Zyxel_Emily  Zyxel Employee

Hi @Wolfgang, The AP firmware 5.40(.1)-DF-2019-11-8 is for external AP only. It is newer than 5.40 Patch 1 and it fixes the issue "managed AP default admin credentials do not change".

Hi @paolo_brignone, Can you share the startup-config.conf with us in private message to check the symptom?

Hi @Ceccus, The original key length is 1024 bit. However, mac/iOS does not accept the length, so we must sign the certificate with 2048 bit. In the latest firmware, we issue the certificate with RSA key 2048 bits. It takes more time to sign a certificate and validate a certificate with 2048 bits than 1024 bits. It affects…

Hi @Per, Can you share what kind of problem/issue you met on USG60W?

Hi @frerealexis, For HTTPS traffic, SSL Inspection decrypts the packets and scans them to UTM function check. Clients need to support certificate and import it, because the certificate has been changed, the client will confirm with CA server. That’s why the client needs to import that certificate which is generated from…

Hi @Alexander_Morozov, Here is the test result in our lab. Model: ZyWALL 310, USG110 FW: 4.35 VTI interfaces and VTI trunk are created on both devices. VPN tunnels are established. L2TP VPN and SSL VPN can be connected to ZyWALL 310 using the AD user account. Since the issue is not able to be reproduced in our lab, could…

Hi @Mishi, Here is the test result when using IE11 to access the web configurator of VPN2S via HTTP. Clear browsing history and enter http://192.168.1.1. The web GUI is loaded immediately after http://192.168.1.1 is entered. If you'd like to login web configurator without a warning page in the HTTPS page, create a…

Hi @KMP, You can follow the guide in this FAQ to configure policy route rules on both ZyWALLs. FAQ: How to forward traffic to branch site server after client established VPN tunnel

Hi @link000, You need to upgrade ZyWALL USG 300 to the latest date firmware 3.30(AQE.7)ITS-WK48-r74988 for TLS 1.2 support. The firmware is sent to you in private message. Disable SSLv3 and TLS 1.0 using commands. Router> configure terminal Router(config)# no ip http secure-server sslv3 Router(config)# no ip http…

Hi @frerealexis, I apply your configuration file on USG210 and enable #2 of security policy rule. Connect one PC in LAN2 and import the default certificate to PC. Download eicar.txt and eicar.zip via HTTPS. EICAR is detected and destroyed. If you’d like to check why EICAR is not detected at your site, feel free to contact…

Hi @damianodec, @mMontana, The maximum concurrent IPsec VPN tunnels on USG40 is 20 which includes site-to-site VPN, L2TP over IPSec VPN and client-to-site IPSec VPN.

Hi @frerealexis, On small models such as USG40 which doesn’t have SSL inspection, you need to enable “Enable HTTPS Domain Filter for HTTPS traffic”. YouTube uses Quic protocol and the main goal is to improve the application performance that are currently using TCP. Quic is using UDP protocol. If you found Content Filtering…

Hi @damianodec, The maximum concurrent IPsec VPN tunnels on USG40 is 20. Here are the specifications for your reference. https://www.zyxel.com/products_services/Unified-Security-Gateway-USG40-40W-60-60W/comparison#specifications

Hi @JariP, You can follow the guide in this discussion thread to modify the configuration file downloaded from AWS and then upload it to USG. Where I can find manual how to setup Amazon Web services

Hi @frerealexis, Download eicar.txt/eicar.zip via HTTPS The PC is still able to download the file successfully, but the file is unable to extract or the content will be modified as “0”. And USG will display log that destroyed the file. Download eicar.txt/eicar.zip via HTTP Before the file is downloaded, the action is…