Fred_77  Ally Member

Hi @Zyxel_James my intention was indeed to apply fw 5.30 patch released a couple of days ago... I preferred to wait to apply the previous 5.30 due to reported SSL VPN issues. Web access was already filtered... What to say... this time i arrived late. Thanks Fred

Hi @ITS same issue this morning on ATP200. With Surprise i've found this configuration: So i was able to connect to web gui with port 4337 (changed not by me) ... OK i've got back the management of the device, but now i've to understand what happened.. Hope this can help Fred

@Gel sorry but i've not so clear your scenario: ip 192.141.XX.XX is on LAN2 or is a WAN ip? Maybe you need to configure a bridge interface?

Well, i suppose the client you are pinging for usg on is in the same zone/subnet right? If so, enabling icmp and ping services in Lan2-to-Zywall should be enought Or is your scenario little more complex?

Hi @Gel it is a somewhat vague request. However assuming 192.141.xxx.254 is the ip of Lan1 on usg, you need to create a Lan1-to-Zywall security Policy where icmp is allowed. But it should already be that way by default. even better would be a clarification on how you configured the usg Fred

Hi @Tecnoprogramm Just some questions to understand your configuration.. Are you referring to lan-to-wan traffic? Are you using a wan trunk? Do you see something inside logs? Fred

Hello... ... new release today... https://community.zyxel.com/en/discussion/13502/zld-v5-30-wk20-firmware-release/p1?new=1

Hi @itdsc i think you should modify your policy like this also check your nat roule; "Ip Originale" = any Fred

Hi @Pedroj this issue has been reported several times in the last period. Not so clear why, but it appears to occur when SSL VPN is in idle. Someone found a workaround to keep alive the connection: continuos ping to 192.168.200.1 but obviously it can't be a solution. I believe zyxel is investigating. Fred

Hi @nikita92 i'm planning the same activity on a customer site; and would like avoid same issue. Could you confirm you have started the update from the running fw and not from the stand-by one?

Hi all after fw upgrade to 5.30 on my ATP i found this configuration enabled... as Bart Simpson says: "i didn't do it..."

ok, then i would say that the serial cable option remains

Hi @Matt10669 after reset/reboot, sys led stop flashing? If so, you could try to connect to 192.168.1.1 via SSH or plug a console cable into serial port and have a look at booting Fred

Hi all Just thinking ...you could have saved the ge7 interface by creating a static route rule: (assuming UniFi Controller is the DHCP server/gw for your clients) , it could be like this: Dest: 192.168.10.0 Sub: 255.255.255.0 Next-Hop (UniFi Controller IP 192.168.7.XXX)

Hi NoE my screenshoot was about route policy. (Obviously also security policies are needed). Try to go Configuration > Objects > Address and add 2 obj. as Interface Subnet: one for LAN1 and one for BR1 then Configuration > Network > Routing > Policy Route and add at least a couple of rules to define routes Source:…