Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
1 edit | reply to jig
Re: ZyWall 5 V4.00 (XD.2) released
The X-550 is a gaming oriented home router with the addition of MIMO, comparing to SMB is really not that useful.
Concur, WAN to WLAN should be drop by default!!
Please use the z70 demo link to view the firewall defaults page..........
»New INTERACTIVE ZYWALL 70 DEMO |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to PVU
said by PVU  :I lost you guys for a moment, and got a real sinking feeling  But I'm back! It did not take the downgrade too well, so I had to get to the router and upload the 4 XD.0 (saved), then XD.2. Whew!! I seem to be moving faster - but there's no one else using the bandwidth. Do you mean you are the only one at this time connected to the 1.5Mbs connection?
About the only way to tell is to swap out the Zywall with a different router and see if you go faster or go back to the 3.64 firmware. If you try to go back to 3.64 after the flash is done you have to hold IN the RESET button for 15 seconds or more. I've gone back and forth between 4 and 3.64 and had to do the LONG reset whenever going back to 3.64.
said by PVU :On the new 4 firmware, there are new default settings that weren't there in 3x: WAN to WLAN: ? - the default is Permit WLAN to WAN: ? - the default is Permit The only defalts (with no rules) before was LAN to LAN, and LAN to WAN. There were (and are) LAN to DMZ and WAN to DMZ rules. Can I disable to WLAN stuff? - we run on a LAN (don't know what WLAN is all about). I think all those were there in 3.64? My default rule is set to Drop WAN to WLAN and I haven't change it. Don't know how your got set to Permit.
Yes you can set it to Drop and until you install a WLAN card (Wireless card) it really doesn't matter.
said by PVU :Also, the 4x defaults are "drop". Why not use "reject"? Before there was "permit" or "block" - no 3rd option. I don't think I want to try going back to 3x. When you say reset defaults, do I have to go through the whole thing again? Or, if the setting were good (retained) should I just re-apply the the settings? Thanks What you need to do is hit either the reset button on the front of the unit or use the reset link in the WEB GUI, that take the router back to factory defaults. Then you need to do ALL of the setting you need, WAN connection, Static DHCP, Port forwarding and firewall rules, by hand again, NOT using a saved configuration file. Actually the last time I reset my Z5 I loaded the default ROM file that came with the 4.0 (XD.2) firmware because I was unsure if I had ever loaded any of the default ROM files that came with previous firmwares and there are some notes about making changes to a older ROM files. So I figured the best thing to do would be to just load the newest ROM file and then do all my setting by hand from scratch.
--
Shooter Ready--Stand By BEEP ******** |
|
DavidJWood
Premium
join:2001-10-12
UK
| reply to PVU
Unless you have a wireless card in the ZyWALL, you can forget about the WLAN zone - under 4.00, WLAN is only available if you have a wireless card. By default, the wireless card is in the LAN zone, but you can set it to be in DMZ or the new WLAN zone under 4.00 (under 3.x, it was always in LAN).
The nearest equivalent to the old "block" is "drop", assuming that you didn't change the default behaviour of the ZyNOS 3 firewall. Both drop unwanted traffic without sending a TCP RST - so called "stealth". Reject is the same as "drop", but also sends an ICMP Destination Unreachable message back.
By reset to defaults, I mean pushing the button to restore to factory defaults in Maintenance -> Backup & Restore or equivalent. Even though things may look OK, there may be subtle corruption in settings converted when you upgraded from 3.x, which restoring to defaults and reconfiguring from scratch may solve.
Before you reset to defaults, save your settings (just in case you want to get back to where you were - though if you reload that configuration, you've undone any benefit of resetting to defaults) and make sure you have any notes you need to reconfigure the router.
