Usg Flex 100: sometimes Nat rules stop working

LucaSantamarianova
LucaSantamarianova Posts: 10
10 Comments First Anniversary
in Security

Hi

I have an usg Flex 100 with latest firmware

After some year of perfect working from 1 month, sometimes, Nat rules stop working and the workstation software cant receive traffic from external call (external devices call the local software for record some status information)

Solution: uncheck Nat rules

Wait some minutes

Recheck Nat rules

I cant find other solution....

Thanks

Accepted Solution

«1

All Replies

  • LucaSantamarianova
    LucaSantamarianova Posts: 10
    10 Comments First Anniversary

    Ps: VPN is disabled

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,169  Zyxel Employee
    Third Anniversary 100 Answers 500 Comments Friend Collector
    edited May 2023

    Hi @LucaSantamarianova

    We suggest you can update to our latest firmware V5.36P2 for further verification. If it still has a problem, please share your running-config file with us via private message and indicate is which NAT rule cannot work sometimes. Thanks.


    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • LucaSantamarianova
    LucaSantamarianova Posts: 10
    10 Comments First Anniversary

    hi

    thanks for reply!

    after firmware updating ( more times, the last is V5.37(ABUH.0)) the issue is came back randomly another 2 times

    thanks

  • PeterUK
    PeterUK Posts: 3,152  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    edited July 2023

    Never seem this problem what type of traffic is it?

    Try disable ADP

  • LucaSantamarianova
    LucaSantamarianova Posts: 10
    10 Comments First Anniversary
    Answer ✓

  • LucaSantamarianova
    LucaSantamarianova Posts: 10
    10 Comments First Anniversary
    edited July 2023

    Small packet traffic from allarm systems (home and business)

    Thanks

  • LucaSantamarianova
    LucaSantamarianova Posts: 10
    10 Comments First Anniversary

    The ADP Is already disabled

  • PeterUK
    PeterUK Posts: 3,152  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers

    Why would a alarm systems need inbound traffic? Thats bad it should be outgoing to a server

    how do you know its stopped working?

  • LucaSantamarianova
    LucaSantamarianova Posts: 10
    10 Comments First Anniversary

    the USG FLEX is on a alarms installer.

    the systems of the various customers connect to communicate

    - the state in life

    - eventual alarms moreover,

    the control units report the lack of communication with my client's alarm centre

    also via direct connection (link to the web server of the alarm center pc hosted behind the USG http://333.555.222.111/subfolder ) technicians can access the system to verify customer problems etc.

    when the rules are blocked, the customers' systems are unable to send reports and are blocked, furthermore the system becomes unreachable at the address used by the technicians

    a simply deactivation and reactivation of the rules unlocks the issue

  • PeterUK
    PeterUK Posts: 3,152  Guru Member
    Community MVP 2500 Comments Sixth Anniversary 100 Answers
    edited July 2023

    Not sure it will help but try increasing UDP Session Time Out to 120 in Session control

    you could do a packet capture of the port will help

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)