Zywall 310 - IDP signature update failed

SMarkG
SMarkG Posts: 14
First Anniversary Friend Collector First Comment
edited April 2021 in Security
EDIT - My apologies, I somehow managed to post this in the wrong forum. I've asked in the Security Services forum now so admins please delete this if required.


I recently purchased a subscription to IDP. I've set everything up but I am unable to update the signature which are currently showing as signature number 2199 - almost 7 years old!

When I attempt to use the 'Update Now' button I get a message to say "IDP signature download has failed. (failed) at...". After the service was activated I left it overnight in the hope that it took a little time to become available to new subscribers, but the problem still persists.

How do I go about getting this working - as it stands, with signatures that old, the service is of limited use.

Thanks.

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Welcome to Zyxel Community.  =)
    Is this ZyWall310 behind a firewall/NAT/router?  You need to allow https outbound traffic if ZyWall310 behind a router.
    Moreover, DNS server need to be set on ZyWALL310 to resolve signature server if your internet wan type is static IP. 

  • SMarkG
    SMarkG Posts: 14
    First Anniversary Friend Collector First Comment
    Thanks @Zyxel_Cooldia for the info.

    The ZyWall310 is my firewall/NAT so I presume that's going to be fine.

    Regarding the DNS setup - ao are you saying I need to add an A Record to the DNS settings in the ZyWall 310? If so then how do I find the host name and IP address for the signature server?
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    It’s not adding a DNS A record for signature server. You have to add a DNS zone forwarder for ZyWALL310 DNS query.

    How to add DNS server on ZyWALL310
    Go to “CONFIGURATION> System > DNS”, and click “Add” button in Domain Zone Forwarder. 


    Fill in * in Domain Zone
    Select Public DNS Sever.  e.g. 8.8.8.8
    Select external wan interface for query interface.

  • SMarkG
    SMarkG Posts: 14
    First Anniversary Friend Collector First Comment
    Thanks for that. However, I already had zone forwarders for both of Google's DNS servers (8.8.8.8 and 8.8.4.4) in place so I don't think that was the problem.

    I have since updated the box' firmware though and the signature updates are now working. So I don't know what the original problem was, but the new firmware seems to have fixed it!

    Thanks anyway.

    I have a further issue with IDP but will post that in a new thread.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @SMarkG,
    Good to hear that.  ;) Feel free to contact us if the issue happens again.

Security Highlight