Why TF does every firmware update screw up?!

Options
MikeForshock
MikeForshock Posts: 66 image  Ally Member
First Comment Friend Collector Fifth Anniversary
in Security

Seriously, defaulted another device!?

Pull you heads out.

These devices arent next door, arent "default" installs. Yet every other firmware update defaults or locks a device!

All Replies

  • MikeForshock
    MikeForshock Posts: 66 image  Ally Member
    First Comment Friend Collector Fifth Anniversary

    USG FLEX 100

    5.41 to 5.42 update.

    was automatic

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,683 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @MikeForshock

    I did a firmware upgrade test and my firewall didn't encounter any issue.

    Is it possible to share this device's configuration with us? Please collect "startup config", "startup-config-bad", "last good config", and etc., so we can use to replicate this issue. I will send you a private message so you can share the config files there.

    Zyxel Melen


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,570 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @MikeForshock

    To avoid service impact, you can switch the firmware partition by going to “MAINTENANCE > File Manager > Firmware Management”
    We are checking this issue and will keep the community updated on the status.

    Web GUI:

    image.png

    CLI:

    https://community.zyxel.com/en/discussion/25856

  • MikeForshock
    MikeForshock Posts: 66 image  Ally Member
    First Comment Friend Collector Fifth Anniversary

    Typica

    https://community.zyxel.com/en/discussion/comment/83398#Comment_83398

    Typical developer response: "It worked on my machine"

    Literally all we had to do was tell it to use the pre-upgrade backup file and it restarted just fine.
    How does that make sense?

  • MikeForshock
    MikeForshock Posts: 66 image  Ally Member
    First Comment Friend Collector Fifth Anniversary

    The unfortunate part of these setups is that they are static WAN and WAN2 becomes useless as well.
    The LAN side is also non-typical, so the only computer that can connect, cannot as the head router/firewall is not allowed to connect to the DHCP LAN on the USG.

    This means a truck roll. In this case, the router is 2 hours away.

    It has now happened in excess of 6 times of the years. Always when it does a firmware update, and across multiple units (USG FLEX 100, USG40)

  • MikeForshock
    MikeForshock Posts: 66 image  Ally Member
    First Comment Friend Collector Fifth Anniversary

    5.42P1 introduces another issue…

    Just a glutton for punishment as I stick with ZYxel it seems:
    Poor updates, low cost or go with big name and get Big Cost (large attack surface for 0-day…)

  • GiuseppeR
    GiuseppeR Posts: 686 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula 5 Answers First Comment

    I have dozens of firewalls and routers in production (Nebula and not), I don’t see all of these issues when upgrading. Sometimes I see some bugs, fixable.

    I’m curious to see your @MikeForshock config

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,683 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @MikeForshock

    I applied the configuration, change all certificate setting to default, you provided and upgrade from 5.41P0 to 5.42 P1 and there's no issue. The configuration still exists.

    What other issue did you encounter? Please share more details so we can help to check.

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)