Firmware 4.30 problem

Tomi
Tomi Posts: 7  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
Hello,

I'm having a problem with a version 4.30 (USG 1900 with device ha pro). The USG is terminating sessions between vlan interfaces. This happens several times per day without any reason.  With a version 4.25 no problems and the configuration and topology is same.

Comments

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello Tomi,
    To analyze this case,
    I would like to know
    1. Topology of this case,
    2. Which vlan interfaces can not communicate with each other?
    3. What kind of session(RDP, https...), and direction of session?
    please private message the configuration to me.
    Charlie
  • Tomi
    Tomi Posts: 7  Freshman Member
    First Anniversary First Comment
    Hello Charlie,

    I did find the reason for the problem. I did use general type of vlan interfaces and there is a new feature called proxy-arp, you can't disable this feature from a GUI (maybe a bug). I did change all vlan interface to the internal type and now the sessions remains. I'm quite sure that there is a bug general type of interfaces or proxy-arp feature. In my case the session type was IMAP4 without any UTM features enabled.

    Tomi
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello Tomi,
    Just want to confirm that you cannot disable the proxy-arp?
    I checked locally, I can disable or enable the this feature after I upgrade the firmware to 4.30.
    Therefore, please private message the configuration to me for checking further. 
    Charlie
  • Tomi
    Tomi Posts: 7  Freshman Member
    First Anniversary First Comment
    Hello Charlie,

    I did send the configuration to you.

    I can disable the proxy-arp, but if the interface type is general it won't save it to the configuration via GUI.

    Yestarday the older USG device went to active member of Device HA Pro and now I'm having the same original problem. I did check the configuration and interfaces are internal types and proxy-arp is disabled. Now it seems that I'm having also somekind of hardware problem also...

    Tomi
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello Tomi,

    After checked, we confirmed that this is an issue. We will fix this issue in the future release.

    Charlie

     

  • Tomi
    Tomi Posts: 7  Freshman Member
    First Anniversary First Comment
    Hello Charlie,

    I'm still having the original problem. USG is still disconnecting sessions randomly between interfaces (internal type) and causing lot of problems in our services. Also with this version downloading logs from USB doesn't work, it will break those files somehow. Please check also integration with VRPT 4, it doesn't work in my case.

    Lot of problems in this version and I have to downgrade the firmware now.

    Tomi
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello Tomi,
    I checked the "VRPT" and "downloading logs from USB" locally with your configuration, and this is working without issue.
    For VRPT case,
    can you try again with this latest version.(VRPT4.0.05.61.01_20171208)
    Link: https://drive.google.com/file/d/1ih7t2TbYucLHKr6z7rRnOAF_nYre47HM/view?usp=sharing

    The case of "downloading logs from USB",
    on your side, the log message cannot be downloaded to USB? Have you changed other USB to try?
     

    Moreover, for interfaces are randomly interrupted,
    can you share the topology of this case with IP? and how do you know the vlan these interfaces are randomly interrupted?
    Charlie
  • CoreSG
    CoreSG Posts: 40  Freshman Member
    First Anniversary Friend Collector First Comment
    This topic was one of the only two results when I searched for VRPT (nothing came up for Vantage Report).

    I had it working - after a fashion - in a Windows Server 2012R2 VM, but it appears a recent security update has killed the install and I'm unable to re-isntall it.

    Zyxel_Charlie - please know that the version you shared here was flagged by VirusTotal as containing a Trojan.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    Hello CoreSG,
    The VRPT4.0.05.61.01_20171208 which is our official file. Since the file is .exe, the firewall may mis-judged as virus. Moreover, would you please try to disable the firewall during installation.
    Charlie

  • sk8erbender
    sk8erbender Posts: 74  Ally Member
    First Anniversary Friend Collector First Comment
    Guys !!! I'm singing up for this problem( my device is USG60W )
    Got like 10-20 reboots yesterday , all office went to chaos. Today I reverted back to prevoious firmware 4.25 seems to be working now...

Security Highlight