Hi folks:
I've got an unusual request here regarding routing. My ISP is Cincinnati Bell, and recently switched from DSL to fiber optic once that become available in my neighborhood. While they don't exactly advertise that they offer static IP addresses to residential fiber optic customers, if you had a static IP address as a DSL customer they will give you one when you upgrade to fiber optic. However, the way they provide this static IP address is very different and involves the use of a Zywall VMG4381-B10A.
The VMG4381-B10A is a strange beast in that, in addition to classical NAT, it allows a public IP address to be manually configured on the LAN side such that it will route traffic from that public IP address through a different IP address (not on the same subnet) on the WAN side. This is how Cincinnati Bell has configured the static IP address. Under DSL the static IP address was in the customer's router and the default gateway address was in the first piece of intelligent equipment upstream in the Cincinnati Bell datacenter. However, in this scenario the default gateway address, which must be on the same subnet as the static IP address, is assigned to the VMG4381-B10A as basically an IP alias on the LAN. This yields the following configuration:
My Router (Zywall 110): Static IP: x.x.x.10 (x.x.x. is three octets of the public static IP address)
Default Gateway address: x.x.x.x.9
subnet mask: 255.255.255.252
|
|
VMG4381-B10: LAN IP Alias x.x.x.9
LAN NAT IP address: 192.168.200.1
WAN: Public dynamic IP address via DHCP: y.y.y.y (y.y.y.y is a public IP address on a different subnet than x.x.x)
|
|
Lucent Ethernet to fiber bridge ONT
|
|
Cincinnati Bell via Fiber Optic
At the Cincinnati Bell end when a public dynamic IP address is requested from a device belonging to a customer with a static IP address the static IP address is taken from the customer's account record and the required routing is built on the fly such that the static IP address is reachable through the newly assigned dynamic IP address. I can see this on a traceroute.
Now, there are two issues with this configuration that I'd like to be able to bypass. First, on at least two occasions now my static IP address has gotten screwed up which has left me down due to bad configuration updates at Cincinnati Bell's end (this using the customer's account record and building routes on the fly is apparently new and all the bugs aren't worked out yet). However, the dynamic IP address is still available in those situations. Once I figured that out I plugged my Zywall 110 directly into the Lucent ONT and bypassed the VMG4381 until my static IP address was fixed. This gave me internet access, although my firewall and VPNs were of course messed up because of no static IP address. The other issue is that the VMG4381 isn't quite up to the job of a gigabit internet connection, which costs 200-300mbps on the maximum download speed. Additionally it's another point of failure in the path between my router and the internet.
What I would really like to do is recreate this configuration within my Zywall 110 so that I can eliminate the VMG4381, yet still have the static IP address, with the additional benefit that the dynamic IP address would also be available to my Zywall 110 if I needed to use it without the need for re-cabling. The big rub of course is that I need to setup the routing on the WAN side of the Zywall 110 to mimic what the VMG4381 is doing. I can certainly setup WAN IP aliases on the Zywall for the x.x.x.10 and x.x.x.9 static IP addresses, but I can't make the public dynamic IP address the default gateway like what's effectively happening with the VMG4381 because it's not in the same subnet. That's why I started thinking about using the policy routes in place of default gateways.
Anyone have some good thoughts on this?
↧
Can I use policy route to route between WAN1 and WAN2 or WAN IP aliases?
↧
Newer ZyXEL Visio stencils?
Im looking for some ZyXEL Visio stencils...Saw there was a collection but outdated...
The ZyWALL USG 50 and the ZyXEL GS1900-24HP
↧
↧
Should I upgrade my USG50?
At the end of this year it will be five years since I first put my USG50 into service, and even though it continues to work very well, I'm considering getting something newer simply because the hardware is getting old and I suspect ZyXEL will stop providing firmware updates in the near future (if not already). I realize that we've discussed some negatives like firmware quality issues here, but this USG50 has been a very reliable part of my SOHO network for a long time. Basically, it has been incredibly solid and the only time I have to reboot the thing is for power outages and firmware upgrades (current uptime is about 6 months since I installed firmware 3.30(BDS.7).
