GEO IP update error (firmware V5.37(ABFW.0)

a1601 · August 2023

I seem to understand a little. The device has configured WAN reservation through rules, traffic from subnets is normally regulated by them. But the traffic from the device itself does not fall into the existing rules. And the device "does not know" through which interface to send requests.
How to configure it correctly through the rules so that requests from the device go through the current active interface?

PeterUK · August 2023

make two new rules In routing make them the top rule

incoming ZyWALL

service HTTP/HTTPS

next hop your WAN interface

Zyxel_Jeff · August 2023

Hi @a1601

Many thanks for your discovery so far. Please let us check it and kindly wait for our update.

Zyxel_Jeff · August 2023

Hi @a1601

We notice the WAN2 interface cannot ping to 8.8.8.8, therefore when the firewall tries to resolve the Geo-IP DB URL(cdn.cloud.zyxel.com) by 8.8.8.8 through the WAN2, and will be failed. We suggest you can configure ping connectivity for 8.8.8.8 on WAN1 and WAN2 at the same time to ensure the DNS resolution behavior can work normally.

a1601 · August 2023

https://community.zyxel.com/en/discussion/comment/55472#Comment_55472

Yes, it works! I created for the device two new rules for WAN1 and WAN2 interfaces, similar to the rules for managing a local networks. For these rules, I created the special service group, to which added NTP, HTTP, HTTPS and DNS (do need to add any other services?). NTP and GeoIP are successfully updated now. Many thanks for the help!

PeterUK · August 2023

DNS I don't think works by incoming ZyWALL rule

GEO IP update error (firmware V5.37(ABFW.0)

All Replies

Categories

Security Highlight

Security Help Center