[German]Brief information and question to the readers who have Zyxel firewalls in their portfolio as to whether there are any affected parties. It seems to have hit some instances today, January 24, 2025. The "boxes" were put out of operation by a faulty signature update. A blog reader from the Zyxel partner area informed me about this. There could be some work for administrators, as recovery is only possible on site.
Advertising
Reader tip on Zyxel firewall problems
A Zyxel partner and blog reader informed me a few hours ago (thanks for that) that there are massive problems. In any case, he reported that he was experiencing extreme problems with "dead boxes" today.
The error pattern is described quite quickly: The web interface of the Zyxel firewall is no longer accessible because the firewall no longer boots up after a restart. Recovery is only possible physically via RS232. The reason for this is a faulty signature update from Zyxel.
The reader wrote: "Once again, we had something like this a few months ago", and was very upset. Because he can now manually recover all firewalls on site and hope that Zyxel will release a new update that restores the broken partition. Maybe this information will help some Zyxel users among our readership.
Support article from Zyxel
The reader pointed out that Zyxel had also published information on the problem in the meantime. In the support articl USG FLEX / ATP Series – Recovery Steps for Application Signature Issue on January 24th the vendor discloses more details.
According to this, some USG FLEX / ATP Series devices are affected by the above-mentioned faulty signature update. This can lead to reboot loops, ZySH daemon errors or problems with login access. The system LED may also flash, according to the support article.
Advertising
The problem stems from a bug in the Application Signature Update, not from a firmware upgrade, Zyxel writes. To resolve this issue, the provider disabled application signing on company servers on January 24, 2025 after the problem became known. This is intended to prevent further effects on firewalls that have not loaded the new signature versions.
Devices with active security licenses of the USG FLEX or ATP series (ZLD firmware versions) and dedicated signature updates in on-site/standalone mode (signature update 1/24 to 1/25 at night) are affected.
Devices on the Nebula platform or the USG FLEX H (uOS) series are not affected. If you are affected, Zyxel recommends reading the complete support article USG FLEX / ATP Series – Recovery Steps for Application Signature Issue on January 24th, as it describes the on-site recovery.
Advertising