The obvious choice for an upgrade would be a USG60. I'm familiar with the architecture, it has the capacity to handle future internet speed increases, it's small, fanless/silent, low power, rack-mountable, and I can apparently even convert my USG50 configuration file to work with it (http://www.zyxel.com/us/en/promotions/USG-Configuration-Converter-20130829-760081.shtml). That being said, I am willing to consider other solutions if they are a better option.
My main criteria:
-handle 2 WAN connections (150 Mbps cable & 3 Mbps DSL) in some sort of a failover mode
-support a SOHO environment for small business needs (reliable, heavy VPN usage) and residential needs (gaming, video streaming, etc.)
-stable with good performance (i.e. months of uptime)
-small, rack-mountable, fanless, quiet
-UTM functionality is not important
-cost is a factor, but even the USG60 is not cheap ($372 USD at amazon.com)
-ideally support IPSEC/SSL VPN functionality
-periodic firmware updates to address security, performance, and functionality enhancements (preferably without a paid subscription)
I originally replaced an old Xincom for the same reasons years ago and first tried pfSense for a few months. While the software was very good, I was never able to cobble together hardware that met the above criteria. I ended up with the USG50 and have been happy with it for 5 years now. It looks like I can get the USG60-NB hardware-only for about $372 at amazon and about $360 after 12% coupon at overstock.com. That seems a bit pricey to me, but I would be willing to pay that for five more years of rock solid performance.
That being said, is there anything else I should be looking at?
Thanks!
↧
Zywall USG 20 behind a fritzbox 3390
Hi everyone,
I'm a newbie here, so I hope I dont break all the forum rules at the same time with my first post.
Im trying to set up an IPSec S2S VPN between our HQ office provided with a Sophos UTM 9 and on the other endpoint I have a DSL Fritzbox with a Zywall USG 20 as shown in the schema below:
HQ LAN 10.0.0.0/16 -> 10.0.0.1 [SOPHOS] ==WAN== [Fritzbox] 192.168.178.1 - 192.168.178.2 [Zywall USG 20] 192.168.100.1- BO LAN 192.168.100.0/24
If possible, I would like to keep both Lans (192.168.178.0 and 192.168.100.0) on Branch Office side. Is there any way to set up the Zywall without changing anything on the Fritzbox, so that packages are correctly redirected without being dropped or blocked on Branch Office side?
With my actual setup (no bridge mode active, no NAT-T, nothing) logs look as follow:
(these first logs are from source 192.168.100.1:500 to the public address of the Sophos at port 500 as destination)
- The cookie pair is : 0xcd26c1c2c17b1a4b / 0x0000000000000000 [count=3]
- Tunnel [MY_NEW_CONN] Sending IKE request
- Send Main Mode request to [Public address of Sophos]
- Send:[SA][VID][VID][VID][VID]
- The cookie pair is : 0xcd26c1c2c17b1a4b / 0x0000000000000000
- ISAKMP SA [HQ_VPN_ID] is disconnected
And after these a log from 192.168.178.1 to 224.0.0.1
- notice firewall ACCESS BLOCK
- Match default rule, DROP
Is it simply a firewall rule what I must add? Do I have to create a NAT rule?
Any suggestion/help will be much appreciated.
↧
Zyxel USG-40 + VOIP
Hi everyone!
I have a little problem with voip phones. Recently I have changed te firewall to a Zyxel USG-40, since then the voip phones not working (sometimes a few incoming/outgoing calls, but mostly no connection). I have talked to the Voip company, they said that the phones try to connect to their PBX, but the connection loses almost every time. After I disabled the firewall, the phones worked without any problem. The compan's IT guy told me that I should allow 5060 udp, and tcp 10000-20000 ports outgoing through the firewall. I see I can set up incoming NAT rules, but how to do outgoing?
