Hello,
A few days ago we changed our ISP and currently paying for 300mb. When testing the internet speed behind the Zywall USG-50 we get speed of 150 only. If I bypass the USG-50 I get up to 300mb. Im not sure why the USG-50 is limiting the bandwidth on our lan. Any idea where i can look or how I can set the usg-50 to be able to take advantage of the full bandwidth im paying?
↧
USG-50 limiting the bandwidth on a LAN
↧
USG40 new firmware?
Looks like there is an update for the USG40 to 4.31(AALA.0)
Doing it now but it looks like it might be hung :(
↧
↧
Antivirus changed from kaspersky to bitdefender?
With latest firmware update for my USG60 I noticed from changelog that AV signatures are now coming from Bitdefender. I don't have active AV subscription right now but can someone with subscription confirm if the maximum signature number is still somewhere 600-700k and signature release interval takes as long as three days? These were two reasons why I didn't renew my AV subscription.
↧
Zyxel USG 100 Hardware Specificaions
I could not find this information available online through searches, or via communication with Zyxel. I have included it here so it could be found by anyone looking
I had to open up one of our units to obtain this information. I provided pics of the motherboard as well.
Note: There is a mystery button between the Console and Aux ports on the board.
The Zyxel Zywall USG 100 has the following:
Vitesse VSC7388XYU - Ethernet IC
NXP USA Inc MPC8343EVRAGDB 400/266 MHZ (info from digikey - PowerPC e300 Microprocessor IC MPC83xx 1 Core, 32-Bit 400MHz 620-PBGA (29x29) )
2 x Hynix H5PS1G63EFR Y5C 212AK - i was unable to determine the amount of RAM. it is DDR2.
↧
PK5001z WiFi not working
PK5001z, CenturyLink ADSL2+, WiFi was working fine until two days ago, then quit. SSID is not showing up.
Tried rebooting, hard reboot, toggle wifi on & off, change from auto channel to 1, 6, or 11. Seeing "zero" packets passed.
Any other tricks I can try?
↧
↧
USG20W-VPN scheduled shutdown of wireless network
I have a USG20W-VPN that I use at home. Like many of us here I use the content filtering for my kids which work well but I need to cut them off the wireless SSID that have setup for them at night so they wont play silly flash games all night long. I see the unit has a schedule option but it dose not appear to have any option on what to do with that schedule. Dose anyone have any ideas on how I might shut down the one kids SSID network for a daily time frame?
Thanks
↧
ZyWall 310 and Gigabit WAN (Fibre via media converter, PPPoE) speeds?
I have my new service hooked up to my 310, it's a gigabit fibre connection I'm using a media converter to hook up to the 310, authenticate via PPPoE and using a VLAN interface to tag the traffic.
Everything works fine, but my speed tests are inconsistent. Speed swings up and down and usually settles in at 800-850 Mbps at best and sometimes lower (just tested to 750). Direct speed testing with the ISP equipment not involving the Zywall were 1100 Mbps. Which I don't expect through an ethernet interface, obviously, but I should be consistently seeing 900-950 Mbps.
I'm only using the Zywall for SPI, none of the subscription services are active and my rule set is not large or complicated. CPU use during the test runs never goes above 30% so I'm at a loss as to what it might be. Using the same PC on the LAN I'm able to transfer files from NAS at the full gigabit link speed so it's not a cabling issue.
Is the Zywall terrible at PPPoE? Should I stop attempting to implement the vlan tagging on the Zywall and instead do it at my switch?
↧
Old Z2+ acting funny
I gave my old Z2+ to a friend and they are having internet problems so they asked me to check it out. I went to check it out and I could not log in to it. Not that the log in failed, it just sat there and did nothing. I tried power cycling it and when it came back up it looked like it was going to work but then it just timed out again. No failure for having the wrong password or anything, just timed out sitting there doing nothing.
Any ideas?
↧
IPSec VPN disconnects
Dear experts
We have a Zyxel ZyWall USG 1000 device in Location A.
We have configured an IPSec VPN Tunnel between Location A and Location B (Location B is a partner of us.)
Location A --> FW A --> Public IP A --> Subnet A
Location B --> FW B --> Public IP B --> Subnet B
The IPSec VPN Tunnel is not the usual setup because for Phase 2 we are using the following specific configuration:
- For the local Subnet instead of Subnet A we are using the Public IP A /32
- For the remote Subnet we are using the Subnet B
The tunnel is connecting and for a short period of time it's possible to communicate from Subnet A with the Systems from Subnet B.
Now after this very short time the tunnel will disconnect.
The partner B is assuming that the NAT is not working. or that there is a mismatch (the partner said that not all Subnets from Location B were configured on FW A which is not the case)
The Firewall log:
"[COOKIE] Invalid cookie, no sa found [count=2]"
Any idea what might be wrong ?
Best regards
Imbalance
↧
↧
USG, how to limit traffic on WAN2 to a predefined value of GB/month?
