How do I resolve the NET::ERR_CERT_AUTHORITY_INVALID error I get when connecting to my USG 40 vis https?
Thanks as always in advance!
↧
ZyXel USG40 Security Certificate
↧
USG40 max speed?
Sorry, I know this is a dumb question but i could not find it in plain words and I thought I could get the answer faster here than searching around because I'm guessing you guys know this stuff off the top of your heads.
How fast of an internet connection can a USG40 handle? (I do not do VPN) I see on their spec sheet the throughput of SPI, IDP and AV but I'm not 100% sure what that all means.
I'm guessing the SPI is the regular firewall, which I do have on.
The IDP and AV I believe are at additional cost and I don't have those enabled.
So if I'm understanding this correctly the spec sheet says SPI 400mbps, IDP 55 and AV 50. So am I to interpret that as ... if I have only the firewall (SPI) on then 400 and if I enable the IDP or AV then it drops to 55 or 50?
↧
↧
Zywall USG vpn site to site UP bat not working
I followed some guide on the internet. Vpn channel start without problem but no connection between the two sites. In these guides I have seen only vpn parameters but not the nat rule or policy rule.
Thanks for all.
↧
Bad Port on USG20 - Repairable?
Discovered why one of my machines had no network access.
It's a bum port on the usg20. Port (P3 LAN\DMZ).
Thank goodness it wasn't P2!
Unable to upgrade at this time. How repairable is this?
I've got some expensive contact cleaner I could try, and I've done board level repairs before.
But I've never dealt with a bum lan port and I'm nervous to attempt it on this device.
Any ideas\info very much appreciated
Thank you all in advance!
↧
Dual DHCP on USG40
Is it in any way a bad idea to run 2 instances of DHCP on a USG40? I am currently running one on my LAN2 side and I am thinking of using the OPT port for a wireless AP for guests, thus the need for a "second" DHCP.
Thanks in advance.
↧
↧
USG Session Limit
I'm looking for guidance/best practices on utilizing the session limit feature in Zyxel USG routers. I generally set it for 1,000-2,000 sessions per client and typically don't have any issue. However, I've found that when some devices try to open more sessions and are blocked, the USG CPU maxes out and causes high latency for everyone. I am theorizing that this is due to the device continually attempting to open new sessions. Whatever the cause, this seems counterproductive to the intended use case for session limit (i.e. prevent one device from hogging all the sessions).
Is this a bug? Is this normal? Do I have a configuration issue? Am I misusing this feature?
↧
Enabling IPv6 on your Zyxel / Zywall device
Setting up a Zyxel router/firewall for IPv6 is definitely not straight forward, mainly because the device is powerful enough to be configured for a wide variety of different uses. But if you are just trying to get IPv6 working – and if your broadband provider is Charter or Comcast – these instructions should work for you. I’m partially building off the good work from MaineMike, and some of the documentation that can be hard to find on this. In this case, it’s a USG40 – but likely is same across many of the models.
Zyxel code in use for these screen shots and instructions:
[att=1]
Step 1 - Enable IPv6: Go to Configuration -> System -> IPv6 and Enable IPv6.
Step 2 - Create DHCPv6 Service Request Object: Go to Configuration -> Object -> DHCPV6 and add a service object with Request Type = Prefix Delegation and specify the WAN interface. In this screen shot, the service object has been given the name "MyPD".
[att=2]
Step 3 - Configure WAN Interface: Go to Configuration -> Network -> Interface -> Ethernet and edit the WAN interface. Click "Show Advanced Settings". Enable Interface. Enable IPv6. Check Enable Stateless Address Auto-Configuration (SLAAC) – this part may not be necessary. Select "Client" for DHCPv6. Check Request Address. In DHCPv6 Request Options click Add and select "MyPD" (or whatever you named it above).
[att=3]
Step 4 - Configure LAN Interface: Go to Configuration -> Network -> Interface -> Ethernet and edit your LAN interface. Click "Show Advanced Settings". Enable Interface. Enable IPv6. In Address from DHCPv6 Prefix Delegation click "Add", select "MyPD", and specify a suffix of ::0:0:0:1/64. Check Enable Router Advertisement. In the Advertised Prefix from DHCPv6 Prefix Delegation box click "Add", select "MyPD" and specify a suffix of ::0/64.
