ZLD4.65 & 5.02 Firmware release
Comments
-
There are a lot of updates released recently where we are not able to follow instantly since the production time must not be interupted again and again.Do I have to observe a special update order or could I jump e.g. from 4.62 directly to 4.65?0
-
The change of the 2FA page is very welcome. This allows now to block the welcome page while keeping the 2FA-page (on seperate port) which was not possible prior to this release (to my knowledge).There is one problem now. For the 2FA page you cannot chose which certificate the USG does identify itself to the client. So now everytime a user enters the 2FA page they get an error message for a bad certificate because the USG uses the default one. Is there a way to change it or do we have to wait for a future release?PS: Found the solution, it's a bug in the current version.
0 -
From my own experience, while tracing the logs, I cannot help myself making a conclusion that at some point of time during the last months, the evil side has get to their knowledge, I’m having Zyxel USG installed. The amount of attempts was heavily increasing suddenly. From specific countries. Do you confirm, the database of IP addresses, which are running USG- series has not been compromized as well?
0 -
Hi @kelmi
The attack is come from Internet. You can follow the Mitigation Steps to prevent attack from Internet.
You can follow Security Check Wizard, it will only allow trusted IP addresses you configured.
But we strongly recommend to double check your policy control rules if it allows un-trusted IP address traffic to your Intranet or ZyWALL.0 -
Just installed v4.65 (coming directly from 4.62)Two (small) bugs for your attention:1. At 4.62 the www Admin config port and SSLVPN port were the same. After the update the former port number has been taken over for both, www admin access AND new SSLVPN access. So far so good. But after changing the admin access port, the port for SSLVPN at SSLVPN Global Settings was changed, too! Then we've changed the port for SSLVPN access again to the new port. And now the USG has saved it - hopefully.2. We are using SSLVPN for VPN access of our streetworkers. Necessary security policies are in place since months and working. But after installing the v4.65 all access attempts have been refused. All security policies were still in place and USG v4.65 hasn't added any additional policies to prevent the SSLVPN access via WAN (as announced in SSLVPN global settings). Finally we had to disable the entire policy control followed by enabling it again. After that the SSL VPN access was running again.0
-
Hi @USG_User
(1) After changing the admin access port, the port for SSLVPN at SSLVPN Global Settings was changed, too!
---->We have addressed it and will fix it in next FCS version.
(2) All security policies were still in place and USG v4.65 hasn't added any additional policies to prevent the SSLVPN access via WAN.Finally we had to disable the entire policy control followed by enabling it again. After that the SSL VPN access was running again.
---->Does the symptom is reproducible after reboot device? If yes, you can send your configuration by private message to me for further check.
0 -
Hi Stan,Regarding (2): We are not able to permanently reboot our production system. I'm able to test it not before next Friday.0
-
Using a TOTP app for 2FA would be great!0
-
FYI a new version of 4.65 is released since 23/08, changelog : https://download.zyxel.com/ZyWALL_110/firmware/ZyWALL 110_4.65(AAAA.1)C0_2.pdf
0
Master Member
Freshman Member
Zyxel Employee
Ally MemberCategories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight