Are you facing a problem with your Zyxel firewall (mainly ATP-, USG FLEX- & VPN-Series) and want to learn more about finding the root cause? Then this might be the perfect knowledge-base article for you!
Within this article, we want to give you a starting point to analyze and diagnose issues on your USG. Below, you will find a mix of CLI-related diagnostic articles, tutorials and other things listed, hopefully empowering you to get the most out of your hardware!
Command Line Interface & Diagnosis
When it comes to sophistication and deep-down analysis possibilities, nothing can beat the CLI. Due to the nature of it being as barebone minimalistic as it is, it can present you with a plethora of different information, ready to be interpreted and read out by a skilled technician. Of course, mastering the CLI is a craft within itself, so we can only scratch the surface, but every venture starts somewhere.
Below are a few articles to give a starting point on how to actually access the CLI in the first place as well as a few generic helpful commands:
- Access the command line interface of your Zyxel device (SSH via puTTY & Console via TeraTerm)
- Overview of Helpful CLI Commands for USG Series (Best Practice)
Once the access is set, there are a few more specific different things that you can monitor as well as configure with the CLI
- USG Series - Packet Capture
- Diagnose the reasons for the large number of active sessions in the ZyWALL
- Change Management Port via CLI on USG/VPN/ATP devices
- USG Series: Login denied: Login attempt on a lockout address
- Reactivating HTTP/HTTPS access via serial cable connection or SSH-terminal
The CLI Reference Guide
Of course, there are tons of other options and possible setups out there - for that, we highly recommend visiting https://download.zyxel.com and checking the CLI Reference Guides for the specific product you are interested in. Type in the product for which you are interested in the search bar and click on the result matching your search:
After the page has loaded, scroll down a bit to the download section and choose the CLI Reference Guide:
This will open the CLI Reference Guide via PDF document - here you can find nearly all different CLI commands your particular device offers:
In order to give you straight ahead an example of a CLI-Reference Guide, we attached the CLI Reference Guide for the USG FLEX 100, Firmware v5.10, to this article. But of course, we still recommend browsing https://download.zyxel.com and having a look around there as well.
The next steps on analysis (e.g. Diag-File and SSH-to-Text)
So, CLI-commands and setting them up is one thing, but what if the information displayed vastly overwhelms your skillset & knowledge? Then fear not, there are two different possibilities:
- Create a diagnostic file and send it to us for further in-depth analysis
- Save the Console/SSH-Output to a text file and have it checked by us/the engineering department
Below you will find articles showing how this is done as well as processes/articles which are based around the fact that you save Console/SSH Output into a textfile:
- USG Series - Creating A Diagnostic File
- Logging high-level debug logs on USG/VPN/ATP-Firewalls (PuTTY-to-Textfile) via console
- USG Firewall crash logging procedure
Last, but not least, rather not an actual tool for analysis, but a very important thing to know when it comes to narrowing down issues is the way our Firewalls work - one of the greater "mysteries" is how our gateways actually prioritize routing. This however is explained detailed within the Packet Flow Explore menu:
We very much hope that this article helps you find your entryway into CLI-related configuration setups/diagnosis via CLI of your Zyxel Firewall. Enjoy exploring!