SecuReporter Upload fail and not using the routing rule

PeterUK
PeterUK Posts: 2,656  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Security

On USG40 V4.62

So SecuReporter was working then this happened (SecuReporter Upload fail) the USG should use this rule to go out on.

https://community.zyxel.com/en/discussion/comment/31028/#Comment_31028

Geo IP still updates fine with this rule but SecuReporter thinks it knows best and goes out OPT and not VLAN443 and fails

All Replies

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @PeterUK,

    We’d like to check this symptom further with you, can you share some info with us?

    1.      The screenshot of error message

    2.      The output of Monitor > Log > Category: myZyxel.com

    3.       USG40’s S/N and MAC address (you may give this info to us via private message)
  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer


  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @PeterUK,

     

    We checked your device was communicating with SecuReporter 2 May 2021 20:12:15(GMT+8) for the last time.

     

    Did you change any configuration in your USG40?

     

    Also, can you provide me remote access to your USG40 both for WebGUI and console access with RS-232 cable by private message?
  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2021

     No changes to the USG40 that would cause this I can still do a Geo IP updates and Device registration refresh without timeout.

    You should be able to setup a setup your end with the following

    Due to the way real DMZ and NAT setup works direct incoming packets to the OPT is limited to VPN, ICMP and DHCP this is why when the USG tries going out OPT it will never work however a PC at 192.168.255.193 is NAT from LAN1 to OPT outgoing traffic goes out OPT and the incoming comings in on WAN1 of the bridge. I also can't do trunk only VLAN443 it needs to be VLAN443 and OPT as with just VLAN443 when a In bound ICMP comes in on OPT the reply should go out OPT but goes out VLAN443.

    None of which matters because the USG should follow this rule.

    https://us.v-cdn.net/6029482/uploads/editor/sg/cibkylzqkarf.png
  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    So after a reboot due to another problem which fixed that now the Device registration refresh fail so I change the routeing rule for source any:

    So now I think 
    SecuReporter Upload is working but may fail if it stops going out VLAN443
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @PeterUK,

     

    After modifying your Policy route rule, we checked your device can communicate with SecuReporter now.

    It sends reports to SecuReporter’s server.

     

    Please verify that and let us know if you need help.


  • PeterUK
    PeterUK Posts: 2,656  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    I give it some uptime to see if the change still works.

Security Highlight