Thanks in advance
David
↧
↧
USG 100 DHCP DNS registration
I am running a PFsense router with an IPSEC site to site to my father's network on an USG 100 router. 300/20 TWC to guessing 100/10 COX 1300 miles away. The VPN works although painfully slow on the USG 100 side. My dilemma is with DNS registration. On my side of the network I have 4 2012r2 (don't ask, the network has grown out of control) servers running DHCP, DNS and WINS. On the USG side, clients use the USG router as a default DNS (forwarder) to two of my servers for their suffix and google DNS servers for everything else, they also have access to the WINS servers. The USG router handles DHCP requests and hands out the right DNS suffix so remote clients can access my servers by name. Is there any way to get the USG 100 to register it's DHCP leases with the DNS servers so from my side I can access clients by name? I think it's a possibility because OpenVPN clients connected to my PFsense router register their DHCP leases with the DNS servers without being on the domain so support is should be limited to what the USG 100 can do.
↧
USG 60 IPSec issue to Netgear UTM 25
Hi,
As Netgear are pulling out of the UTM market we have decided to replace one of our Netgear UTM 5 with a USG 60.
The Netgear UTM 5 has been connected using Ipsec tunnell to our head offices Netgear UTM 25 for 2 years with no problem.
But we cannot get the USG 60 to connect to the 25 in the USG IKE log we get Phase 1 remote ID mismatch ?
I have included 2 pics of the UTM 25.
Any help would be much appreciated.
↧
ZyWALL USG VPN to VPN Client
Hi I have a problem with connection between ZyWALL USG 20w and VPN Client (win7)
Log and settings vpn client in Attachment
↧
Zyxel C1000Z drops WLAN after some time
I have CenturyLink 50/5 DSL and a Zyxel C1000Z modem.
Every couple of days, or so, WLAN stops working -- the WLAN network is still there, devices can join it, but they can't access the internet (I haven't checked if they can see each other in the LAN). Wired LAN still works and wired devices can access the internet.
If I reboot the Zyxel C1000Z, everything works again.
Got any clues what this could be?
↧
↧
Can't access GS-1910 via HTTPS due to weak certs
When I try to access the web admin via https, I get
"Server has a weak ephemeral Diffie-Hellman public key
ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY"
This is due to Chrome, Firefox, etc blocking websites with weak certs per https://weakdh.org/
I was able to get in via IE and disable automatic redirect to HTTPS. I then disabled HTTPS, generated a 1024 bit key, then re-enabled. However the browsers still cannot access.
Is there anything else I can try? Is it possible for Zyxel to fix this with a firmware update, or is it limited by hardware?
↧
New ZyWALL/USG Firmware 4.13(AAxx.0) released
To me the most important (security) fixes are:
[5] (freak)
[6] (logjam)
[7] (HTTP authentication)
[31] (pure switch during boot)
From the ZyWALL 110 release notes:
Features: V4.13(AAAA.0)C0
Modifications in V4.13(AAAA.0)C0 - 2015/07/30
1. [ENHANCEMENT]
Management Feature Enhancement:
1. Support CloudCNM, a cloud-based network management system. 4.13 CloudCNM
feature support includes:
- Batch import of managed devices at one time using one CSV file
- See an overview of all managed devices and system information in one place
- Monitor and manage devices
- Install firmware to multiple devices of the same model at one time
- Backup and restore device configuration
- View the location of managed devices on a map
- Receive notification for events and alarms, such as when a device goes down
- Graphically monitor individual devices and see related statistics
- Directly access a device for remote configuration
- Create four types of administrators with different privileges
- Perform Site-to-Site, Hub & Spoke, Fully-meshed and Remote Access VPN provisioning.
2. Support Russian Language
3. VPN MIB Support: eITS#150317956
SNMP VPN status MIBs.
The VPN status MIB is a MIB table containing the following information:
- Connection name
- VPN gateway
- IP version
- Active status
- Connected status.
