kaika313  Freshman Member

Hi @Zyxel_Melen, this is our current security policy. It seems that it's already allowing any traffic between SSL and everything else, isn't it? I have mistakenly let you understood that IP SEC client gets the same pool as SSL but it's not. It has a totally different subnet (192.168.198.0/24). So I cannot understand what…

Hi @Zyxel_Melen, thank you, it seems that it's working now. But another issue came out: before setting up the IP Sec VPN, users were able to connect to branch network using SSL VPN connection. But when IP Sec VPN is on, they can connect and they receive an IP address within SSL VPN range but they cannot reach any of branch…

Hi @Zyxel_Melen , thank you. We found out that all HQ devices are pingable and, if available, their web pages are reachable. We cannot make RDP connection but this is probably a wrong Windows configuration. Anyway, there are 2 strange things left. First one is that if we do a tracert to any "pingable" device this happens:…

Hello @Zyxel_Melen, I'm sorry I don't fully get the first suggestion. Do you refer to Phase 2 Policy setting? HQ Subnet is 10.0.0.0/23 and Branch subnet is 10.0.90.0/24, is this wrong? This is what the captured traffic looks when ping is performed from the local branch LAN:…

Hi @Zyxel_Melen, yes I do. But then I found a post here within the community that reminds me to also add SSLVPN custom port I choose to the Default_Allow_WAN_To_ZyWALL service group. As soon as I did this, SSL VPN start to work. Thank you Kari

https://community.zyxel.com/en/discussion/comment/74406#Comment_74406 @Bernard295Clark Thank you for this very useful AI generated comment…🙄

https://community.zyxel.com/en/discussion/comment/66154#Comment_66154 Ok, now I've moved lan1 to p3 so I can group it with p4 as I need. I was scared because as soon as I moved cables and grouped p3 and p4 both ports showed 0.0.0.0 and all network went offline but fortunately after a firewall reboot everything went back to…

https://community.zyxel.com/en/discussion/comment/66133#Comment_66133 Even if I change both ports to 1Gb speed it doesn’t work. Yes, if I try to group P3 and P4 it allows me to do that. But I need to use P2 and P4. Why it doesn’t allow me?

https://community.zyxel.com/en/discussion/comment/66130#Comment_66130 I've disabled Poe because right now is not a necessity and it doesn't work. But if I try to group for example p2 and p7 (or any other unused port) it does the same. As per references p4 has no References, only lan1 (p2) has:

Hi @Zyxel_Emily, thank you, this solved my problem. I have another issue regarding SSL VPN, there’s no way to make it work. I'm using a custom port because it doesn't allow me to use same HTTPS port. Strange thing is that if I download SSL VPN configuration and use it with OpenVPN it works. If I try tu use SecuExtender…

Hi @USG_User, thank you for your advice. I've tried to set the session limit to 1000 per host and it seems that for now, active sessions stay within a normal range. Some devices went far beyond 1000 sessions each so I think they were causing the USG to crash. Most of these sessions were multiple UDP connections toward…

Hi @Zyxel_Can, in both sections they're already removed. But, if I try to remove EZMODE from VPN Connection nothing happens. I click Yes when the warning appears but EZMODE VPN stays there... is there a way to remove it manually as suggested by @PeterUK ? Thank you

I've just tried. When I choose the alternative VPN connection (here named "Default_L2TP_VPN_Connection") and everything else related to it and click on Apply nothing happens. The firewall ignores it so I cannot test it.

It redirects me to VPN→ L2TP VPN. Here, if uncheck Enable L2TP Over IPSec, in VPN Connection I select none and then click on Apply it doesn't apply so probably this is the reason it doesn't let me to delete it because it remains enabled. What other options I have?

@PeterUK Ok for the idle detection but (sorry for the stupid question) won't the reduced lease time disconnect the user or disturb active connections? Thank you