Zyxel ZyWALL USG 20W – Redundant internet connection

Posted on April 4, 2012 by Thomas

Hey !

I have managed to configure my both redundant Internet connection and  also load balanced Internet connection.Bellow you see a small schema of how my network looks

I added a switch on the WAN port of the Zyxwall and connected both my fiber and my old ADSL line to the switch, instantly the old ADSL came up by itself as the firewall remember the credentials, i then had two Internet connections !

On the Zyxel you go to configuration -> Network ->  Interface and select trunk. You select system default WAN trunk and you select what policy you wish to apply to the trunk (Round robin, least charged line, weight etc)

In order to make the tests quicker i lowered the timeout to 30 seconds. I went to a “what’s my IP” site and i refreshed my browser and my ip had changed between the two connections !

If you have different bandwidth on your Internet links don’t forget to put the “weight” or the bandwidth on the links, otherwise you may send traffic on the slower link and not use all your bandwidth.

I currently use the load balance policy least loaded as it will basically always use the fiber connection unless it’s down. When doing the tests with whats my ip i had it configured as round robin

In case you use DDNS don’t forget to put your backup connection in the configuration as well, that way your shared services will continue to work from your iPhone even if your primary Internet connection is down (Only if you use the host name of course)

If you are planning to do the same, think about using 2 different ISP’s as it’s very likely that if the ISP have problems with fiber connections they could also have problem with ADSL connections.

Oh yes, one more thing, remember to configure each of your connections with a connectivity check, by default the Zyxel check your default GW if the connection is up, but there could be a problem with routing for example that prevent your access to Internet, so i would suggest to configure the Zyxel to ping for exampel google or facebook or a similar site, that way you are sure you stay connected even if your ISP have problems.

You find this option on each connection, all you need to do is check @enable connectivity check@ and select if you like to ping, or check a TCP port, in above example i connect to google using HTTP. I would suggest to select different sites for each connection as you don’t want both connections to get to a failed state if one site is down.

In the above example it is configured 5 failures with a delay between each failure of 30 seconds, that would be 2 and a half minute for the line to get into a failed state. You probably like to lower the values to 2 checks and 5 seconds between each check so the line gets a faulty state after 10 seconds. (Maybe 20 seconds if you include the 5 second timeout that’s set, did not investigate that close)

Happy Easter !

Posted in Internet | Tagged , , , , , , | Leave a comment

One week of internet over Fiber

Posted on April 4, 2012 by Thomas

So i am now connected with a 100 MB/S line to internet, as you have seen in other posts on the blog i can “only” use about 50 MB/S until i change my firewall.

What have has changed ?

 

  • RDP sessions to my work is much more reactive than before, i had very slow refresh time when using my full HD screen in a RDP session
  • I can see movie trailers in full HD without buffering
  • BF3 ping time down from about 40ms of the quickest server to about 9ms
  • Update of BF3 of 1.5 GB came down under 3 minutes

I have had one problem with my fiber convertor that forced the link down from 100MB/S to 10MB/S and i had worse download time than i had for ADSL, however after restart of FW + convertor the problem was solved

But as you can see, i really take advantage of my fiber line :-)

internet line usage

 

Posted in Internet, Technology | Leave a comment

Zyxel ZyWALL USG 20 Internet speed

Posted on April 4, 2012 by Thomas

Hi all,

I now got my fiber connection, even though they say it’s 100 MB/s i can only get 50MB/s. I found the reason (or let’s say the most likely reason) to be my firewall. I know person’s who get 100MB/s does not have a firewall only a WIFI access point that supports NAT.

When i done some tests using speedtest.net i get 50 MB/s when i have firewall and ADP active, however when i turn off the firewall i gain 10 MB/s and reach about 60MB/s. Turning on/off the ADP/IDS gives about the same perf as without, Maybe i can see 1 Mb/s less than when i run without ADP.

So the question is update to a new FW or install a accesspoint ??