[att=4]
Step 5 – CLI commands
First SSH in and then:
Type “enable” and ENTER
Type “configure terminal” and ENTER
Type “interface WAN” and ENTER (Where “WAN” is whatever name you use)
Type “ipv6 nd ra accept” and ENTER
Type “exit” and ENTER
Type “exit” and ENTER
Type “copy running-config startup-config” and ENTER
Validate routing table by typing:
“show ipv6 route”
Step 6 – At this point, you should be able to see IPv6 addresses being assigned from your ISP. Go to Configuration -> Network -> Interface -> Ethernet and you should start to see something like this:
[att=5]
Step 7 – you can also check your config by SSH’ing into the Zyxel and executing the command “show running-config”. Output should look something like this:
[att=6]
Step 8 – Now see if you can Ping a Google IPv6 DNS address from your Zyxel. Go to Maintenance -> Diagnostics -> Network Tool and select the Network Tool “PING IPv6”, and enter the IP address “2001:4860:4860::8888”. Then click “Test”. You should see something like this:
[att=7]
Step 9 – Check the client devices on your network and see if they are receiving IPv6 assignments. The above should definitely work for Comcast and Charter. Likely for most broadband providers.
↧
Help Setting up IPSec Tunnel Between ZyXel USG40w & PfSense
Hi,
I'm trying my best to setup a tunnel between a ZyXel USG40w and pfsense but it's not quite working out, i've matched both authentication for Phase 1 and 2 on both ends but getting "Dial a Dynamic Tunnel Has Failed for Crypto Map" Error :(
Does a "how to" instructions exist as i could not find one via google search that worked..
Thanks!
↧
configure zyxel p-663H-51
I recently moved from comcast to Consolidated communications in Katy, TX. According to them, I am getting dsl at 100 mbits. The modem that they provide at an unreasonable price is a zhone 6729-w1. I have copied the pages from that box's web portal to a file that I have attached. I tried to sorta copy these over to the zyxel. It didn't work. I was also surprised to see ptm in the zhone. Does anyone know if I can configure ptm on this zyxel device? Any help would be appreciated. I don't know much about dsl standards, but I am good with networking in general.
↧
↧
Upgrading USG40 Firmware for the 1st TIme
I am about to upgrade my USG40 for the 1st time and I am unsure of the procedure from within the GUI. I searched the net for this and most of the hits show externally ftp-ing the appropriate files down and extracted them, then loading them from the GUI.
My GUI screen shows "Running" and "Standby" versions. Assuming I need to select the "Standby" row and click the "Upgrade" folder or "Reboot" icon?
Thanks in advance.
Bob
↧
Static Route Attempt.
Want to enable my PC with IP 192.168.x.yy to access the gateway of another ROUTERs LAN.
(to be able to manage the other router via winbox).
The gateway LANIP of of the other router is 192.168.xx.1
The kicker is I am accessing my zyxel 40 home-lan from PC through interfaces on the other router. (by configuring two of the interfaces on the other router as a bridge (hence acting like a plain switch).
So cannot seem to get the static route configured right.
IP address entered relfects the IP destination I want to reach with the PC (the gateway LANIP of the other router).
Subnet mask 255.255.255.255
For gateway I tried two approaches.
1 - LAN1 (the LAN interface for the zyxel 40 my PC is on)
2- LANIP of the other router (its gateway LANIP address).
Neither worked.
↧
Ping problems /VPN configuration
Have 2 sites with USG210. Both sites with static IP-address. VPN tunnel is up.
Main site with network 172.16.0.x /21
Remote office with network 10.1.0.x / 24
Remote office can access ressources at main site.
Main site can access remote site from computers in the 172.16.0.x range
Computers in the range 172.16.1.x cannot ping or access remote site ressources.
It has something to do with subnets, but how do I solve this ?
↧
PK5001z WiFi not working
PK5001z, CenturyLink ADSL2+, WiFi was working fine until two days ago, then quit. SSID is not showing up.
Tried rebooting, hard reboot, toggle wifi on & off, change from auto channel to 1, 6, or 11. Seeing "zero" packets passed.
Any other tricks I can try?
