Comments
-
Hi @PeterUK , What's the firmware version. And please post the result of the following CLI: > diff running startup
-
Hi @PeterUK , wanted the option of auto added DNS to be disabled You can use CLI to disable DHCP option request for the DNS server. flex100h> edit running flex100h running config# del / vrf main interface ethernet ge2 ipv4 dhcp request domain-name-servers flex100h running config# commit Configuration committed. flex100h…
-
Sorry, no plan at the moment of the GUI design. Plans are likely Q3 2024.
-
Hi @Wojtek , The FELX H series support enable NTP server via CLI. > edit running running config# / vrf main ntp server-subnet 1 allow {<A.B.C.D/M> | all} running config# commit running config# copy running startup running config# exit But there an minor issue in current version. The CLI settings for NTP server will be…
-
If the next-hop of rule #3(of my comments) is 10.70.70.2, you get 4 steps of a roundtrip. If the next-hop of rule #3(of my comments) is 10.70.70.20, you get 3 steps of a roundtrip. So that, next-hop set to 10.70.70.20 is one lease hop cost (network latency) than to 10.70.70.2
-
"Allowing asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the ZyWALL." This is wrong statement. The security policy still check and block not allowed traffic. If there a policy not allow WAN to LAN.
-
Cloud you explain more for the requirement and use case of rule #1 wan1 to …
-
If the destination is directly connect to 10.70.70.20. Why you need to route to 10.70.70.2 for another hop cost ?
-
Hi @baba , Here the configuration comments for the case. Enable "Allow Asymmetrical Route" on Security Policy > Policy control page , to pass the stateful firewall checking. Usually, if the network setup need to use Policy Route overwrite direct route. There a triangle route issue need to take care. In this case, on both…
-
Wait for a few days. Doing the POC on my lab.
-
Hi @baba I want to confirm with you first, The requirement is once the WiFi link break. Then switch the route to IPSec VTI link to the peer, even the peer address 10.70.70.X is in direct connect subnet. Second, the source IP address will keep not be translate (SNAT) ?
-
The direct route 10.70.70.0/X will take the first priority. So that policy route will not hit. You need to turn on advanced option "Policy Route overwrite Direct Route". It's powerful but with risk(mis-configuration). Be careful to review all the policy routes to prevent rule to take over all direct route. Especially the…
-
Hi @JohnK, Thanks for the bug report of the tool. Here the update version for bug fix. Any question please let me know. BRs, Joshua
-
In ZLD 4.60, it support to schedule backup the "startup-config.conf" with encryption password via mail.
-
In ZLD 4.60, the DH Group 19, 20, 21 is support. For 128-bit security level, DH Group 19 is recommend. (instead of DH Group 15) For 192-bit security level, DH Group 20 is recommend. (instead of DH Group 18) For 256-bit security level, DH Group 21 is recommend.