When troubleshooting unusual behavior in USG devices, a diagnostic file (diag-file) is crucial. It provides insights into your network's operations, helping our support team identify and resolve issues. This article explains how to collect, create, and download the diag-file from the Web GUI, as well as using SSH for USG FLEX, ATP, and VPN Series devices. We’ll also cover using FTP services like FileZilla to download the file, especially if the device is unresponsive.
Helpful articles:
- CLI via Console Cable [Zyxel Devices] - Console to Access the Serial Port & Use Debug level 8 [Putty & TeraTerm]
- USG FLEX H Series [Firewall] - Right Console Cable and LED Indication
- Zyxel Access Point [Console] - How to use the console port to Access Points
Diagnostic File - Create and Download via Web GUI
To start, log in to your USG, go to Maintenance > Diagnostic, and click on "Collect Now." This process can take up to ten minutes, depending on your configuration. Once complete, you can download the file from the Files section.
- Login to your firewall with your admin user and password
- Navigate to Maintenence -> Diagnostic -> "Collect Now" and let it collect for up to 10 minutes
- Download the Diagnostic File under Maintenance -> Diagnostics -> Diagnostics -> Files by marking the file you want to download and then hit "Download":
Diagnostic File - Create via SSH and Download via FTP
It's also possible to create and collect the diagnostic file via SSH.
- Login to Putty, TeraTerm or any other SSH program
- Write the command
configure terminal
- Then write the following command to get all files needed for investigation:
diaginfo set ac 1023- Then collect the diagnostic file with this command and let it collect for up to 10 minutes
diaginfo collect ac
- if you want to see the status of the diagnostic file collection, write this command
show diag-info
- or this command
show diag-info status
- Download and open FileZilla
- Enter your host (LAN or WAN Gateway IP), admin username and password as well as port 21 (FTP port) and click Quick Connect
- You should see "TLS connection established." and "Logged in".
- If you don't see this, it's probably because port 21 is not allowed in the firewall rules form WAN to Zywall, or LAN to Zywall.
- Then navigate to the "debug" folder and then download the diagnostic file (diaginfo-2023-03-30_14-30-36.tar.bz2) to your PC