David |
|
PVU
join:2005-08-29
Silver Spring, MD
| reply to DavidJWood
said by DavidJWood :I wonder if a better solution, rather than downgrading, is to reset to defaults under 4.00 and reconfigure from scratch. There are various changes in version 4 firmware and that may help. My apologies if you've already done this, but if you downgrade to version 3 and you don't have a saved configuration from version 3, you'll have to reconfigure from scratch under version 3. As version 3 firmware is the past, and may well not receive that much more attention, it seems better to put your effort into what's to come, and try to get ZyXEL's help if you have a problem with version 4, rather than spending time downgrading. Of course, it has to be your choice! David I lost you guys for a moment, and got a real sinking feeling
But I'm back! It did not take the downgrade too well, so I had to get to the router and upload the 4 XD.0 (saved), then XD.2. Whew!!
I seem to be moving faster - but there's no one else using the bandwidth. On the new 4 firmware, there are new default settings that weren't there in 3x:
WAN to WLAN: ? - the default is Permit
WLAN to WAN: ? - the default is Permit
The only defalts (with no rules) before was LAN to LAN, and LAN to WAN. There were (and are) LAN to DMZ and WAN to DMZ rules.
Can I disable to WLAN stuff? - we run on a LAN (don't know what WLAN is all about).
Also, the 4x defaults are "drop". Why not use "reject"? Before there was "permit" or "block" - no 3rd option.
I don't think I want to try going back to 3x. When you say reset defaults, do I have to go through the whole thing again? Or, if the setting were good (retained) should I just re-apply the the settings? Thanks |
|
DavidJWood
Premium
join:2001-10-12
UK
| reply to Shootist
I wonder if a better solution, rather than downgrading, is to reset to defaults under 4.00 and reconfigure from scratch. There are various changes in version 4 firmware and that may help.
My apologies if you've already done this, but if you downgrade to version 3 and you don't have a saved configuration from version 3, you'll have to reconfigure from scratch under version 3. As version 3 firmware is the past, and may well not receive that much more attention, it seems better to put your effort into what's to come, and try to get ZyXEL's help if you have a problem with version 4, rather than spending time downgrading.
Of course, it has to be your choice!
David |
|
jig
join:2001-01-05
Hacienda Heights, CA
1 edit | reply to Shootist
said by Shootist :I don't know about anyone else but the most Nat sessions I ever used was with 2 P2P apps running, Limewire and WinMX, doing multiple searches on both and multiple downloads on both I got to something like 3700. Not sure if you could ever get to 16000 on a home connection anytime in the near future. Ok Yes you could have the fastest connection on the planet for home use but just how many people will have that type of connection. And with the way things are going P2P could be dead anytime in the near future. i doubt that very much (the last).
how do limewire and winmx stack up against 3 or 4 large torrents all going at the same time?
actually, can i just get an idea of sessions open by running netstat -an on a win machine? or maybe tcpview? or are there usually a bunch of orphaned nat sessions left in the table of the router for a long time?
edit->well, after running the command "ip nat iface enif1 st" on my old rt314, i see that its table size is 256... and doesn't that correspond to the number of nat sessions?
maybe i'm worrying about nothing important. |
|
jig
join:2001-01-05
Hacienda Heights, CA
| reply to Shootist
there WERE initial reports of a slowdown, but it seemed to be a symptom of not resetting the zywall to all defaults from within the firmware and then inputting all the user specific details.
so, if you are seeing a speed drop, try resetting to all defaults, go through the initial setup, and test it again.
your switch should have no bearing on the relative speed changes. i suppose if it was a managed switch and its internal ip address somehow was in contention with the new routers subnet then maybe, but otherwise i have yet to see either a hub or switch be incompatible with multi-vendor hardware, as long as the hardware doesn't have a mechanical fault. |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to PVU
Yes you can go back to v3 but after the firmware uplaods the router will go into a continuous reboot. Just hold in the reset button for 15 second and it will clear the reboots and you'll be good to go.
Personally I have not seen any slow downs at all since going to V4 firmware and if there was a problem with V4 it would of shown up on other users units and been reported here. I haven't seen any other than yours.
