USG310 - Web Configurator slow to unusable over SSH tunnel

Options
Rafff
Rafff Posts: 15  Freshman Member
First Anniversary First Comment
edited April 2021 in Security

We always used to remotely administrer our beloved USG300 with Web Configurator interface tunneled over an SSH connection.

Client PC with Firefox (https) --> SSH --> LAN server --> USG300

We just powered up the USG310, did initial setup and connected it to the LAN. HTTPS Web interface works smoothly from a LAN client. On the other hand, it is deadly slow when connecting from a remote PC over the same SSH tunnel we use for USG300.

Opening the login form takes ages but, once pressed the LOGIN button, the page load stucks forever and no Web Configurator interface is ever shown.

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,061  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Rafff

    You can check if the SSH service is enabled on the device.

    image005.png

    In the default setting, SSH is not allow to the device.

    image004.png

    Go to Configuration > Object > Service > Service Group > select the Default_Allow_From_WAN_To_ZyWALL > click Edit

    image006-red.png

    Add SSH into the Default_Allow_From_WAN_To_ZyWALL

    image003-red.png


  • Rafff
    Rafff Posts: 15  Freshman Member
    First Anniversary First Comment
    edited March 2020
    Options

    SSH?? The problem was with HTTPS not with SSH! As per my previous message, the SSH tunnel is created to a LAN Server, not to the USG310. The HTTPS works well over LAN.

    Anyway, the problem looks solved now that one WAN interface on the USG310 has been activated. In my opinion the problem had something to do with eventual reverse DNS resolution performed by Zyxel on HTTPS requests, maybe for logging purposes, who knows. I do not have time to investigate now, but I've seen similar behaviour before on other appliances and was related to server DNS resolution timeout failure on client connection requests (e.g. security reverse lookups in vsftpd)

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,061  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Rafff

    Thanks for your feedback,

    If there is any related issue happens again, feel free to contact us in private message so that we can help on it directly.

  • Cristol
    Cristol Posts: 4
    Friend Collector First Comment
    Options
    https://community.zyxel.com/en/discussion/comment/12512#Comment_12512

    Hi @Zyxel_Jerry, i've the same issue with gs1900-8hp, i use ssh tunneling to access on the webui.

    On the ssh tunneling it's ok with HTTP but with HTTPs it's very slow…

    Equipment informations:

    Model Name:

    GS1900-8HP

    Revision:

    A1

    Firmware Version:

    V2.70(AAHI.5) | 02/08/2023

    It's OK in HTTPs with others devices.

    Best regards,

    Kris

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)