GorkOu812ic join:2001-10-06 Bountiful, UT |
to Brano
Re: USG Firmware 3.30 is out!Hey Brano ... Did you "downgrade" or are you running v3.30 while you wait for an update? |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2013-Sep-22 8:28 am
I'm on 3.30. Other than BWM (which I've disabled) I have no issues with the FW. |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
Anav
Premium Member
2013-Sep-22 12:53 pm
same same, don't use BWM, rest is working for me. |
|
|
GorkOu812ic join:2001-10-06 Bountiful, UT |
to Brano
said by Brano:I'm on 3.30. Other than BWM (which I've disabled) I have no issues with the FW. My results as well. I didn't even try BWM - haven't ever used it. |
|
|
to Brano
One anomaly I've noticed is that the dashboard shows no intrusions in the top 5 section. IDP is the only service I have licensed this year, and for v3.00 B4 there were reports. Further, I haven't seen any recent update notices in my email, the last of which appears to be on 8/28. IDP is shown as on. Was I supposed to do something ZyXEL didn't bother to mention in "Read me first" or in the upgrade instructions at the back of the change notes?
kirby |
|
|
to Brano
Kirby same here!!! latest email for idp was the first for new idp version then stop!!! I hope they upgraded email accounts also for new idp or....no oh no, i don't want to email them....they interrupted sending me that alerts in march: only after 45 days they solved it, in the meantime they, accordingly to me, sent test emails but became crazy is only the good experience in that period!!! received mails that are also for zywall 35, idp 10 and more, and today they have not solved the double o triple mails they send to me for ZAV AND KAV but in that months i told them but no solution, they sent all mails to me massively without think about what is ok or not...and they know what you are subscribed on but they simply ignore.
I use as for the past two years to active all idp signature, log alert and drop for all, today they updated to 3051 version then i'll che k in the category screen for someone not set as mine though then modifie.
never check in the app patrol, this update services contains tones of signatures and is longer to check all now.
if they stop sending mails i will not renew the service, same as cf and antivurs next year, then pass to another better brand.
and also remeber, many times they update signatures but some are with no action about countermisures and no log and yes: are not active rules!!! so why they do it? to enlarge and slow the performance of appliances? |
|
|
to Brano
Thanks, hardstyler.
I haven't seen an email notice lately, but the USG 50 reports on the IDP page that the latest version is 2013-09-17 11:19:16. Maybe it is silently upgrading the signatures. However, one might expect it to detect something now when previously it detected stuff every few minutes. Maybe they decided the old detections were false positives and the new signatures don't include those characteristics.
The IDP statistics claim 14137046 sessions checked (presumably since the 3.3 upgrade) with zero packets dropped or reset. And all bad guys have retired from the Internet.
On the other hand, according to the log the firewall is blocking and dropping a lot of UDP aimed at port 7561 of one of my WAN addresses.
kirby |
|
2 edits |
arrived email some hours ago, finally! I was in suspense for these e-mails: don't want to re-do the same thing of 6 months ago....NEVER!
the signatures updated are only 3, but deleted and the new added are really a ton! and I think they are not all in that list, just now I ended to set as I want all signatures, not counted but I think they are more then the list anyway check your private message, I sent you something.
about your problem in the dashboard....can't help! but try to do a free port scan from some site, or use a trial versione of GFI LANGUARD and if you have not too much time simply do the test of the TOP 20 VULNERABILITIES and you'll see absolutelly logs and dashboard populated! Mine was, dashboard and so logs. try it! ah, these tests are not dangerous and the program is known and approved, is not a hacking program to exploit your network and let it open forever so if you run a company's network you'll not be dismissed! ;D if you want use metasploit for example then you must know what are you doing but don't ask to me, I'm noob! |
|
|
to Brano
I'll try to do that experiment this weekend.
k |
|
1 edit |
to Brano
3.30 (aqq.1) is on the ftp site » ftp:// ftp.zyxel.com/ZYWALL_USG ··· 1)C0.zipFeatures: 3.30(AQQ.1)C0 Modifications in 3.30(AQQ.1)C0 1. [BUG FIX] eITS# 130903164 Symptom: Actions in IDP profile cant be correctly saved after reboot. Condition: It occurs when the rule action default is none and then set to reject-both. 2. [BUG FIX] Symptom: It occurs to kernel crash when enabling BWM service. Condition: 1. Create a service group contains at least 2 service objects which belong to TCP protocol. 2. Enable BWM service and add an BWM rule with the following setting: a. Choose Service Object as service type. b. Select the service group just been created from the Service Object drop-down list. 3. It will occur to kernel crash later when you have TCP traffic pass through device. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2013-Sep-27 10:24 am
Perfect! let's see if they fixed the BWM throughput as well. |
|
1 edit |
So whos gonna be the first guinnea pig? I'm at work, and got burned by the last upgrade [since I use BWM], so I think I will wait and play around with this one on my personal router at home over the weekend first.
-Alan |
|
JPedroT Premium Member join:2005-02-18 |
JPedroT
Premium Member
2013-Sep-27 11:25 am
said by FirebirdTN:So whos gonna be the first guinnea pig? I'm at work, and got burned by the last upgrade [since I use BWM], so I think I will wait and play around with this one on my personal router at home over the weekend first.
