USG40W hangs upon small basic changes

2

All Replies

  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    Device activated on network, leaving it on a few days before activating idp
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Yes... and no.
    WKxx firmwares are supported and followed by official assistance. AFAIK, they are not fully "released" unless requested or "looked for" (into KB you can access on every Weekly Firmware) due to not fully quality checked, but they work quite well.
    My experience is about latest 3.00 WKxx Firmwares for USG20 (no VPN) and USG100. USG20 are fully installed and correctly working for months. And USG100 which is my "spare boy" is reliable enough any time deployed.

    Don't forget that your device (USG40W) has the dual image feature (not available on USG20 and USG100) and this can allow you to switch between WKxx firmware and latest (currently 4.62) officially released.

    This is only my experience, @seccon, and I can understand why you strongly prefere to use an "officially released firmware" and not this version. Luckily, with Dual Image feature you can try any firmware and keep a safe release available only with a reboot.

    Please, your experience and feedback is appreciated.
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    Answer ✓

    It seems more stable, but having deactivated FW and IDP that could be the reason for that. I have ZON installed locally on my main workstation for scanning and stuff. Will activate FW today - as I write this - and we shall see what happens.
    Also making sure logging is disabled in Monitor > UTM stats > Logging. One of those things that may impact performance.
    It is kinda confusing that in some places in the interface the ports are referred to as p1-p5 and in others as wan-lan1-lan2- etc....
    Just look at Monitor > System status > Port statistics, vs Monitor > System Status > Interface Status.
    I guess Port is not really the same as Interface...

    Why is there a wan1_ppp ? Not using it....



    And I also see my DDNS settings did not work - or I need to read up on how Zyxel wants them to work - so I guess I have to make a traditional Port Forward to my SFTP server. Why so complex: https://kb.zyxel.com/KB/searchArticle!viewBlob.action?attOid=14435 ?

    Anyhow, activating FW and seeing how that fares.

  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    and i just learned what NAT-Loopback may cause if not used with caution... :'(
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    IMVHO you still don't have a "grip" on what you're doing, therefore my first suggestion is to take note of whay you're looking for and... take a full read of the manual. It will be boring, at beginning, but it will help you to avoid suddendeath mistakes.

    Port vs Interface...
    Except for P1 (WAN by default) and P5 (few more roles, like OPT or WAN2) you can assign any physical port to any zone among available and/or created
    This also means that any port between P2 and P4 can be bound to any Zone except WAN and OPT.

    Also consider that a vLan can be an interface too, so you can "stick out" more interfaces out of one single port.
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    mMontana said:
    IMVHO you still don't have a "grip" on what you're doing,
    ;) Thats ok. I have the manual on my tablet and look it up as I go. I'll admit to be more of a "learning by talking and doing" guy.

    Everything seems ok so far in regards to FW. No performance hits that I am aware of, and I told all my workers to push the network with strange stuff. The FW conf is of course untouched so far.
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    I forgot, I see up to 10% drop in speed, which was kinda expected since I asked about it some time ago.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Someone wrote that's "production" device and does not want "beta firmware". I can agree.
    But please, dude, don't do "beta settings" ;) 
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    edited May 2021
    So looking at IDP and sluggish on Registration Update.
    Been "loading" for a few minutes .
    F5. Relog. Try again. IDP Signature version current ( 2021-05-12 03:26:26 (UTC+01:00) )

    Handling IDP is quite slow but I guess it's because of data fetching. Leaving it on.
    Immediate conn test indicate a 25-30 % connectivity drop compared to with no USG40 running. Will test again. Consider this is both FW and IDP running.


  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    Just wondering after a day or so using IDP, should I not see any entries in the log? Considering I am paying for IDP it would be great to so it is actually doing something.

Security Highlight