Network slow after firewall change

IkkI_Magna
IkkI_Magna Posts: 14  Freshman Member
First Anniversary First Comment
edited April 2021 in Security


I use USG-100 for firewall b4


It was setup at 2007 and firmware is 2.02


I purchase new firewall usg-110 last week and the firmware is v4.35(aaph.0) for replacement.


All Routing and firewall policy are copied by hand.



Client say that they access internet slower than before.


They need to "Enter" twice the browser address bar.....


Is it any idea?

«13

All Replies

  • lalaland
    lalaland Posts: 90  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    If you WAN type is static IP, don't forget to set up DNS setting on configuration > system > dns.

  • IkkI_Magna
    IkkI_Magna Posts: 14  Freshman Member
    First Anniversary First Comment
    edited December 2019

    Thx for advise,


    I have set DNS already...


    But some client will suddenly can not connect....


    Browser will show disconnect randomly.


    There are less than 50 clients only....

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @IkkI_Magna,

    Can you share the startup-config.conf of USG110 with me in private message?

  • IkkI_Magna
    IkkI_Magna Posts: 14  Freshman Member
    First Anniversary First Comment

    Hi, The last method can not solve the problem...


    Anyone help?

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @IkkI_Magna

    Can you share what else settings had you configured on your device since we had tried with your settings and everything seems to be fine.

    Or would you share the remote access to us in private message so that we can have more clear idea about the difference.

  • IkkI_Magna
    IkkI_Magna Posts: 14  Freshman Member
    First Anniversary First Comment

    I have sent config file to Emily before.

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @IkkI_Magna

    Yes this is what we had tested in our lab. Can we have remote check on your device? If you have concern about opening the remote access on the device, you can just allow the specific IP address to access it. Let us know if it's okay in private message.


    Thank you.

  • IkkI_Magna
    IkkI_Magna Posts: 14  Freshman Member
    First Anniversary First Comment

    Dear Vic,

    Would you answer me some question ?


    Regards,

    IkkI

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    @IkkI_Magna

    Regarding to your message,

    1. Can I confirm with you that do you want to block client access to device via https?(but http allow) or block client access to device via wan with any service?
    2. Go to Configuration>Network>Routing>Create the profile

    Need to create the address for destination, and create the service for your own server

    3.Can I know does the client and server on the same subnet?

  • IkkI_Magna
    IkkI_Magna Posts: 14  Freshman Member
    First Anniversary First Comment
    1. block client access to device via https & ssh
    2. I try it before...but fail...
    3. yes, same subnet.....when I use old server, it is ok, when I use new server,sometimes will be that(not always.)

Security Highlight