USG40W hangs upon small basic changes

2

Answers

  • SecCon
    SecCon Posts: 51  Ally Member
    Device activated on network, leaving it on a few days before activating idp
  • mMontana
    mMontana Posts: 428  Master Member
    Yes... and no.
    WKxx firmwares are supported and followed by official assistance. AFAIK, they are not fully "released" unless requested or "looked for" (into KB you can access on every Weekly Firmware) due to not fully quality checked, but they work quite well.
    My experience is about latest 3.00 WKxx Firmwares for USG20 (no VPN) and USG100. USG20 are fully installed and correctly working for months. And USG100 which is my "spare boy" is reliable enough any time deployed.

    Don't forget that your device (USG40W) has the dual image feature (not available on USG20 and USG100) and this can allow you to switch between WKxx firmware and latest (currently 4.62) officially released.

    This is only my experience, @seccon, and I can understand why you strongly prefere to use an "officially released firmware" and not this version. Luckily, with Dual Image feature you can try any firmware and keep a safe release available only with a reboot.

    Please, your experience and feedback is appreciated.
  • SecCon
    SecCon Posts: 51  Ally Member
    and i just learned what NAT-Loopback may cause if not used with caution... :'(
  • mMontana
    mMontana Posts: 428  Master Member
    IMVHO you still don't have a "grip" on what you're doing, therefore my first suggestion is to take note of whay you're looking for and... take a full read of the manual. It will be boring, at beginning, but it will help you to avoid suddendeath mistakes.

    Port vs Interface...
    Except for P1 (WAN by default) and P5 (few more roles, like OPT or WAN2) you can assign any physical port to any zone among available and/or created
    This also means that any port between P2 and P4 can be bound to any Zone except WAN and OPT.

    Also consider that a vLan can be an interface too, so you can "stick out" more interfaces out of one single port.
  • SecCon
    SecCon Posts: 51  Ally Member
    mMontana said:
    IMVHO you still don't have a "grip" on what you're doing,
    ;) Thats ok. I have the manual on my tablet and look it up as I go. I'll admit to be more of a "learning by talking and doing" guy.

    Everything seems ok so far in regards to FW. No performance hits that I am aware of, and I told all my workers to push the network with strange stuff. The FW conf is of course untouched so far.
  • SecCon
    SecCon Posts: 51  Ally Member
    I forgot, I see up to 10% drop in speed, which was kinda expected since I asked about it some time ago.
  • mMontana
    mMontana Posts: 428  Master Member
    Someone wrote that's "production" device and does not want "beta firmware". I can agree.
    But please, dude, don't do "beta settings" ;) 
  • SecCon
    SecCon Posts: 51  Ally Member
    edited May 17
    So looking at IDP and sluggish on Registration Update.
    Been "loading" for a few minutes .
    F5. Relog. Try again. IDP Signature version current ( 2021-05-12 03:26:26 (UTC+01:00) )

    Handling IDP is quite slow but I guess it's because of data fetching. Leaving it on.
    Immediate conn test indicate a 25-30 % connectivity drop compared to with no USG40 running. Will test again. Consider this is both FW and IDP running.


  • SecCon
    SecCon Posts: 51  Ally Member
    Just wondering after a day or so using IDP, should I not see any entries in the log? Considering I am paying for IDP it would be great to so it is actually doing something.

Security Highlight