Zyxel USG20

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
Hi

I have just bought a Zyxel USG20 for a small office of 4 users.

They all use the same gmail account (no google apps) on outlook for email and calendar sync (with gsyncit addon).

Since I installed the firewall two weeks ago they started to have some errors on outlook :

"TOO MANY SIMULTANEOUS CONNECTIONS FAILURE"

Could it be that the firewall keeps connections and somehow in the day they reach the maximum of 15 ?

They have like 4 computers and 3 iphones.

They have some issues also from certains websites when they login with the same shared account for the office. The website says that there is already someone connected with the same account.

The issues started when I installed the firewall, everything was working fine when the office had only the modem/router.

Thanks
 

Cmustang87

Supreme [H]ardness
Joined
Oct 4, 2007
Messages
4,498
I would suggest logging into the Zyxel and looking at the active connections. If there's any wireless sharing that internet connection, that will use up your nodes as well.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
The cpu is a 45 %, memory at 58 %, flash usage at 29% active sessions at 900/10000
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
Acutally I have checked the logs and I got several alerts maybe unrelated:

Interface wan1_ppp is disconnected.
Interface wan1_ppp connect failed : Peer not responding.
Interface wan1_ppp connection terminated.

So it seems its the pppoe that is having some issues also...
 
Last edited:

Liger88

2[H]4U
Joined
Feb 14, 2012
Messages
2,657
Just curious, but are you using the latest firmware? Most USG's bought even now brand new are using older versions that had some serious problems. The 3.30+ versions have been nothing but solid.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
Yeah I am using : 3.30(BDQ.4)C0 its the latest on the zyxel website.
 
Last edited:

stormy1

[H]ard|Gawd
Joined
Apr 3, 2008
Messages
1,053
run a malwarebytes scan on all the computers. There is a good chance you have a virus on one or more machines.
If it has a feature where you can see all the packets real time you can tell which computer is sending all the traffic by looking at the packets.
Or you could use wireshark on a bridge but for a small office it would be faster just to scan the computers.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
No virus and no malware. Scanned with avast and malwarebytes.

I will swap the unit and see what happens. I am pretty sure its the DSL modem that has gone out of bridge mode.
 
Last edited:

Nate7311

2[H]4U
Joined
Jan 11, 2001
Messages
3,320
If the Modem has gone out of bridge mode you should be able to tell based upon the IP assigned to the WAN interface of the USG. Public IP vs. generic class C NAT address.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
I removed the Zyxel out of production, it turns out that the connection runs on a VDSL modem. The modem was in bridge mode (factory reset, bogus credentials, dhcp/wireless deactivated) , but strangely it still has a public ip. I checked the logs and the pppoe passthrough was active.

The Zyxel had a different public ip, I tried to redo the wizard and doubled checked the password and user info and nothing changed.

So my guess is the Zyxel wan port needs to be in a specific VLAN, I am pretty sure its VLAN35.

Why I removed the Zyxel ? The business was audited by their professional order last week, and they don't want chinese products as security equipment. I will probably buy a Fortigate 40C.
 
Last edited:

Liger88

2[H]4U
Joined
Feb 14, 2012
Messages
2,657
I removed the Zyxel out of production, it turns out that the connection runs on a VDSL modem. The modem was in bridge mode (factory reset, bogus credentials, dhcp/wireless deactivated) , but strangely it still has a public ip. I checked the logs and the pppoe passthrough was active.

The Zyxel had a different public ip, I tried to redo the wizard and doubled checked the password and user info and nothing changed.

So my guess is the Zyxel wan port needs to be in a specific VLAN, I am pretty sure its VLAN35.

Why I removed the Zyxel ? The business was audited by their professional order last week, and they don't want chinese products as security equipment. I will probably buy a Fortigate 40C.


I've heard this same VLAN issue thing pop up with some DSL providers over on DSLReports.com as well. They have a forum (surprisingly) dedicated to ZyXel that is pretty active. Perhaps they could be more helpful as to what the problem was and how it could be avoided in the future.

As far as the audit goes I hope that's not what they said because that's pretty damn insulting for ZyXel. They are a Taiwanese company that has been very respected in the U.S. for the past 15 years. Small, but trustworthy and I think the world is taking this Chinese threat too personally, especially with recent leaks showing the U.S. companies are most damaging.
 

Metraon

Limp Gawd
Joined
Feb 23, 2011
Messages
307
I have been given a written copy of the security audit. A few comments are not accurate and I wonder on what specifications the inspector base his recommendations. I dont work there, I do bi-annual consultation.

They need to have a dedicated firewall for their internet connection, which I can understand. They don't mention if it must have IDS features or any more advanced features.

They recommended on paper, Fortinet, SonicWall and Cisco because they are North America based companies. The inspector affirmed in his report "Zyxel is probably chinese" (the probably indicates me he doesn't know the company and the products).

The "funny" thing is that the inspector checks only if the firewall is plugged. He also tries to guess the Wi-Fi password and SSID name. They recommend its hidden (wich is BS), WEP is ok (wich is BS).

He also tries to log into the computers in the office to see if there is a password on the computers.

He checked if the computers had a paid anti-virus subscription. The brand doesn't matter for this criteria and they don't check mobile and/or ipads.

Thats about it.

I see multiple problems in that (and in the methodology). I said that all the users mostly use shared and weaks passwords for all their services (which I think is more a concern that using a Zyxel firewall), he said it wasn't an evaluation criteria.

And also told him that password protecting Windows computer doesn't mean they are protected from theft as they (hard drives) are not encrypted, he said it doesn't matter.

Meh.
 
Last edited:
Top