Hi!
I would like to use the second WAN port where I connect a 4G modem with, at the moment, 400 GB/month available (but in the future I could buy an unlimited plan), is it a way to limit the traffic inbound/outbound at 400GB/month?
I don't need to limit the inbound/outbound speed but only the traffic per month that could be done in CELLULAR section but only for USB dongles.... A RJ45-to-USB converter could do the trick?
↧
IPSec VTI issues USG40
Hi Guys,
I am configuring a ikev2 IPSec tunnel (w/ VTI), and have attached a schema to help you guys understand the setup.
The remote server is running strongswan. Both IPsec phases pass successfully, and the VTI interface is created ad UP on both ends.
However, I had an issue whereby tunnel traffic on the USG ends up getting lost somewhere.
When I ping the USG's VTI from the server, the USG gets the response, replies to it but it never reaches the server (confirmed via a packet capture on the USG).
There are Tx hits but no Rx hits for the sever VTI, however the USG VTI has both Rx and Tx hits.
The FW is behind a nat, and I am doing NAT-T. I am running the latest firmware. Below is my strongswan config:
conn swiss1
type=tunnel
ike=3des-md5-modp2048
esp=3des-md5
keyexchange=ikev2
authby=secret
forceencaps=yes
mark=100
leftupdown="/usr/local/sbin/ipsec-int-updown.sh --sourceip 10.0.51.1/24 --mtu 1370"
leftsourceip=10.0.51.1/24
left=95.183.52.144
leftsubnet=0.0.0.0/0
right=%
rightsubnet=10.0.48.0/22
auto=start
Just really puzzled with this one. I should be-able to ping each VTI endpoint at the very least, but the usg is losing the traffic somewhere.
Any advice ?
↧
ZyWALL 110 - password expired, and could not be changed
Just for your information (might be useful to others): I suddenly had a hell of a time trying to log-in into the web interface of my ZyWALL 110.
When logging in I got the message "As a security precaution, it is required to change your password".
Apparently this is a new feature since the latest firmware update, that has been enabled and set to come up after 180 days by default.
So it must have been 180 days since I updated the firmware.
This is a good security measure in itself, but it would be better if this was communicated more clear: at least I was not aware of this change.
Anyhow, the problems started when I tried to change the password through the login screen: the new password was not accepted, and I got the message "Invalid username or password".
I am 100% sure that this new password was in accordance with the complexity rules as defined in the ZyXEL manual.
But I tried it several times with different new passwords, all of which should fulfill the password complexity rules, but got the same message every time, and after five attempts I was locked out.
So I was already afraid I had to reset my Z110 and start from scratch.
But then I tried to log-in via a CLI connection, and luckily I was able to log-in (still using the old password).
So I created a new admin user through the CLI, using these commands:
Router> configure terminal
Router(config)# username password user-type admin
With this new user I could log-in into the web interface, and modify the password of the old admin user via "Object -> User/Group".
After that I also could log-in again with the old user.
So all fine in the end, but it was a frustrating experience...
↧
help me diagnose instability of Zyxel C3000Z connection
I have Centurylink VDSL2 with 60down\5up. When it is working it works great, and speed test is showing good results. I've had a problem that about every 2-3 days, some devices on the network can no longer get HTTP traffic (other ports like ping are still working). It isn't the same devices every time either. Power cycle the modem has always solved the problem.
I previously disabled wifi on the C3000Z and moved the wifi \ ethernet traffic to a separate router to reduce some of the load on this box, such as local LAN traffic - there are only 2 devices connecting to the C3000Z which is the separate router and my VOIP OBI box. However, when I do experience this web connectivity problem - I find that resetting the C3000Z modem (not the downstream router) is actually what fixes the problem.
Any suggestions what I can do to fix or at least troubleshoot this?
↧
↧
USG60 NO SUCCESFUL REBOOT, BOOTLOADER CORRUPTED?
Hi all!
Two weeks ago happened something really strange!
I choose to reboot my USG60, no worry about rebooting by PUTTY or directly from GUI, it initiate reboot then the led blinks green till succesful boot...ehm no, all lan ports where OFF, no leds blinking, nothing! No connection!
I do a 3 time forced hardware reset and finally the device booted succesfully. Then I manually updated all firmware partitions with same firmware. All seem to work well. Loaded the last good config file and all is ok and back to working config.
Recently Zyxel provided a new firmware 4.32, gone to the GUI and choose the option to update by cloud download firmware...downloaded it and I choose to reboot the device automatically after installation. Device rebooted but green led blinks forever, no boot?! Then after 45 minutes the only way was to power off manually with the hardware button, no way to reset in any other way!
Device rebooted and in the GUI I read on the dashboard BOOT OK.
Then, worried about the possible firmware corruption after forced power off, i loaded the new fw on the standby partion without auto reboot then I rebooted manually choosing that partition to become running, it worked! After that I redownloaded the new firmware overwriting the first used partition, could be corrupted no? and rebooted the device manually to that running partition and worked.