↧
↧
VMG1312-B10D Static IP Address Block Deployment
I am trying to deploy a block of 8 static IP addresses (network, broadcast and router addresses are pre-assigned leaving 5 static ip addresses available to be used) to configure direct internet access for services such as FTP server, mail server, ipCam, etc. What I am aiming to achieve is to completely separate the services using the remaining available 5 static IP addresses (accessible directly from the Internet) from the internal network allowing the internal network to be able to continue to access the Internet.
The current network configuration uses a ZyXEL VMG1312-B10D as in bridge mode with an Asus RT-AC87U used as a wireless firewall/router to allow all the access to network services and the Internet. I've provided a .pdf file showing the current and target network configurations. Should the ZyXEL router be switched to Router mode with NAT disabled as a starting point? If so, will that affect the existing LAN Internet access?
Any advice/assistance on how this can be achieved would be greatly appreciated.
↧
ZyXel USG40 SecuExtender Update Failing
I am getting this message in my log on a daily basis:
"Get latest Mac SecuExtender version failed"
Since I do not use any VPN stuff on my USG, is there some way I can turn off the checking for SecuExtender updates that are happening?
Thanks in advance.
Bob
↧
How to block any incomming traffic by default from certain countries?
Is there any easy way to block any incoming traffic by default from certain countries on a USG40?
It seems that ZyXEL maps IP to country int he log.
↧
Upgrading To USG40 - Can I Duplicate Config?
Alas, could not afford to go larger at this time, and got a massive deal on a USG40.
Awaiting it's arrival soon.
Hopefully the UI (config process) will be similar or same in case I need to 'tweak' some stuff.
Is there a simple way to transfer (copy or duplicate) configuration settings from the USG20, or is this more complex?
Would simply need to duplicate the settings from the USG20 to the '40. Not using VPN (yet) nor any subscriptions.
Thanks for any help!
↧
↧
Brand New VPN100 - can't bring up IPsec s2S - "certificate chain looped"????
Seriously, Zyxel is fast becoming one of my most hated brands :mad:
Have a VPN100 device in for testing; trying to join it to my existing IPsec S2S setup using my own CA. This same cert/key generation process has been used on dozens of other routers with no problem.
CA cert is imported to the VPN100, CSR is generated & exported, I sign the CSR and re-import the signed cert back onto the Zyxel. Everything looks normal, and I even configured the "WWW" option to use the cert as the HTTPS certificate, and this works. When I browse to the web interface using HTTPS, the newly signed cert is there.
[att=1]
[att=2]
I now configure the VPN with the certificate. Of course it doesn't connect, and shows the following in the logs:
[att=3]
*sigh* what the flying fuck does "certificate looped" mean? Why does it say it can't find the trusted root, when the trusted root is obviously uploaded, as shown in my screenshots? There is a hilariously useless document from a ZyXel manual that is supposed to be a database of "Error Codes", but stupidly contains no other information besides the previously mentioned message and the number "11".
http://www.manualsdir.com/manuals/228308/zyxel-communications-zyxel-zywall-p1.html?page=358
I am getting to the point where I want to throw this thing out the window....... The only other vendor I have ever had this much trouble with was Netgear, and they got so bad they gave up on business firewalls last year..... I had a case open with ZyXel since late February, but it's been radio silence since I first sent the message.. EDIT yes i have tried factory resetting numerous times.
↧
Set up USG 50 to do PPoE Authentication for CenturyLink?
I live in a rural area which up until recently had limited wireless internet options. I survived with 2 providers and a USG 50 so I could use the dual WAN and switch when one went down. Now, I can get CenturyLink DSL. They gave me a C1000z as a modem, but I see it is router. I see also that I can switch it to bridge mode, but then the USG 50 has to do the authentication. I've tried searching for how to do this and found some hits to posts in this forum that I read, but still don't understand what I need to do. If someone would be willing to enlighten me, I appreciate it.
↧
Transferring config files from USG 200 to USG 100
Hi Guys, I've got a question regarding transferring the config files from USG 200 to USG 100 … The problem is that my USG 200 has recently passed away, so I've got USG 100 as a temporary solution instead. Will it be possible to use a config file from USG 200 for USG 100 (changing the header from USG 200 to USG 100)? The firmware is the same … Thanks.
I've checked Zyxel configuration converter here: https://www.zyxel.com/promotions/usg-configuration-converter-20130829-760081.shtml, but it does not say anything regarding converting the config files from USG 200 to USG 100.
↧