ZW USG20W-VPN don't disable policy routes on startup

alexey
alexey Posts: 188  Master Member
First Anniversary 10 Comments Friend Collector
edited November 2021 in Security
Hi all.
ZW USG20W-VPN with V5.10(ABAR.0) / 2021-09-23 22:23:04
3 vti interfaces (vti0, 1, 2) and 2 trunks vti with vti0,1 in active/active in WWR, vti_log with vti2 active WWR.
On vti enabled Connectivity Check.
2 Policy routes
1 to remote_lan2 via vti_log with enabled option "
Disable policy route automatically while Interface link down"

2 to any via vti.

In trunk vti_log status vti2 in dead state, but route don't disable automatically

Why device don't disable routes with inactive interfaces?

Update: a
s i understand, ZW don't disable dead policy routes on startup. Only that it founds during work.

All Replies

  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    edited November 2021
    Same thing on USG1100 with V4.70(AAPK.0). Routes with dead trunks don't disable.
    On 
    V4.65(AAPK.0) all works fine.
    Update: other vti trunk with same settings was autodisabled.
    As i understand, ZW don't disable dead policy routes on startup.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @alexey
    Lab test based on your description. i can see the the policy route change to disable status.

    can you see alert log as below in Monitor > Log > View Log > Priority=alert ?


  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Cooldia
    Logs are empty

    Log enables

    CC on vti enables

  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Right after reboot i can see this events

    But vti1 sets in normal state after some time. vti0 & 2 in dead state

  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    @Zyxel_Cooldia
    Any help with this problem?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @alexey,
    We would like to conduct a lab test based on your configuration file. Can you send me your configuration file to me in private message.
  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Hi @Zyxel_Cooldia
    I sent conf file.
  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Same issue on other test site with same device on same fw.
    It don't disable routes via disconnected vti interface and via trunk with 2 disconnected vti after reboot.
    When i create them - routes disabled.
    After reboot them enabled and them don't disabled during work.

Security Highlight