GEO IP update error (firmware V5.37(ABFW.0)

2»

All Replies

  • a1601
    a1601 Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary

    I seem to understand a little. The device has configured WAN reservation through rules, traffic from subnets is normally regulated by them. But the traffic from the device itself does not fall into the existing rules. And the device "does not know" through which interface to send requests.
    How to configure it correctly through the rules so that requests from the device go through the current active interface?

  • PeterUK
    PeterUK Posts: 3,387  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    make two new rules In routing make them the top rule

    incoming ZyWALL

    service HTTP/HTTPS

    next hop your WAN interface

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @a1601

    Many thanks for your discovery so far. Please let us check it and kindly wait for our update.


    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @a1601

    We notice the WAN2 interface cannot ping to 8.8.8.8, therefore when the firewall tries to resolve the Geo-IP DB URL(cdn.cloud.zyxel.com) by 8.8.8.8 through the WAN2, and will be failed. We suggest you can configure ping connectivity for 8.8.8.8 on WAN1 and WAN2 at the same time to ensure the DNS resolution behavior can work normally.

    WAN connectivity check.png


    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • a1601
    a1601 Posts: 30  Freshman Member
    First Comment Friend Collector First Anniversary
    edited August 2023
    https://community.zyxel.com/en/discussion/comment/55472#Comment_55472

    Yes, it works! I created for the device two new rules for WAN1 and WAN2 interfaces, similar to the rules for managing a local networks. For these rules, I created the special service group, to which added NTP, HTTP, HTTPS and DNS (do need to add any other services?). NTP and GeoIP are successfully updated now. Many thanks for the help!

  • PeterUK
    PeterUK Posts: 3,387  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    DNS I don't think works by incoming ZyWALL rule

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)