--
Shooter Ready--Stand By BEEP ******** |
|
PVU
join:2005-08-29
Silver Spring, MD
| reply to Shootist
said by Shootist :None here. From looking at the data sheets it looks like the FW throughput has been lowered on all models with the V4 firmware compared with the 3.64. Z5 80 v3.64, 65 v4, Z35/70 down 10 instead of the 15 for the Z5. The VPN is also down a little on the Z35/70 but the same for the Z5. Just what type of speed problem are you having and how fast is your connection. Shoot, I'm assuming that lowered FireWall throughput is a good thing?
After upgrading, it seemed as if overall speed really went south. Interestingly, it seemed that there was a disproportionate split between the users – some faster than others. But, generally speaking, overall speed decreased.
I checked with my (1.5 mbps) provider – thinking it could be on their end. The prelim tests were all good (just shy of 1.5).
Can I go back to 3x?
Also, I’m using a Linksys router as a switch. I would hate to switch switches because my problems are new, but is there a difference in switches.
I wish I could offer more. I guess the big question is: Can I go back to 3x to see what’s up? Thanks |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to jig
I don't know about anyone else but the most Nat sessions I ever used was with 2 P2P apps running, Limewire and WinMX, doing multiple searches on both and multiple downloads on both I got to something like 3700. Not sure if you could ever get to 16000 on a home connection anytime in the near future. Ok Yes you could have the fastest connection on the planet for home use but just how many people will have that type of connection. And with the way things are going P2P could be dead anytime in the near future.
--
Shooter Ready--Stand By BEEP ******** |
|
jig
join:2001-01-05
Hacienda Heights, CA | reply to jig
i guess my only hesitation is that whoever decided on nat sessions for the 551 thought that 16000 was appropriate...
? |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to PVU
None here. From looking at the data sheets it looks like the FW throughput has been lowered on all models with the V4 firmware compared with the 3.64. Z5 80 v3.64, 65 v4, Z35/70 down 10 instead of the 15 for the Z5. The VPN is also down a little on the Z35/70 but the same for the Z5.
Just what type of speed problem are you having and how fast is your connection.
--
Shooter Ready--Stand By BEEP ******** |
|
PVU
join:2005-08-29
Silver Spring, MD
| reply to Anav
Lama wrote:
Take a look at the spec sheets for the two different products........ the diff being firmware, the UTM 4.0 and beyond for all three models 5/35/70 has less throughput and less concurrent sessions in order to (in conjunction with the turbo card) handle the AV/IDP subscription... I have no turbo card. Less throughput: Would it be best to use the latest 3x firmware? I have no AV/IDP. I'm having some speed problems since upgrading to 4x. Is anyone else? |
|
jig
join:2001-01-05
Hacienda Heights, CA | reply to Shootist
well.... home use with some p2p... |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to jig
Well even for a business with ?# users, maybe 40-60+. Normal web browsing doesn't use up a lot of NAT session. It's when you have 2-3-4-5-6 people using a P2P app that eat away at them.
--
Shooter Ready--Stand By BEEP ******** |
|
jig
join:2001-01-05
Hacienda Heights, CA | reply to Shootist
ah, ok. so for single home use, probably plenty.
just wondering, is there a way to get current sessions on an old rt314? |
|
Shootist
Premium
join:2003-02-10
Decatur, GA
| reply to jig
said by jig :hmm. why is it hard coded? seems like something worth being able to change. Well you can change it, up to the MAX allowed. Which on the Z5 is now 4000. It uses to be 6000. No real biggy being at 4000 for normal use. 4000 should handle many users with normal browsing and a couple of users with heavy P2P use.
--
Shooter Ready--Stand By BEEP ******** |
|
jig
join:2001-01-05
Hacienda Heights, CA | reply to bbarrera
hmm. why is it hard coded? seems like something worth being able to change. |
|
bbarrera
Premium,MVM
join:2000-10-23
Sacramento, CA
clubs: | reply to Anav
Yes, Brano's post was in agreement with my earlier post. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | reply to bbarrera
Then Brano would be correct. |
|