Posted in Internet | Tagged , , , , , , , | Leave a comment

ZyWALL USG 20W – Port scanning IDS/IPS/ADP feature

Posted on March 17, 2012 by Thomas

Hi all,

Just went to a friend’s house to help him create a NAT rule for his PC. To verify that my work was correctly done, we used a website that offer port scanning feature to check the port was accessible from the internet. When i got home i updated my firewall firmware to the latest version. At the same time i thought i would try the IDS in the Zyxwall.

So i have created since a long time ago ADP (or IDS) rules. (this is not the running rules, dont worry :-) I have much more restrictive settings)Zyxwall ADP feature

I went to the web site that do port scanning http://www.t1shopper.com/tools/port-scan/result/ and started a port scan of port 0 to 65000. I then found the bellow entries in my Zyxwall

Showing that the scan is blocked !

So the ADP feature in the Zyxel zyxwall works !!

Feel a lot safer now :-)

As an example i can show you this screenshot from the scan report showing that port 443 is closed, but it is open for everyone else except the bad source !

Update…

Trying to register my Iphone to my PBX i got this error message :

Detecting it as a port scan !!! Hmm…… Maybe i am to secure ????

 

For anyone that has not yet updated to version 3 i can recommend doing so. At a first look it seem much quicker interface and more features to the ADP.

 

Posted in Internet | Tagged , , , , , , , | Leave a comment

Upgrade blu-ray player to play latest disc ?

Posted on February 26, 2012 by Thomas

I got my latest Amazon order the other day and tonight I thought I would watch one of the movies. When I put the disc in my htpc that’s using cyber link Power dvd 10, the disc would not play, error 24. It suggested to upgrade to a newer version. I clicked ok and after a few minutes of waiting it said it could not play disc.( auto update)
After trying the basic things I decided to download the newest version form the cyber link homepage (power DVD 12) after the installation the blue-ray finally played, but to what price ? 50 usd for the standard version of power DVD and up to about 100 usd for the ultimate ? What if I didn’t have a htpc but a normal player, would I have to change to a new player to get the disc to play… The disc was one of the new triple play discs so I guess I could always download the movie. But I refuse tho pay a few extra pounds for blu-ray and play an old DVD.. ( I don’t know who would play the DVD disc when they can get blu-ray quality )

Was hoping for a double movie night but had in the end only time to see one movie..

And the movie Johnny English Reborn .. I absolutely adore the first movie, it’s so much fun. As always the second movie not as good as the first but still ok.

Posted in Technology | Tagged , , , , , | Leave a comment

Time for fiber internet connection

Posted on February 19, 2012 by Thomas

Hi All,

So tomorrow i will get fiber internet connection installed at home, the question is,  do i need it ??? If you see my current usage i dont use very much do i ?

Looking at the current bandwith i am not using very much, the peak you can see on my usage was a few sessions of BF3.

I guess the main advantage i see is not having to use a modem any more, but i guess i can have just as much problems with a fiber convertor as a ADSL modem. To be honest my internet connection is very stable at the moment since i added a UPS to protect my modem from power spikes..

Will let you know tomorrow the result (have not resigned my adsl subscription yet, will wait a month or two)

Posted in Technology | Tagged , , , , , | Leave a comment

Taxis in Kuala Lumpur

Posted on February 11, 2007 by Thomas

Make sure to either get a pre bought taxi ticket(you can find ticket shopps at the major attractions ) or a yellow taxi that are the goverment taxi. If you take a red taxi you will end up paying a very high price.

Also if you need to take the bus, buy it from the fixed ticket shopps, dont buy it from the street. You have no guarantuee that the bus go on time if you buy it from the street

Posted in Uncategorized | Leave a comment

Kuala Lumpur – Petronas Twin Towers

Posted on February 10, 2007 by Thomas

To everyone that are going to KL and looking on the internet and find guided tours to Petronas Twin Towers i would just like to say. To go up in the tower is free when i was in Kuala Lumpur. I remember that the tower was shut for visitors on mondays. I can also say that the towers are owned by a oil company, and not international investment bank, that they say in entrapment. You have the shopping center KLCC right next to it as well as a big park. I dont have any photos to show since my camera was stolen in Malaysia..

Posted in Uncategorized | Leave a comment