-Alan Upgraded our USG-300 works fine for me, but we do not use the BWM, since our link is 1Gb, thinking about getting a ZyWALL 110 to get more out of our link. |
|
|
to Brano
Path to USG -50 repository is » ftp:// ftp.zyxel.com/ZyWALL_USG ··· irmware/New version is ZyWALL USG 50_3.30(BDS.1)C0.zip 63661 KB 09/25/2013 10:50:00 AM I'll get to it later. kirby |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA |
Not so many early adopters this time, it seems (he says, from the sidelines again) |
|
|
said by lorennerol: Not so many early adopters this time, it seems (he says, from the sidelines again) Now sounds like a great time to "take the bull by the horns". -Alan |
|
|
to lorennerol
Just did the update on my USG 50, everything seems the same. I have the BWM enabled and SIP option selected, but my speeds tests for both my cable and DSL connection still show the same maximum speed. Cable approx 40 - 45 down 15-16up (plan is the Comcast Blast, which I believe is 50/10), DSL 41-42 down and 15 - 16up (plan is the 40/20 from centurylink, but my modem trains in at 45/20)
I tested with BWM on and off. So for me and my connections I don't see any issues. (though if I read the threads correctly, the limit was around 50mbps? |
|
|
to Brano
I also updated my USG50 with the new firmware - no problems so far. I am not using BWM. |
|
|
to Brano
One thing that is interesting, is that my startup configuration file went down in size, but everything appears to still be the same. So they must have done some cleanup somewhere. Went from a size of 25564 to 24833. |
|
mozerdLight Will Pierce The Darkness MVM join:2004-04-23 Nepean, ON |
to Brano
On my USG 100 --- Installed the FW update. BW still broken IMO/
With BW enabled I get 35 Mbps down With BW disabled I get 50 Mbps down
My ISP provides me with 100 Mbps Down and 10 Mbps Up. |
|
|
to FirebirdTN
BWM: - no detectable reduction in upload speed with BWM enable with default rule, an definite improvement over last 3 releases (perhaps more) - others will have to test further No problems with any ipsec site-to-site vpn nor from android. Secuextender works with windows 8.1 and java 7.40 (which needs desktop mode). IPv6 6to4 tunnel works. EPS: - documented not to work with 64-bit OSes - no support for windows 8.0, 8.1, 2012, 2012 r2 patch checking - no support for av with last 2 years * therefor likely no effective support against trojans and regular keyloggers [ excludes backdoors ] which can get passwords used with RDP. SSL_VPN - no change, same as 3.00 aqq.4, thus no perfect forward security for RDP, nor TLS 1.2, no removal of old chipers. [ see » SSL_VPN security ] - no mention of whether we are affected by compromised RSA standards Could not get console to work on firefox or chrome (like 3.00 aqq.4). Use Internet explorer. "Top firewall rules that blocked traffic for ipv6" widget only seems to work with internet explorer. This seems to move us ahead in actual terms, but falls behind the every increasing needs of the marketplace. |
|
|
to Brano
Thanks for the feedback! Any noticeable degradation of download speed with BWM enabled like mozerd is seeing? (there is a thread that specifically fingers throughput issues on the USG 100; I have 50s and a 200)
I've never noticed a degradation of UL speed, but I purposely limit my UL via BWM to just under my measured throughput to prevent bufferbloat.
-Alan |
|
|
to daveyeager
Similar results. My firefox install (23.0.1) and chrome (version 29) on my Windows 8 seems to work OK when doing most of the aspects, including widgets. I also cannot utilize the console from firefox or chrome, the java applet will not fully/completely load) |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA |
said by kbonnel:the java applet will not fully/completely load Java or JavaScript?? Please tell me I don't have to install the JVM to manage these routers now... |
|
4 edits |
to Brano
Console works for me in Firefox 23.0.1. However NOTE: I am using Java 6 because of an incompatibility with some gear at work and Java 7.
BWM still broken.
Speed tested, limited to 47. Old firmware solid 49.+ (I set my limit to 51200 to defeat powerboost). When I run a speedtest from OOKLA, it gives a graph that represents instantaneous peaks and valleies. On firmware 3.00 (BDS.4) with my BWM settings, its a perfect rectangle. No variation in speed at all. Not quite so with the current FW. Also with this new FM after the initial speed test I disabled BWM and tested again and got peaks in the 80s, which is normal. But here is the real kicker: I re-enabled BWM and ran a 3rd test and was limited to 13!
-EDIT- My BWM rules aren't working anymore. I disabled them, and created a new simple rule: from any to any service any in 8192 out 8192. That worked. Tried changing outgoing interface to "wan1", and the rule no longer worked.
Looks like they finished the BWM Kernal crash, but there is no real change that I can see over the previous pulled firmware. -Alan |
|
|
to Brano
Update to 3.31 seems to be seamless. Getting 30/15 from from/to NJ/NH via speed test net. This is what each of my FAST connections is rated for. BWM off; IDP on.
kirby |
|
1 edit |
to Brano
Updated my USG20W to 3.30.1 Update was smooth and BWM is working perfectly.
W. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2013-Sep-27 9:25 pm
No issues here either after the upgrade. BWM is off though. ...will test BWM later. ...and it's not 3.31, it's 3.30.1 |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
Anav
Premium Member
2013-Sep-27 9:54 pm
Just d/1 3.30.1 and I can report that the BWM enabled selection still hoses the throughput. :-(((( 190Mbps BWM off, 46Mbps BWM enabled. |
|
|
to Brano
One thing I also noticed, is that my memory usage is higher than the previous 3.00 firmware. Before the update, I was using around 45 - 50%, now it is at 61%. |
|