Does the USG FLEX Series have Port Forwarding problems?
All Replies
-
Hi @PaoloFracasThanks for your update. Normally, we advise the customer to back up the device config file before updating the firmware in case there is an accident. Currently, you can report this issue to us directly and we can keep following this case here. Thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
I probably didn't explain myself well.I have a series of backups but since I tried to install the beta firmware the last two (11/17/2022 - 11/23/2022) generate errors and are not loaded.The latest one on 11/23/2022 was definitely working before installing the beta firmware because I used it on 11/23/2022 itself after trying the backup simulation with a different port.As soon as I integrated the configuration changes of 10/27/2022, I report what happened.Best RegardsPaolo Fracas0
-
Yesterday at about 14:00 local time I installed the V5.32 beta update package (V5.32(ABUH.0)ITS-22WK41-1125-221101280).After about 15 minutes of inactivity, unable to contact the Firewall, I had to disconnect the power and then reconnect it to see if it restarted.The device restarted with the previous Firmware version (V5.32(ABUH.0)) but with the factory settings, also requiring the setting of the password (IP address 192.168.1.1).In consideration of the boot firmware version I tried to restore the backup configuration of 11/23/2022 (last with changes) but without success.So I tried with the previous version of 11/17/2022 but again without success.At this point I became concerned and contacted Zyxel Support in Italy who to date have not responded despite having read the messages.Given the time, I proceeded to disconnect the USG FLEX 100 and put a USG 110 on the network which in this period I used to perform Synology backups and which obviously does not have the Advanced Services Licenses.With the USG FLEX 100 disconnected from the network I then tried to install the beta version again and this time the outcome was positive.As there was the default configuration, I restarted with the latest definitive firmware available (V5.32(ABUH.0)) and then tried to load the configurations of 23 and 17 November 2022 with the "Apply" option but without success.
I therefore tried to load the configuration of 10/27/2022 which gave a positive result.Something is missing but better than having to redo the whole configuration from scratch.Restored the configuration of 10/27/2022 I tried to restart with the beta firmware but again the configuration was reset to the factory version.Before reverting to firmware V5.32(ABUH.0) I checked the "Configuration" tab and found a large discrepancy in content compared to what was displayed with the consolidated firmware.Beta
Consolidated
I therefore performed a reboot with the consolidated firmware version, restored the 10/27/2022 configuration and integrated the missing parts (at least in part).My fear now is that the next backups won't load.I will run a test as soon as possible.This is what happened.Best Regards.Paolo Fracas0 -
Recovery verified.Fortunately it works.Best RegardsPaolo Fracas1
-
Hi @PaoloFracas
We are glad that you recovered the service eventually. May I know the date firmware is working for you or not? (I mean the data transfer rate for NAT port forwarding of TCP6281.) Thanks.
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
When I wrote "Restore verified" I meant that after integrating the 10/27/2022 backup I could do a backup/restore configuration test, not that I could restore the 11/23/2022 configuration.This means that every time I restart the Firewall with the beta Firmware the configuration is restored to the factory values and consequently I cannot run any tests.My fear was that given the problem with two configuration backups, the restore would also fail with the subsequent ones.Thankfully that didn't happen.Best RegardsPaolo Fracas
0 -
PaoloFracas said:Yesterday at about 14:00 local time I installed the V5.32 beta update package (V5.32(ABUH.0)ITS-22WK41-1125-221101280).After about 15 minutes of inactivity, unable to contact the Firewall, I had to disconnect the power and then reconnect it to see if it restarted.The device restarted with the previous Firmware version (V5.32(ABUH.0)) but with the factory settings, also requiring the setting of the password (IP address 192.168.1.1).
(1).May I know did the device reboot from V5.32(ABUH.0)ITS-22WK41-1125-221101280 to V5.32 automatically? Do that two firmware run on the same partition or different partitions?
(2).Did the boot status appear "Fallback to system default configuration" when fallback to V5.32 firmware?
Maybe you can select "Ignore errors" while applying the config by Web-GUI or CLI, as below example:In consideration of the boot firmware version I tried to restore the backup configuration of 11/23/2022 (last with changes) but without success.
CLI example Router# apply /conf/531ABUH0-2022-11-15-10-31-37.conf ignore-error
Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community
0 -
I guess so. Because I have been noticing the anomalities for a while, as well. It may be malfunctioning.
0 -
(1).May I know did the device reboot from V5.32(ABUH.0)ITS-22WK41-1125-221101280 to V5.32 automatically? Do that two firmware run on the same partition or different partitions?After about 15 minutes of inactivity, unable to contact the Firewall, I had to disconnect the power and then reconnect it to see if it restarted.Different Partitions
(2).Did the boot status appear "Fallback to system default configuration" when fallback to V5.32 firmware?
A question... Is it normal that the "MAINTENANCE - File Manager - Configuration File - Configuration" tab is completely different depending on the firmware partition from which you boot?Best RegardsPaolo Fracas
0 -
Hi sandra_sa,From my analysis the problem is not in the Port Forwarding itself but in the "Firewall Rule" that manages it.If I limit communications to the affected Port only (in my case TCP 6281 for Synology Backup) I have problems.
If I allow communication to all services ("Any" parameter) and trust the Port Forwarding Rule for security, I don't see any problems.
The strange thing is that the Log shows the traffic only for the interested port which is a nonsense.If the rule allows traffic outside the specific port it should highlight this.Regards.Paolo Fracas0
Zyxel Employee
Ally Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
