Re: Can't reset modem DX5401

I think this will surely help you. Unplug the router and modem. Wait at least 30 seconds. Plug in the modem and press the power button to turn it on, if needed. Wait at least 60 seconds and then plug in the router. Press the power button to turn it on, if needed. Wait at least 2 minutes before testing or using the devices.

sellerdash

1

Re: NR2101 IP Pass-through

A picture showing actual and expected behavior.

Brackan

2

Re: Zyxel Secuextender Disconnects after 1 Minute 21 Seconds

What model Zywall are you connecting too as thats what needs the firmware update

PeterUK

1

Re: AX7501-BO

Hello @Ijustneedsupport A,

Yallo say at https://support.yallo.ch/hc/en-gb/articles/4410483801105-Personalize-yallo-Home-Max-Fiber-Box- that the password is written on reverse side of your yallo Home Fiber Box.

Which device is providing your WiFi please?
- if it is the AX7501-B0 then you might be able to change it on there, but you should look to use WPA2 at least in order to have secure WiFi.

Unfortunately, the AX7501-B0 user guide is not able for free download, but you can register for it at https://service-provider.zyxel.com/emea/en/products/fiber-oltsonts/10g-active-fiber/hgus/ax7501-b-series under Downloads and Resources.

Kind regards Tony

tonygibbs16

1

How to check IKEv2 settings when it is not working

Sometimes the VPN settings which is created by wizard does not work at every device because the default proposal does not suit each device. It is important to modify the firewall proposal to apply in the customer environment.

The article explains how to check your devices and firewall when you have IKEv2 issue. (Certificate will be used as an example rather than PSK because it is more complicated.)

Checking Flow

1. Find the log that contains “Phase 1 proposal mismatch”. You can find which proposals can be used for this client. For example, Firewall receives proposals (1)AES256,SHA256/SHA128,DH14 (2) AES256,SHA256/SHA128,DH19

In the packet trace, you can also find those proposals in IKE_SA_INIT phase.

Then you can configure matched proposal in VPN Gateway (Phase1) setting.

2. Find the log that contains “Phase 1 Local ID mismatch”.

The “Remote ID” field on the client must be the same as the firewall’s Local ID.

3. If the process gets stuck at “[AUTH]” phase, check if you have the certificate on the client.

4. If the message “[AUTH fail]” appears in the log, check if you have correct account and password.

5. The amount of IP Address Pool cannot exceed 65535. This is the design limitation.

Zyxel_Kevin

2

Re: USG Flex with Nebula and iptables masquerade

Do you mean that phone APP and Roborock S7 must in same subnet for connection?

lalaland

1

Re: L2TP over IPSEC parameters for Windows 10 native client

valerio_vanni said:

So for L2TP/IPSEC I have to choose between Windows 10 and Android clients: Windows needs Main mode, while Android needs aggressive.
Right?

I think Android support both aggressive and main mode for L2TP/IPSec PSK.
But depends on the design of phone vendors.

Here my experiences on Samsung phones from Android 9 ~ 11.

The settings of "IPSec identifier" change the L2TP/IPSec IKE mode it used.

Without "IPSec identifier" settings - IKE negotiate via Main mode.
With "IPSec identifier" settings - IKE negotiate via Aggressive mode

zyman2008

1

Re: Public IP Whitelisting

We have hosted our application outside firewall, and we are trying to access that application but ATP is blocking that IP address. hence I need help to whitelist so that we can access that application within firewall.

sidhant

1

Re: Public IP Whitelisting

Can you explain better what are you trying to do?

valerio_vanni

1

Re: default profile in NWA5123-AC-HD

Thank you!

mat17

1

Best Of

Checking Flow