Followings are the example of snmpwalk for the added MIBs;
VPN status MIB table:
- 1.3.6.1.4.1.890.1.6.22.2.4.1.1.1 = INTEGER: 1 --> table index
- 1.3.6.1.4.1.890.1.6.22.2.4.1.1.2 = INTEGER: 2
- 1.3.6.1.4.1.890.1.6.22.2.4.1.1.3 = INTEGER: 3
- 1.3.6.1.4.1.890.1.6.22.2.4.1.2.1 = STRING: "vpnconn1" --> name
- 1.3.6.1.4.1.890.1.6.22.2.4.1.2.2 = STRING: "vpnconn2"
- 1.3.6.1.4.1.890.1.6.22.2.4.1.2.3 = STRING: "vpn6conn1"
- 1.3.6.1.4.1.890.1.6.22.2.4.1.3.1 = STRING: "usg110_1" --> gateway
- 1.3.6.1.4.1.890.1.6.22.2.4.1.3.2 = STRING: "usg110_1"
- 1.3.6.1.4.1.890.1.6.22.2.4.1.3.3 = STRING: "vpn6_1"
- 1.3.6.1.4.1.890.1.6.22.2.4.1.4.1 = STRING: "IPv4" --> IP version
- 1.3.6.1.4.1.890.1.6.22.2.4.1.4.2 = STRING: "IPv4"
- 1.3.6.1.4.1.890.1.6.22.2.4.1.4.3 = STRING: "IPv6"
- 1.3.6.1.4.1.890.1.6.22.2.4.1.5.1 = INTEGER: 0 --> active status
- 1.3.6.1.4.1.890.1.6.22.2.4.1.5.2 = INTEGER: 1
- 1.3.6.1.4.1.890.1.6.22.2.4.1.5.3 = INTEGER: 1
- 1.3.6.1.4.1.890.1.6.22.2.4.1.6.1 = INTEGER: 0 --> connected status
- 1.3.6.1.4.1.890.1.6.22.2.4.1.6.2 = INTEGER: 0
- 1.3.6.1.4.1.890.1.6.22.2.4.1.6.3 = INTEGER: 0
VPN connection counter MIBs.
The VPN connection counter MIB is a MIB group containing:
- Total VPN connection configured
- Number of activated connection
- Number of connected connection
- Number of disconnected connection
Followings are the example of snmpwalk for the added MIBs;
VPN connection counters:
- 1.3.6.1.4.1.890.1.6.22.2.5.1.0 = Counter32: 3 --> Total connection configured
- 1.3.6.1.4.1.890.1.6.22.2.5.2.0 = Counter32: 2 --> Number of active connection
- 1.3.6.1.4.1.890.1.6.22.2.5.3.0 = Counter32: 0 --> Number of connected connection
- 1.3.6.1.4.1.890.1.6.22.2.5.4.0 = Counter32: 2 --> Number of disconnected connection
MIB table for VPN SA monitor
The new OID is 1.3.6.1.4.1.890.1.6.22.2.6.
The MIB table contains the following columns:
- 1.3.6.1.4.1.890.1.6.22.2.6.1.1 --> VPN connection index
- 1.3.6.1.4.1.890.1.6.22.2.6.1.2 --> VPN connection name
- 1.3.6.1.4.1.890.1.6.22.2.6.1.3 --> VPN connection policy
- 1.3.6.1.4.1.890.1.6.22.2.6.1.4 --> VPN connection uptime
- 1.3.6.1.4.1.890.1.6.22.2.6.1.5 --> VPN connection timeout
- 1.3.6.1.4.1.890.1.6.22.2.6.1.6 --> Number of in-bound packets for the connection
- 1.3.6.1.4.1.890.1.6.22.2.6.1.7 --> Number of in-bound octets for the connection
- 1.3.6.1.4.1.890.1.6.22.2.6.1.8 --> Number of out-bound packets for the connection
- 1.3.6.1.4.1.890.1.6.22.2.6.1.9 --> Number of out-bound octets for the connection
4. Support license refresh immediately while device-ha backup device become active.
5. Add pre-defined configuration (or pre-defined UTM profile) by default.
2. [ENHANCEMENT]
Connectivity Feature Enhancement:
1. Support RPS(Receive Packet Steering) to ensure that packets for the same stream of data are sent to the same CPU, which could help to increase performance in a congest(low bandwidth or high latency) network environment, eITS# 150200442,
150200636.
