USG_User  Master Member

Yes, I'm with you. These permanent WK lab versions do not create trust in the product, especially if an ordinary release will not offered shortly thereafter. It seems customers should be encouraged to change-over to a newer product (like USG Flex). Due to the end-of-life of our USG110 we have to decide what's coming next…

I often crosscheck the European Zyxel page. This morning only WK25 was still available. But now WK28 is offered, at least for our USG110: https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version

I'm with mMontana. Lab versions should not be treated as regular fw releases and should be transformed into official regular version soon.We are presently using lab version 4.72 AAPH.0 WK25 with our USG110. Why you don't release a 4.72 AAPH.1 with all lab improvements integrated?

Hi Stanley,My intention is not to completely avoid any abnormal TCP traffic. There I have no problem with. This thread is taking care about the alert log functionality only, where alert emails will be sent out immediately. But this has been solved and we are happy with right now. Now I'm asked whether the FW update has a…

That's fine. I'm happy, too. But is the alert log functionality adjustable at log settings or is it permanently set to "no alert log"?

Hi Emily,Now we've installed 4.72 WK25 and hope that the alert log (immediate email) for abnormal TCP traffic is done.Where I could adjust the log opportunities for abnormal TCP traffic right now? I would guess at Log Settings >Edit System Log > Log Category "Security" > ADP settings (checkbox) for normal and/or Alert…

We are still on 4.71 with our USG110 and plan to updated soon. Is it recommended to directly use 4.72 WK25 for USG devices instead of the regular 4.72 AAPH.0? Or should we use WK25 only in case we experience SecuExtender Problems after updating with 4.72?

Thanks Emily, Is already downloaded. Waiting for a gap to reboot USG. Cheers Joerg

Taking for granted that your "hackers-block" source IPs are located in the internet, means coming from WAN zone only. Did you tried to change the source zone from "any" to "WAN"? Maybe this makes a difference for USG?But normally your setting should work.

Hope, this will be implemented in 4.71 FW for USG as well.

In the meantime we get this abnormal traffic from many different IPs, mostly originated in asian region, too. We're maintaining an "bad" IP list, collected in a "port_zero_group" and created an additional security policy control rule which immediately drops these packets without alert log. But since it become more and more…

But this "abnormal TCP traffic with destination port zero" is more and more annoying since we get an alert email every time, but don't want to generally switch off those alert emails.

After a few days the "nailed-up" option works great and reconnect the tunnel after a failure. Thanks again for the hint - problem solved. :)

Yes, as already said by mMontana above, update to the latest FW and firstly split to different non-well-known ports for accessing SSL VPN (e.g. 40443) and Admin web console (e.g. 50443). Further restrict the access to web console to LAN zones only, means no access from WAN interface is possible. In our case, when trying to…

Hi Cooldia, how're you doing? Can I expect an answer to my question above? Presently different machines cause to an virus alert by USG when using the Windows Update function. What about the password protected bdsyslog.zip?