ZyWALL USG 100 Plus and TLS 1.2

k1601
k1601 Posts: 9  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited April 2021 in Security

Hello!

Is it possible to enable TLS 1.2 on the ZyWALL USG 100 Plus?

I know that it is old device and support closed but maybe exist some variants? (like this for the old USG 300 https://businessforum.zyxel.com/discussion/3477/zywall-usg-300-and-tls-1-2)

Most popular browsers stop supporting TLS 1.0 and 1.1 and use modern browsers for control will be impossible.

Thanks!

Comments

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,296  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @k1601

    ZyWALL USG100 Plus does not support TLS1.2.

    If TLS1.2 is needed, you can consider USG110 which supports TLS1.2

    Here is the information of USG110

    https://www.zyxel.com/tw/zh/products_services/Unified-Security-Gateway-USG110-210-310/introduction

  • k1601
    k1601 Posts: 9  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hello!


    But I have a problem with update my USG-100Plus.

    When I try to update firmware from 3.30(AACV.7)ITS-WK28-r72114 to the "USG 100-PLUS 330 AACV v3.30P9 (WK48)" process stopped.

    On the console displays:

    [Update Filesystem]
            Updating Filesystem
            [/util/zld_fsextract]

    and rotated slash.

    At this stage (slash rotated) very long time (one week) without any others actions. I was able to interrupt it only by turning off the power, after which the device does not boot with the message on the console:

    FLASH: AMD 16M

    BootModule Version: V1.17 | 12/01/2011 05:20:17
    DRAM: Size = 256 Mbytes

    Kernel Version: V2.6.25.4 | 2016-07-14 09:27:45
    ZLD Version: V3.30(AACV.7)ITS-WK28-r72114 | 2016-07-14 10:14:06

    Press any key to enter debug mode within 1 seconds.
    .....................


    BM cmd line: console=ttyS0,115200 root=/dev/ram init=zyinit "-r /dev/sda", address: 0x100000

    Uncompressing Linux...done.
    Start to check file system...
    /dev/sda2: 26/17352 files (3.8% non-contiguous), 16993/69296 blocks
    /dev/sda3: 152/41120 files (28.9% non-contiguous), 45664/163841 blocks
    Done
    mount: wrong fs type, bad option, bad superblock on /dev/loop0,
           missing codepage or other error
           In some cases useful info is found in syslog - try
           dmesg | tail  or so

    Kernel panic - not syncing: Attempted to kill init!

    I can restore the device via flashed the database only (firmware restore didn't help). After the restoration the device works normally with the all my old settings.

    I tried hardware reset device before upgrade - it didn't affect. What could be the reason and how can I flash the device?



  • shani
    shani Posts: 4
    First Comment

    same problem here. The wk48 version was applied and it was stuck, had to recover. Anyone able to apply the firmware?

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @shani ,

    Greeting Forum, Please kindly try to hardware reset.

    Also we recommend that you replace your appliance due to security issues and performance concerns as USG100 has been end of service for a while.

    Thank you

  • shani
    shani Posts: 4
    First Comment

    Thanks @Zyxel_Kevin, however after reset, it still didn't work, so i put the previous firmware and applied the settings to get back to where i was,

    Welcome to ZyWALL USG100-PLUS

    Username: admin
    Password:
    Router> configure[resd] Sending signal to zyshd_wd

    Configuration has been restored to system default.

    Welcome to ZyWALL USG100-PLUS

    Username:
    Terminate All Processes: OK
    kill_process_and_umountfs() returns -6
    Restarting system.
    FLASH: AMD 16M

    BootModule Version: V1.17 | 12/01/2011 05:20:17
    DRAM: Size = 256 Mbytes

    Kernel Version: V2.4.27 | 2015-01-08 20:52:20
    ZLD Version: V3.30(AACV.7) | 2015-01-14 21:15:46

    Press any key to enter debug mode within 1 seconds.
    .....................

    BM cmd line: console=ttyS0,115200 root=/dev/ram init=zyinit "-r /dev/sda", address: 0x100000

    Uncompressing Linux...done.
    Start to check file system...
    /dev/sda2: 31/17352 files (0.0% non-contiguous), 61557/69296 blocks
    /dev/sda3: 116/41120 files (4.3% non-contiguous), 22984/163841 blocks
    Done

    INIT: version 2.86 booting
    Initializing Debug Account Authentication Seed (DAAS)... done.
    Setting the System Clock using the Hardware Clock as reference...System Clock set. Local time: Wed May 24 09:32:23 DGMT 2023
    INIT: Entering runlevel: 3
    Starting zylog daemon: zylogd zylog starts.
    Starting syslog-ng.
    Starting ZLD Wrapper Daemon....
    Starting uam daemon.
    Starting App. Patrol Daemon.
    Starting myzyxel daemon.
    Starting periodic command scheduler: cron.
    Start ZyWALL system daemon....
    Check signature package
    .......................................
    Got LINK_CHANGE
    Port [2] Copper is up --> Group [2] is up
    ...............................................Applying system configuration file, please wait...
    no startup-config.conf file, Applying system-default.conf
    Use system default configuration file (system-default.conf)
    ZyWALL system is configured successfully with system-default.conf

    Welcome to ZyWALL USG100-PLUS

    Username: admin
    Password:
    Router> FLASH: AMD 16M

    BootModule Version: V1.17 | 12/01/2011 05:20:17
    DRAM: Size = 256 Mbytes

    Kernel Version: V2.4.27 | 2015-01-08 20:52:20
    ZLD Version: V3.30(AACV.7) | 2015-01-14 21:15:46

    Press any key to enter debug mode within 1 seconds.
    .......
    Enter Debug Mode

    USG100-PLUS> atkz –f –l 192.168.1.1

    ERROR

    USG100-PLUS> atkz –f –l 192.168.1.1

    ERROR

    USG100-PLUS> atkz –f –l 192.168.1.1
    ERROR

    USG100-PLUS> atcd 0
    ERROR

    USG100-PLUS> atkz -f -l 192.168.1.1
    -f -l 192.168.1.1
    OK

    USG100-PLUS> atgof
    Booting...

    Now booting kernel in FLASH
    BM cmd line: console=ttyS0,115200 root=/dev/ram init=zyinit "-f -l 192.168.1.1 -r /dev/sda", address: 0x100000

    intird start:0000000084136000 size:00000000000781A3

    vmlinux start:0000000084006000 size:000000000012FD5C

    Uncompressing Linux...done.
    mount: fs type sysfs not supported by kernel

    Connect a computer to port 6 and FTP to 192.168.1.1 to upload the new file.

    Firmware received ...
    Start to check file system...
    Done

    Building ...

    [Update Filesystem]
    Updating Code
    -/rw/compress.img bad CRC d05c62e9 (should be d6eda5d8)
    (may instead be incorrect password) //rw/compress.img bad CRC d05c62e9 (should be d6eda5d8)
    (may instead be incorrect password) /rw/compress.img bad CRC d05c62e9 (should be d6eda5d8)
    (may instead be incorrect password) \

Security Highlight