show conn problems in USG60W and USG40W on 4.39 and 4.60

danyedinak
danyedinak Posts: 51  Ally Member
First Comment Friend Collector Sixth Anniversary
edited April 2021 in Security
At the CLI, typing the following command : 
show conn
and hitting tab, reveals the following sub commands. 
<div>;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;begin&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;dstcc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;fastpath&nbsp; &nbsp; &nbsp; service&nbsp; &nbsp; &nbsp; &nbsp;srccc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;user&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</div><div><cr>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destination&nbsp; &nbsp;end&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ip-traffic&nbsp; &nbsp; source&nbsp; &nbsp; &nbsp; &nbsp; status&nbsp; &nbsp; &nbsp; &nbsp; |&nbsp; &nbsp;</div>
Usually, when a semicolon (;) appears as one of the options, the command can simply be run at that point. However, hitting enter here results in : 
<div>Router# show conn;</div><div>Valid range in USG60W: <1..100000></div><div>retval = -1015</div><div>ERROR: Invalid range specified.</div><div></div>

There's also a problem with : 
show conn srccc
First, the documentation in the CLI reference guide incorrectly shows this command as : 
show conn srtcc
Second, hitting tab after the correct command produces the following : 
<div>Router# show conn srccc&nbsp;</div><div><countey code>&nbsp; &nbsp;any&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; private-ip&nbsp;&nbsp;</div>
Note that "country" is misspelled as "countey".

Here, again, the semicolon is misleading, as it is also requiring a range : 
<div><div><div>Router# show conn srccc any&nbsp;</div><div>;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <cr>&nbsp; &nbsp; &nbsp; &nbsp;begin&nbsp; &nbsp; &nbsp; dstcc&nbsp; &nbsp; &nbsp; end&nbsp; &nbsp; &nbsp; &nbsp; fastpath&nbsp; &nbsp;|&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</div><div>Router# show conn srccc any&nbsp;</div><div>Valid range in USG60W: <1..100000></div><div>retval = -1015</div><div>ERROR: Invalid range specified.</div></div></div><div></div>
The only way to continue is to include a range, as in : 
Router# show conn srccc any begin 1 end 50&nbsp;

Verified these problems on two different USG60Ws, one running 4.39(AAKZ.0) and the other 4.60(AAKZ.0) and a USG40W running 4.39.

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited November 2020

    @danyedinak
    Can I know do you type the command via web console? If so, can you access USG40W with Incognito window or clean browser cache and check it again.

  • danyedinak
    danyedinak Posts: 51  Ally Member
    First Comment Friend Collector Sixth Anniversary
    @Zyxel_Charlie
    Nope. Connected via SSH. No browser involved.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited December 2020
    @danyedinak
    I used putty and tera term and the issue did not occur.
    Can I know what application did you ssh to device? Putty or?
    Can you private message remote access for check further? I would like to connect to you device via ssh.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)