Set the config with the same config file that always worked and all is ok.
Many files of backup the device created and visible in the file manager.
Checked if the config is correct then tried to reboot the device. NO GO! led blinks green forever!!!
Any idea?
Device works perfectly anyway.
Could be the bootloader corrupted for some reason that inhibit correct reboot but sometimes reboot works?
I thought it was a problem with the config file but if I reset the device and load the firmware to a partition and choose to automatically reboot after installation, device never boots up correctly...
↧
USG40 new firmware?
Just got a notice internally that there is new firmware available for download.
Anyone else get this?
Have you tried it yet?
Is it OK?
↧
Enabling IPv6 on your Zyxel / Zywall device
Setting up a Zyxel router/firewall for IPv6 is definitely not straight forward, mainly because the device is powerful enough to be configured for a wide variety of different uses. But if you are just trying to get IPv6 working – and if your broadband provider is Charter or Comcast – these instructions should work for you. I’m partially building off the good work from MaineMike, and some of the documentation that can be hard to find on this. In this case, it’s a USG40 – but likely is same across many of the models.
Zyxel code in use for these screen shots and instructions:
[att=1]
Step 1 - Enable IPv6: Go to Configuration -> System -> IPv6 and Enable IPv6.
Step 2 - Create DHCPv6 Service Request Object: Go to Configuration -> Object -> DHCPV6 and add a service object with Request Type = Prefix Delegation and specify the WAN interface. In this screen shot, the service object has been given the name "MyPD".
[att=2]
Step 3 - Configure WAN Interface: Go to Configuration -> Network -> Interface -> Ethernet and edit the WAN interface. Click "Show Advanced Settings". Enable Interface. Enable IPv6. Check Enable Stateless Address Auto-Configuration (SLAAC) – this part may not be necessary. Select "Client" for DHCPv6. Check Request Address. In DHCPv6 Request Options click Add and select "MyPD" (or whatever you named it above).
[att=3]
Step 4 - Configure LAN Interface: Go to Configuration -> Network -> Interface -> Ethernet and edit your LAN interface. Click "Show Advanced Settings". Enable Interface. Enable IPv6. In Address from DHCPv6 Prefix Delegation click "Add", select "MyPD", and specify a suffix of ::0:0:0:1/64. Check Enable Router Advertisement. In the Advertised Prefix from DHCPv6 Prefix Delegation box click "Add", select "MyPD" and specify a suffix of ::0/64.
[att=4]
Step 5 – CLI commands
First SSH in and then:
Type “enable” and ENTER
Type “configure terminal” and ENTER
Type “interface WAN” and ENTER (Where “WAN” is whatever name you use)
Type “ipv6 nd ra accept” and ENTER
Type “exit” and ENTER
Type “exit” and ENTER
Type “copy running-config startup-config” and ENTER
Validate routing table by typing:
“show ipv6 route”
Step 6 – At this point, you should be able to see IPv6 addresses being assigned from your ISP. Go to Configuration -> Network -> Interface -> Ethernet and you should start to see something like this:
[att=5]
Step 7 – you can also check your config by SSH’ing into the Zyxel and executing the command “show running-config”. Output should look something like this:
[att=6]
Step 8 – Now see if you can Ping a Google IPv6 DNS address from your Zyxel. Go to Maintenance -> Diagnostics -> Network Tool and select the Network Tool “PING IPv6”, and enter the IP address “2001:4860:4860::8888”. Then click “Test”. You should see something like this:
[att=7]
Step 9 – Check the client devices on your network and see if they are receiving IPv6 assignments. The above should definitely work for Comcast and Charter. Likely for most broadband providers.
↧
Policy Route for IPSec Site to Site Between 2x USG 20W-VPN?
Hi Guys,
I know that a policy route is necessary for L2TP over IPSec but i was wondering if it was necessary for IPSec Site to Site as well.
Thx
↧
↧
L2TP over IPSec Routing Issue on Zyxel USG20w
Hi Guys,
I followed instructions on Zyxel's site to the letter but still having routing issues, i have 2 sites that work no problem whereas 2 other ones that have identical settings where local internet does not work with the yellow notice and i cannot ping the stations behin the Zyxel router..
Any suggestions?
↧
Locked out on USG40 - how to unlcok and reset password
During my last logon to my USG40 I was asked to change the password, which I did. Pretty sure I remembered it, apparently not... Several attempts of trying locked me out. How can I unlock?
Also, is there a way to rest password without loosing my config?
↧
Zywall 110 restricted to 10 DDNS entries
It seems the Zywall 110 is restricted to 10 DDNS entries. Does anyone know how I can configure it for more to work with google domains?
Or do you know of a DynamicDNC client/app I can run on SBS2008 that will run as a service eg when I'm not logged on?
Im trying to transition my domains away from no-ip to google domains as they come up for renewal but the Zywall110 only seems to allow 10 entries.
Any thoughts?
↧