2. We enlarge static DHCP host pool from 512 to 1024 for ZyWALL 110, USG1100, and USG1900, eITS# 150100773
3. Adjust Spec for SSLVPN Connections
Model - Default SSLVPN Connections - Maximum SSLVPN Connections
USG40/40W - 5 - 15
USG60/60W - 5 - 20
USG110 - 25 - 150
USG210 - 35 - 150
USG310 - 50 - 150
USG1100 - 250 - 500
USG1900 - 250 - 750
ZyWALL 110 - 25 - 150
ZyWALL 310 - 50 - 150
ZyWALL 1100 - 250 - 500
3. [ENHANCEMENT]
Security Feature Enhancement:
1. ADP engine and IDP engine upgrade to support more social networking application behavior, such as FACEBOOK like, FACEBOOK share
etc.
4. [ENHANCEMENT] eITS#150200756
UDP session timeout value can be configured up to 28800 seconds.
5. [ENHANCEMENT]
Patches for CVE-2015-0204, FREAK: OpenSSL vulnerability.
6. [ENHANCEMENT]
Patches for CVE-2015-4000, Logjam: TLS vulnerabilities (CVE-2015-4000).
7. [ENHANCEMENT]
Patches for vulnerability of HTTP authentication module which may cause USG behave as an open proxy to proxy HTTP request from external clients to internal servers.
8. [BUG FIX] eITS#150317956
[OID]OID formats are different between USG40W and USG1900.
[Condition]
MIBs...1.3.6.1.4.1.890.1.15.3.1.6.0.....
USG40W: V4.11(AALB.0)/1.01 | Aug 28 2013 14:19:07/2015-03-13 06:53:46
USG1900: V4.11(AAPL.0)/1.10/2015-03-13 01:27:44
9. [BUG FIX] eITS#150301008
DNS Security configuration can't change.
[Condition]
1. Go to Configuration > System > DNS > Click Show Advanced Settings > Security Option Control > Edit default profile e.g. Query Recursion deny > Click OK button
2. You will find the OK button no function.
10. [BUG FIX] eITS#150300062
If adding radius server into auth. method, L2TP cannot be established successfully.
[Condition]
1. Go to Configuration > Object > AAA Server > RADIUS.
2. Set Server address: R1.domain.tw
3. Set Backup Server address: R2.domain.tw (PS. R1.domain.tw and R2.domain.tw need result same ip address)
4. Radiusd daemon couldn't bring on fail.
11. [BUG FIX] eITS#150300789
Combo-box show field is in wrong location.
[Condition]
1. In the settings of WLAN-interface, the input fields "802.11 band" and "Channel" are incorrectly positioned.
2. The problem occurs only in the browser IE 11
12. [BUG FIX] eITS#150300851
Limited admin user fails to view click diagnostic page
[Condition]
1. Add a limited admin account
2. Login by limited admin
3. Go to Maintenance > Diagnostic
4. You will find USG GUI no response
13. [BUG FIX] eITS#150300910
DHCP Relay may not work in Device HA environment.
[Condition]
When master device change status from fault state to active state, the DHCP relay function may not work.
14. [BUG FIX] eITS#150400012, 150200484, 150500302, 150600123, 150301005, 150501020,
150301061
In some cases, apply configuration will fail and cause zyshd dead. This may occur during the firmware upgrade progress or manually apply configuration.
15. [BUG FIX] eITS#150400115
[SSO][Authentication] Without SSO enabled, user can be correctly authenticated and associated with the AD-group "Internet Users". However, with SSO enabled, the user from the AD-group "Internet Users" always appears only in the group of "ext-user (ad-users)".
16. [BUG FIX] eITS#150301062
VLAN Packets can still be sent out even the base interface is disabled.
17. [BUG FIX] eITS#150300850
Configure many static DHCP address up to maximum, the CLI command may not correctly be configured and cause incomplete entry error each time DUT reboot.
