ATP800 security policy randomly skipped

lancet
lancet Posts: 4
First Comment
edited April 2021 in Security
On out recently installed zywall ATP 800 Fw we are experiencing a strange issue.
During the day, randomly, one or more firewall security policies (active) begins to be ignored  causing a specific traffic to being dropped by the default policy rule (set to drop). 
The issue persist until someone access the firewall's gui ,open the corresponding rule and , also without making any change, saves it back .  
following the zyxell expert suggestion we have disabled the session control limit in order to understand if this could be the issue, but nothing has changed. 
This issue happens from 2 to 6 times a day during different hours. 

Tagged:

All Replies

  • mdestito
    mdestito Posts: 1  Freshman Member
    First Comment Sixth Anniversary
    We have the exact same problem .......
    ATP 800 in HA Pro fw.V4.62 (ABIQ.0) / 2021-01-19
  • lancet
    lancet Posts: 4
    First Comment
    Good morning, 3 days later the issue persist.
    This is getting out of hand and is forcing me and my collegues to be always logged to eventually open and save a rule if some services fails.
    i can provide any kind of log and screenshot if needed . 
    ATP 800 in HA Pro fw.V4.62 (ABIQ.0) 
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @lancet

    Could you provide the below information to me via private message?

    (1). startup-config.conf file of your ATP800

    (2). While this symptom appears, could you reproduce the session dropping by the default policy rule and provide  Log screenshot (Web GUI > Monitor > Log  > View Log ) and diagnostic log (Web GUI > Maintenance > Diagnostics > Collect now and go to Files to download diagnostic log ) to me?

    Thanks.

     


    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • lancet
    lancet Posts: 4
    First Comment
    Good Morning Jeff,
    i'll send you the conf file asap. 
    About the logs. i'm actually collecting zywall's logs on a syslog server following this configuration : 

    So i do hope to provide what you're requesting and some more infos as soon as possible. 






  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
    Hi lancet,

    Jeff is currently away for a while.

    May it´s fine I convert your Thread into a Support Ticket to follow up here on a daily base?

    Then we can find out the root cause and provide you a working solution soon.

    Let me know and I´ll proceed.
  • lancet
    lancet Posts: 4
    First Comment
    Hi Tobias, 
    Very well . please proceed. i will add you to the private messaging session with Jeff so you can have accesso to the attachments we have already shared. 
    Also please consider , we have a previous ticket opened for the same issue: #77976 issue not solved but somehow abandoned (we have received no more infos from assistance)



  • Zyxel_Tobias
    Zyxel_Tobias Posts: 200  Zyxel Employee
    5 Answers First Comment Friend Collector Sixth Anniversary
    Hi lancet,

    thanks, we´ll analyze it and come back to you.

    Kind Regards,

    Tobias
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @lancet

    We would like to update your ATP800 to debug firmware and to see more messages.

    Could we provide this debug firmware to you to upgrade?
    After firmware upgrade, could you provide Web GUI and remote SSH or remote console PC(e.q. Teamviewer or AnyDesk) to us?

    BTW, if this symptom appears could you collect syslog and  Diagnostics log to us?


    Thanks.



    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)