need to.0 -
Hi @imaohw,
Yes, you can upgrade directly from v4.31 to v4.35.
In the following example, the original firmware of the running partition is 4.31.
Running – 4.31
You can upload 4.35 to the standby partition and reboot the device.
The firmware in the running partition now is 4.35. The firmware 4.31 is still kept in standby partition.
Standby – 4.31
Running – 4.35
5
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight