It happened sometimes that customers using ZyWALL USG and Fastweb connectivity (very popular here in Italy) went running into an issue like impossibility to reach some website as or 

All of them had the default Domain Zone Forwarder set in their ZyWall that means that, when the DNS set locally on PCs and devices in LAN are set to private IP address of the gateway (both statically or via DHCP), in this case the ZyWALL, it will use the default connectivity DNS as zone forwarder (Fastweb DNS).

To avoid the issue that seems related to a MTU value and fragmented packets in DNS query replies, there are actually many ways.

One is to force some DNS servers as google ones ( and statically in the network settings of devices or, to sent them dynamically in case of DHCP, setting them in the DHCP server options of the ZyWALL interface (es. LAN1).

Another way (more elegant, centralized and effective) is to set the Domain Zone Forwarder to those external DNS addresses.

By default ZyWALL has a value of * that means it will relay the DNS coming from ISP.

That value is not possible to delete but if we add one ore more custom DNS it will become the last priority and probably will be never looked anymore.

How to do than?

Go to System > DNS > in Domain Zone Forwarder section press "ADD". 

put * as domain zone name

set public domain server to

leave query via "auto"


Another way is to check the issue of fragmented packets doing this command :

in Windows:

ping -f -l 1472

in Linux:

ping -M do -s 1472 -c 3

in MacOs:

ping -D -s 1472 -c 3

if the reply is ok everything is correct

if the reply says that "Packet needs to be fragmented"


you should find the correct value decreasing value 1472 until the reply will be ok 

than you will add 28 at that value and write the result in the advanced options of WAN of the ZyWALL

Network - Interface - edit WAN1 (or WAN2) -  click "show advanced settings" - change MTU value from 1500 to the new value