18. [BUG FIX] eITS#150401185
In USG310, 1100, 1900, ZyWALL 310, 1100, it will show error message when configuring the port negotiation type on port 8.
19. [BUG FIX] eITS#150400882
When trying to sort the table (Hits) of "Top 5 Viruses" and "Top 5 Intrusions" in Dashboard by descending/ascending, sorting is only by the first digit.
20. [BUG FIX] eITS#150500769
Unable to edit application object page if it contains , character.
21. [BUG FIX] eITS#150300799, 150400336, 150401001, 150401067, 150401143, 150200666
SSO does not work correctly sometimes.
22. [BUG FIX] eITS#150300240
Unable to open IDP signature name to see the description in MONITOR > UTM Statistics > IDP
23. [BUG FIX] eITS#150200331
Fix unexpected reboot related to packet processing.
24. [BUG FIX] eITS#140900194, 150600194
In some cases, user cannot get mails from external mail server through USG.
25. [BUG FIX] eITS#150200355
When we set speed on port1, the traffic doesn't work and show some abnormal message.
26. [BUG FIX] eITS#150600082
The CF report in monitoring page and report server record not match.
27. [BUG FIX] eITS#150600688
In some cases, DUT will crash when trying to establish L2TP.
28. [BUG FIX] eITS#150501015
In some cases, enable connectivity check in policy route rules may cause zyshd daemon dead.
29. [BUG FIX] eITS#150600137
In some cases, AV signature cannot be successfully updated.
30. [BUG FIX] eITS#150700094
Self-Signed DSA certificate can be created but cannot show on the GUI.
31. [BUG FIX] eITS#150300324
In USG110, USG210 and ZyWALL 110, DUT will become pure switch in a short period during booting process. When external AP and USG reboot at the same time, there might have possibility that AP will acquire IP address from outer DHCP server instead of DUT LAN DHCP server.
32. [BUG FIX] eITS#150600585
Wrong German translation, Intra-BSS-Verkehr aktivieren should be corrected to Intra-BSS-Verkehr blockieren
33. [BUG FIX] eITS#150200663, 150500327
Some mails with attached files transferred from WAN to LAN cannot be received while Anti-Spam enabled.
34. [BUG FIX] eITS#150100252
TFTP over IPsec cannot work well in the following topology.
TFTP Server---------USG40/60=======VPN tunnel========USG20------TFTP Client
35. [BUG FIX] eITS#150100898
After Device HA fallback to Master, IP on VLAN interface become 0.0.0.0.
36. [BUG FIX] eITS# 150500371
3G dongle E372 cannot work well in ZLD 4.11 Firmware.
37. [BUG FIX] eITS# 150200205
Some session will hit wrong BWM rules with application service type and application object is not any.
38. [BUG FIX] eITS# 150200080
ZyXEL VPN Client cannot establish VPN tunnel when using DUT default certificate to do IKE authentication.
↧
USG310 Security Policy Setup
Hi,
I`m looking at configuring a USG310 to allow SMTP traffic in from a group of external IP`s. I`ve setup an address group with the external ip`s inside it and applied that to a simple security policy:
WAN - LAN - (ipv4 source) external IP`s - (ipv4 destination) internal ip of mail server - (service) smtp
When going through the logs all attempts are denied, am i missing something?
Cheers,
↧
Access to the web interface in my USG200
Hello and thanks for reading!
I can't access the web interface of our ZyWALL USG20. A couple of days ago one of my colleagues told me that the VPN didn't work (it's been working well for more than one year), I wanted to have a look at it and tried to access the USG but I can't, I have no idea why as we haven't done any change to the system for quite a long time.
I found this thread but it didn't help: http://www.dslreports.com/forum/r22340984-Can-t-access-to-the-web-interface-of-my-USG200
I connected the device with the console cable and everything seems OK... I also tried disabling the FW just to know if it was blocking the acess but nothing changes...
Does anybody has an idea on what can be happening?
