(My ratio as I write is about 5x, but I have severely limited the timeouts). The required number will be a lot lower if you lowered the values for TCP and UDP timeouts.
I would suggest a minimum of 100x the number of active connections you had for all torrents (as shown by the bit torrent client GUI) before the firmware change. If you run bit torrent I recommend setting this value higher than 1000 if you want to activate per host session limiting. Add the following configuration in the nf: System default setting change, enable IPv4/IPv6 firewall session limit per host and set limit to 1000. In the new GUI, the default session rule is "anything goes." Release notes say (page 17/41): In my USG50 release notes, there are CLI instructions for setting the session limit.
How to revert to an older firmware version is given on the last or penultimate page of the release notes pdf that is in the firmware zip file.
This time I deleted all and setup the firewall from zero, but services, schedules, addresses and more I have simply copied into the config file and loaded, so this night I'll can sleep DĪlso for me an upgrade in throughput, is it real that now I deleted some doubled firewall rules or something else but now when I transfer a large file from a nas in the dmz to the lan with the idp control dmz - lan I get now from 4 to 6 MB/s, with previous firmware never more 2.4 MB/s so I'm happy and I have ALL utm services active.īut in idp, adp, app patrol there are too many changes and in particular in app I deactivated many programs that I really don't use and never use but must test with internet traffic, various type of traffic to ensure all work fine as before.
you can save the base file of old fw to your pc the edit and add that lines of addresses and services to the config file simply with notepad then save and upload and load it in the appliance and you are ok.
If you want to roll back to a old fw you must save your config file, then upload and load the old fw then try to apply the config generated with the latest firmware, if it fails then load the basic config file provided with the old fw then set all settings manually but, of course, if you have in the new config file a list of services, addresses etc. htm extension that I stupidly deleted without checking what it was but for sure it is not mandatory for the appliance.Īt this moment I'm happy with the upgrade! If Zyxel will expand idp signatures I think if they'll sell next year new HIGH THROUGHPUT appliances I will buy one!įinally I was surprised, really, when watching the application patrol list, it competes with Sonicwall, don't know for quality but for number of programs surely!!! Now I continue to reconfigure all manually, I taked screenshots of my previous firmware configuration cause this time I don't want to simply overwrite with new fw, but I want to configure it from the basics and then save the config file.mmmh, config files, when restarted the appliance had startup config, lastgood, default config, another startup config with the date (but it si the same of the startup config so.boh.) and another file with. Then go to check the idp service rules, adp and application patrol, is incredible!!! if the idp I must browse it, the adp has less settings renamed I think or for sure deleted many of them, cause I think they were too old.and go to the application patrol, you get impressed by the number of categories and applications supported, p2p for example has 48 voices, 30 more then the old fw and idp service.voice over ip has 18 applications, the old fw had only 2.these are only 2 examples.ah, the idp service finally has the support for mobile OSes: really happy cause with the enormouse bug fixes in particular for the vpn service, will be really great to browse the internet with your mobile device trough the USG appliance!!! great!!!
Then go there to update the signatures and if get errors don't worry, they updated al servers from too low hours.
Go to update manually, if get errors don't worry Insert your account details and let pass 1 minute max Upload and apply the config file provided with the fw package from Finally I suggest anyone to save old config for reference only.