Default AP Group profile inaccessible on USG Flex 700 using a converted configuration
Hi team,
I've converted a startup configuration from USG310 to USG Flex 700 using your online converter. After that, I found out that editing the default AP Group profile leads to a neverending “loading” page, the same behavour happens on editing every previous profile that have been converted.
I've then recreated AP Group profiles from scratch, but since I've plenty of USGs firewalls to swap It would be nice to receive some help
Regards
Agor
Accepted Solution
-
Hi @Agor76
The reason for the issue is that some AP profile settings were lost during the application to the firewall. However, this issue has been fixed in the 5.35WK06 firmware. You can upgrade the firmware on your device and reapply the converted configuration again.1
All Replies
-
I solved the issue in other hardware (USG Flex 100W) re-inserting into the configuration the passphrase.
2 -
Hi mMontana, thank you for your quick reply.
Which passphrase exactly ?
Regards
Agor
0 -
Hi @Agor76
The reason for the issue is that some AP profile settings were lost during the application to the firewall. However, this issue has been fixed in the 5.35WK06 firmware. You can upgrade the firmware on your device and reapply the converted configuration again.1 -
Thank you Stanley,
do we have a date for an official release of the new firmware ?
Regards
0 -
Hi @Agor76,
The fix will be merged into the next official version 5.36 and the release schedule is around Mar. 29th.0 -
Thanks Emily
0 -
The one of the Wireless networks.
I had to do that even with latest firmware, for allowing the connection of the devices. But anyway… everything is fine.0 -
Hi all,
we ran into the same phenomenon while upgrading some USG 110 to out-of-the-box FLEX 500 and one USG 40 to a FLEX 100:
When you add a new AP group everything works fine, only the ones from the old USG won't open.
So, we looked at the config file with a text editor and compared the sections of the old group profiles with the newly added one:
The most evident difference was that the new AP groups have a third slot for radio settings which the old USGs didn’t have, and the radio profiles now support the 6 GHz frequency.
Somehow we suspected that the converted config might not be compatible with the latest ZLD version(s), and the converter even states so: you only get FLEX configs of v4.60.
On the other side the setup wiz of freshly unpacked firewalls always wants you to upgrade to the latest firmware – it won’t let you start with the factory-delivered “Base Firmware 12.0” (which actually seems to be a v4.29 when you look at the backup-configs afterwards).
But you can manually load a firmware package in step 3 of the wizard: either you don’t connect to the WAN or you hit the “pause” button while it still downloads from the net.
Then you can try to feed it an older firmware (for how-to look here).
For the FLEX 100 it worked (at least until now):
We got the v4.60 from here (because of the security and upgrade issues this year, Support Campus published firmwares older than the normal 3 steps back – thank you guys for that at his point!), upgraded it and that way finished the setup.
After successful login we had a v4.60 firewall, uploaded our converted config, applied it and the AP groups worked.
Now we could finish the upgrade to the current firmware v5.37: the config was correctly pulled up with it, the “old” AP groups still worked and now got their third radio setting too.
The FLEX 500 was a harder nut:
Its v4.60 was rejected as “not compatible”, we labored our way up through all minor releases until finally the v5.31 was accepted.
By that time we had not much hope that with a ZLD 5 release that recent, the 6 GHz and the third radio slot in the AP groups were not yet implemented - but they weren't!
Applying the converted config worked and the “old” AP groups opened fine with all settings and member APs still in place. Now it was only a small step to upgrade to v5.37.
The general problem is that with applying old configs to newer ZLD levels one can never be 100% sure if everything gets implemented alright.
With the FLEX 100 we were lucky that we had the firmware that matched the version of the converted config.
But with the FLEX 500 using a v4.60 config on a next generation ZLD 5, a bad feeling about this remains: it simply didn’t go through the orderly upgrade process.
Therefore, I can’t guarantee if this workaround is flawless or whether there might be other glitches hidden in some other section of the config.
Additionally, Zyxel after all might not support such a "Frankenstein" constellation.
Like they for instance explicitly state they do not with manually edited configurations.
Concerning the online converter, it looks like it didn’t receive any advancements for quite some time now - can't say if there will be conversion results with higher versions in the future, or if there might be some technical reasons why that is not possible.
But anyway it saves a lot of time migrating old configs on new firewalls manually, thx!
Finally, sorry for the length of this post!
I got carried away a bit by my relief of finding a solution, but I hope it may help others too.
Regards!
0 -
@Ferro50 Thanks for your feedback. I'm checking on this behavior, please wait for my update.
0 -
@Ferro50 Could you provide a screenshot about "Not compatible" on USGFLEX 500?
As you can see, I can apply the configuration that converted from USG110 to USGFLEX500 v4.60.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight