Zyxel USG 110 - WEB ACCESS

DenisPereira
DenisPereira Posts: 8  Freshman Member
First Comment Friend Collector Second Anniversary
Hello,

I have change the default policy of my Zyxel USG 110 to Deny, and since then i am not able to do login in the zyxel.

Any Idea how to get access to him?

I have made an update of firmware from 4.60 to 4.70, and i have a backup of my settings with version 4.60, i will be able to reset and put my Backup of version 4.60?

Best Regards,

Accepted Solution

  • DenisPereira
    DenisPereira Posts: 8  Freshman Member
    First Comment Friend Collector Second Anniversary
    Answer ✓
    It's Solved.

    I have used the follow command:

    Router> configure terminal

    Router(config)# no firewall activate

All Replies

  • WJS
    WJS Posts: 155  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    Hi

    Hope you can access via console port

    #enable

    #configure terminal

    #show secure-policy

    Search the rule that cause you can’t access


    For example rule1

    Disable it

    #no secure-policy 1





  • alexey
    alexey Posts: 188  Master Member
    First Comment Friend Collector Fifth Anniversary
    edited November 2021
    Hi @DenisPereira

    Yes, you can apply old conf backup file from old fw, if you apply it with option "Ignore errors and finish applying the configuration file"

    But if you have access to device via console, you can log to it and disable firewall
    # configure terminal
    # no secure-policy activate
    After that you will can log via web, change default policy and activate firewall again. 

  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited November 2021
    If you have access again you should create a rule for admin access before settig the default policy to DENY.
    Additionally to protect your admin account, you should change the access port to another port than a well-known port number.
    Further you should allow the access to admin account from local zone only. Therefore you could deny the access from other zones like WAN, DMZ, etc. at SYSTEM > WWW > Admin Service Control.

    But anoher questions ... Where you've downloaded the v4.70 from? Our latest revision is v4.65 AAPH.1 WK32.
  • DenisPereira
    DenisPereira Posts: 8  Freshman Member
    First Comment Friend Collector Second Anniversary
    WJS said:

    Hi

    Hope you can access via console port

    #enable

    #configure terminal

    #show secure-policy

    Search the rule that cause you can’t access


    For example rule1

    Disable it

    #no secure-policy 1






    Yes i am able to connect via Console, when i run this command the rule is not listed here. the rule i have change is the last without a number it's like the default "rule"
  • DenisPereira
    DenisPereira Posts: 8  Freshman Member
    First Comment Friend Collector Second Anniversary
    alexey said:
    Hi @DenisPereira

    Yes, you can apply old conf backup file from old fw, if you apply it with option "Ignore errors and finish applying the configuration file"

    But if you have access to device via console, you can log to it and disable firewall
    # configure terminal
    # no secure-policy activate
    After that you will can log via web, change default policy and activate firewall again. 

    i have tried this, but the command "no secure-policy activate" is not recognized
  • DenisPereira
    DenisPereira Posts: 8  Freshman Member
    First Comment Friend Collector Second Anniversary
    Answer ✓
    It's Solved.

    I have used the follow command:

    Router> configure terminal

    Router(config)# no firewall activate

  • USG_User
    USG_User Posts: 374  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    The command for Default-Rule reads:
    secure-policy default-rule action  {allow | deny | reject}

    Try to "allow" it again fo getting back access.

Security Highlight