Thanks a lot,
Jud
↧
↧
GS1900-16 Managed Hub login problem
I plug a single PC into the GS-1900-16. Power up both. 192.169.1.1 to access the config screen times out. When I run ipconfig, I find the PC has the address of 169.254.132.202. Power cycling, reset switch (held short and long periods) never gets the switch back to the 192.169.1.X subnet ... so I appear to be locked out. I tried different ports to with no luck.
Can anyone offer something else to try so I can get into the switch?
Best regards,
Bruce
↧
Zywall USG 100 Ipsec VPN to LAN not working
Hello,
I have a IPSEC VPN configured on my laptop and Smart phone configured in the USG100 and this works fine for browsing over the internet trough the VPN.
Now the problem that i have is that i can't access my internal network trough the VPN. I did some ping(s) to my network components but further than the USG ip address (192.168.1.1) isn't working.
This is probably a simple problem but i just can't figure it out. I have a Synology NAS and i really like to access this trough the VPN so i can backup my files from work straight to the NAS.
My internal network is 192.168.1.0/24 and the network from the VPN is 192.168.10.100/30. The VPN is provided trough DynDNS on the WAN1 interface. I will provide some pictures from the Zywall configuration but if you need something more you just ask and i will provide the needed information
VPN Range
[att=1]
Firewall rules, the yellow one is recently added but did not solve the problem
[att=2]
Interface list
[att=3]
Routing rules
[att=4]
↧
Meter Internet usage with USG?
Have an application where I need to cut off Internet access for a network segment (or subnet/range) each day after a pre-set amount of throughput/usage.
I know the USG routes will measure traffic through an interface, but I can't find a way to disable/cut it off after it hits a preset limit. For example: LAN1 gets 1GB combined upload/download per 24 hour period, from midnight to 11:59:59. After the limit is hit, the router cuts off connectivity until the reset at midnight.
Ideas?
↧
PK5001z crashing/slow
So CenturyLink gave us a Zyxel PK5001z a little while back and was doing fine. Then it started to drop the DSL connection now and then, which wasn't a big issue, but now it seems like the modem itself is crashing. Even after unplugging/plugging back in sometimes the power and DSL lights flash red then go dark. And when it is giving internet access, the GUI for the modem is sluggish or completely unresponsive. Wanted to post here in case there is anything I can do before calling and dealing with CenturyLink about a new modem.
Thank you for any help you can give.
↧
↧
Zywall-USG-20 very slow for clients browsing https websites
Hello,
I have this Zywall installed and configured for a few month now, it has a configured (routed) ip-sec vpn paired to an USG-100 accross the country.
Everything is running smoothly, the VPN is only routed, so when the computers on the local network browse the internet, they do it directly from the local WAN.
But when accessing to https websites, there is some sort of a timeout occurring, the website loads in the end but after a 10-30 seconds "wait", i've tried to find a way around this, i even disabled the firewall for a time, but it does not help.
At this point, i have no idea where to look, maybe someone here will have a luminous idea where to check, at least i hope so.
Thank you in advance,
Xav
↧
S2s vpn zywall40w to azure vpn arm problem
Hello, have a problem with vpn from zywall40w to azure vnet arm (not classic). With classic everything ok, but the same settings with arm not working, any idea?
Zyxel support need to support...(((
↧
Limiting internet access for certain wifi devices on same subnet
Here is my current setup and the problem I'm having
Requirements:
one subnet
one set of devices need access all the time
one set of devices (kid phones, and laptops) that have time restrictions for internet access
Setup:
USG50, EAP600, Win 2012 DHCP server
I currently assign static IPs to certain wifi devices, and then limit internet access via a schedule with the USG50 for the addresses in 'the restricted range'.
this all works until the following occurs
The problem:
if one of the wifi devices/users sets a static ip that is outside 'the restricted range', then internet access is not blocked per the schedule (because it looks like a regular device)
i need to keep all the devices on one subnet so they have access to sonos devices, the printer, and other computers. I've read that multiple subnets can cause problems with sonos.
Any suggestions for satisfying my requirements above?
↧