1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 153
Page 761 / 944 Scroll up to view Page 756 - 760
Chapter 51 Troubleshooting
ZyWALL USG 50 User’s Guide
761
Make sure your ZyWALL has the content filter category service registered and
that the license is not expired. Purchase a new license if the license is expired.
Make sure your ZyWALL is connected to the Internet.
I configured security settings but the ZyWALL is not applying them for certain
interfaces.
Many security settings are usually applied to zones. Make sure you assign the
interfaces to the appropriate zones. When you create an interface, there is no
security applied on it until you assign it to a zone.
The ZyWALL is not applying the custom policy route I configured.
The ZyWALL checks the policy routes in the order that they are listed. So make
sure that your custom policy route comes before any other routes that the traffic
would also match.
The ZyWALL is not applying the custom firewall rule I configured.
The ZyWALL checks the firewall rules in the order that they are listed. So make
sure that your custom firewall rule comes before any other rules that the traffic
would also match.
I cannot enter the interface name I want.
The format of interface names other than the Ethernet interface names is very
strict. Each name consists of 2-4 letters (interface type), followed by a number
(x, limited by the maximum number of each type of interface). For example,
VLAN interfaces are vlan0, vlan1, vlan2, ...; and so on.
The names of virtual interfaces are derived from the interfaces on which they
are created. For example, virtual interfaces created on Ethernet interface wan1
are called wan1:1, wan1:2, and so on. Virtual interfaces created on VLAN
interface vlan2 are called vlan2:1, vlan2:2, and so on. You cannot specify the
number after the colon(:) in the Web Configurator; it is a sequential number.
You can specify the number after the colon if you use the CLI to set up a virtual
interface.
Page 762 / 944
Chapter 51 Troubleshooting
ZyWALL USG 50 User’s Guide
762
I cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN interface
on an Ethernet interface.
You cannot set up a PPP interface, virtual Ethernet interface or virtual VLAN
interface if the underlying interface is a member of a bridge. You also cannot add
an Ethernet interface or VLAN interface to a bridge if the member interface has a
virtual interface or PPP interface on top of it.
My rules and settings that apply to a particular interface no longer work.
The interface’s IP address may have changed. To avoid this create an IP address
object based on the interface. This way the ZyWALL automatically updates every
rule or setting that uses the object whenever the interface’s IP address settings
change. For example, if you change LAN1’s IP address, the ZyWALL automatically
updates the corresponding interface-based, LAN1 subnet address object.
I cannot set up a PPP interface.
You have to set up an ISP account before you create a PPPoE or PPTP interface.
The data rates through my cellular connection are no-where near the rates I
expected.
The actual cellular data rate you obtain varies depending on the cellular device
you use, the signal strength to the service provider’s base station, and so on.
I created a cellular interface but cannot connect through it.
Make sure you have a compatible 3G device installed or connected. See
Chapter
52 on page 775
for details.
Make sure you have the cellular interface enabled.
Make sure the cellular interface has the correct user name, password, and PIN
code configured with the correct casing.
Page 763 / 944
Chapter 51 Troubleshooting
ZyWALL USG 50 User’s Guide
763
If the ZyWALL has multiple WAN interfaces, make sure their IP addresses are on
different subnets.
I cannot configure a particular VLAN interface on top of an Ethernet interface even
though I have it configured it on top of another Ethernet interface.
Each VLAN interface is created on top of only one Ethernet interface.
The ZyWALL is not applying an interface’s configured ingress bandwidth limit.
At the time of writing, the ZyWALL does not support ingress bandwidth
management.
The ZyWALL is not applying my application patrol bandwidth management
settings.
Bandwidth management in policy routes has priority over application patrol
bandwidth management.
The ZyWALL’s performance slowed down after I configured many new application
patrol entries.
The ZyWALL checks the ports and conditions configured in application patrol
entries in the order they appear in the list. While this sequence does not affect the
functionality, you might improve the performance of the ZyWALL by putting more
commonly used ports at the top of the list.
The ZyWALL’s anti-virus scanner cleaned an infected file but now I cannot use the
file.
The scanning engine checks the contents of the packets for virus. If a virus
pattern is matched, the ZyWALL removes the infected portion of the file along with
the rest of the file. The un-infected portion of the file before a virus pattern was
Page 764 / 944
Chapter 51 Troubleshooting
ZyWALL USG 50 User’s Guide
764
matched still goes through. Since the ZyWALL erases the infected portion of the
file before sending it, you may not be able to open the file.
The ZyWALL is not scanning some zipped files.
The ZyWALL cannot unzip password protected ZIP files or a ZIP file within another ZIP file.
There are also limits to the number of ZIP files that the ZyWALL can concurrently unzip.
The ZyWALL is deleting some zipped files.
The anti-virus policy may be set to delete zipped files that the ZyWALL cannot
unzip.
The ZyWALL cannot unzip password protected ZIP files or a ZIP file within another
ZIP file. There are also limits to the number of ZIP files that the ZyWALL can concurrently
unzip.
The ZyWALL’s performance seems slower after configuring IDP.
Depending on your network topology and traffic load, binding every packet
direction to an IDP profile may affect the ZyWALL’s performance. You may want to
focus IDP scanning on certain traffic directions such as incoming traffic.
IDP is dropping traffic that matches a rule that says no action should be taken.
The ZyWALL checks all signatures and continues searching even after a match is
found. If two or more rules have conflicting actions for the same packet, then the
ZyWALL applies the more restrictive action (
reject-both, reject-receiver or
reject-sender, drop, none
in this order). If a packet matches a rule for
reject-
receiver
and it also matches a rule for
reject-sender
, then the ZyWALL will
reject-both
.
I uploaded a custom signature file and now all of my earlier custom signatures are
gone.
The name of the complete custom signature file on the ZyWALL is ‘custom.rules’.
If you import a file named ‘custom.rules’, then all custom signatures on the
Page 765 / 944
Chapter 51 Troubleshooting
ZyWALL USG 50 User’s Guide
765
ZyWALL are overwritten with the new file. If this is not your intention, make sure
that the files you import are not named ‘custom.rules’.
I cannot configure some items in IDP that I can configure in Snort.
Not all Snort functionality is supported in the ZyWALL.
The ZyWALL’s performance seems slower after configuring ADP.
Depending on your network topology and traffic load, applying an anomaly profile to
each and every packet direction may affect the ZyWALL’s performance.
The ZyWALL routes and applies SNAT for traffic from some interfaces but not
from others.
The ZyWALL automatically uses SNAT for traffic it routes from internal interfaces
to external interfaces. For example LAN to WAN traffic. You must manually
configure a policy route to add routing and SNAT settings for an interface with the
Interface Type
set to
General
. You can also configure a policy route to override
the default routing and SNAT behavior for an interface with the
Interface Type
set to
Internal
or
External
.
The ZyWALL is not applying a policy route’s port triggering settings.
You also need to create a firewall rule to allow an incoming service.
I cannot get Dynamic DNS to work.
You must have a public WAN IP address to use Dynamic DNS.
Make sure you recorded your DDNS account’s user name, password, and
domain name and have entered them properly in the ZyWALL.
You may need to configure the DDNS entry’s IP Address setting to
Auto
if the
interface has a dynamic IP address or there are one or more NAT routers
between the ZyWALL and the DDNS server.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top