Comments
-
Critical Infrastructure projects, so is very, very zero trust as the buzzwords go. We segment the network heavily and use the firewall to assign allowed inter vlan networking. Was attempting to use the USG as a central firewall/router (router on a stick, non-routed network) versus multiple, separately managed units. We use…
-
Thanks for the very precise answer. Disappointing, will have to go another direction on this. Even the 100 is underutilized in this deployment, so anything larger is more waste.
-
If they are the same IP range it may not.
-
This is the main questions, why was it not mentioned? https://arstechnica.com/information-technology/2022/05/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating/
-
So I have figured out what is the most likely cause each time, based on it happening 4 times in total. On Security Policy, I click Clone, enter the priority, it pops up the editor for the new (cloned) entry. It doesnt happen every time I use it, but every lockup has been when doing this action. Two times it required a…
-
Came back this time on reboot .Applying system configuration file, please wait... ...................ZyWALL system is configured successfully with startup-config.conf /etc/zyxel/conf/ZLDconfig: line 1114: 3060 Segmentation fault (core dumped) /usr/sbin/firewalld > /dev/null 2> /dev/null
-
Tried config on both flash images, appears to be constant issue.
-
Locked it up again... Unable to connect ZySH daemon command function history: 0x104a40b0 argc:5 args:show dns-content-filter profile all 0x1025c980 argc:4 args:show security-service status 0x100103e8 argc:2 args:exit 0x10010578 argc:1 args: 0x1000fb78 argc:1 args: 0x100101c0 argc:1 args: 0x1031ea20 argc:4 args:show app…
-
More debugging getting these as well: Unable to connect ZySH daemon command function history: 0x102f27a0 argc:4 args:11 to ZyWALL 0x102f27a0 argc:4 args:11 sourceip AGRP_Z1 0x102f27a0 argc:4 args:11 service Z1-Device_Allow 0x102f27a0 argc:3 args:11 log 0x102f27a0 argc:4 args:11 action allow 0x102ffdc8 argc:3 args:11 exit…
-
A completely waste of a few hours getting entries all lined up, all a waste...
-
On top of that, the stupid initial setup is so frustrating, just let us load a config file and bug us on the dashboard!
-
I am going to also say, this process is severely lacking. Just give us the option to apply an existing config as well!
-
WireGuard and OpenVPN (Should have been added many years ago)
-
Perhaps a brute-force detection or throttling. After x attempts per x time, drop for x duration.
-
@mMontana: New process will be to disable the Geo IP rule prior to updates. Had just not seen it happen before on other units where the updates were disabled, and the list of IPs was nearly 7 years old. Thanks for some of the suggestions, all the groups, rules and such as unique to help identify "factory" versus "custom"…