DeanH  Freshman Member

Comments

  • I concur with PeterUK and WJS. You cannot have the same network on both sides (WAN and LAN) of a routing device (firewall, router, security appliance) as it won't know where to send the data. They must be different. If you can find out the ISP network mask, you can still use a 10.x.x.x network, just put it beyond the one…
  • Hello mMontana, What do you have the BWM guaranteed bandwidth set to, currently, for IPSec traffic? The BWM should be using the egress port bandwidth limit to determine the available bandwidth, and from there put guaranteed traffic first, then everything else following by priority levels.
  • They have not even downloaded the firmware to the standby partition. Much less applied it via a reboot. What do I need to do to get them to auto update? Dean
  • The auto update is configured on all of these units to check every week and the reboot option is checked. So, from what I can tell, it should check for updates each week at the specified time, then, if an update is available, it should download it to the standby partition. If the reboot option is checked, it should then…
  • Thank you Zyxel_James. So, the ppp_wan is a sub-interface to Ethernet wan. I get it now, the tabs on the Interface page are in order of hierarchy from left to right. I missed that layout concept previously.
  • Zyxel_James, Thank you for your response. Good enough for me for now.
  • Hello Zyxel_Jeff, Thank you for your response. That is what I needed. For some reason, that didn't show up in my search.
  • Agreed with the others, use virtual server. Also, uncheck NAT loopback. I've had some issues with that being checked before - not sure why - so I always uncheck it now.
  • Do you have an on premise system that connects to the server, or just a phone that connects to a server in the cloud? Do you see any entries in the log showing a blocked connection attempt from the phone provider? That is found at Monitor > Log. Clear the log first, then make a call and see if it shows in the log as a…
  • Ok. I don't have any of those, but if it was the USG FLEX 50W (USG20W-VPN), we have a bunch (approximately 100 or so) in the field and they are working fine for our VoIP services after upgrading.
  • Just to clarify, are you using a USG20-VPN or a USG20W-VPN model? As of firmware version 5.20 this changed to USG FLEX 50 or USG FLEX 50W, respectively.
  • Finally figured it out. I forgot that on the security policy, it wants to see the LAN1 port, not the WAN port as the Service. That is so confusing since I am used to a WAN rule utilizing WAN components (IP/ports), not LAN components (IP/ports).
  • I ended up removing the rule completely and rebuilding it again. It is now working. However, I found another rule that is for management access to the PBX that is also blocking the packets. On this one, I changed the service object from a specific port on the external side to match with the same port on the LAN1 side…
  • I have also rebooted it to see if that works, but no. Still blocking for some unknown reason. It is like the original rule is not being seen in the table and the default rule is catching the packets.
Default Avatar