VPN - Zyxel Community

How do I modify the OpenSSL VPN .ovpn file to support split tunnel?
Question: When the USG Flex H is configured for Full Tunnel mode but Split Tunnel is also required for specific clients, you can define custom split routing by modifying the SSL VPN configuration file (.ovpn). This document outlines the steps: How do I modify the OpenVPN .ovpn file to support split tunnel? Answer : Please…
How to troubleshoot Internet connection issues with Tailscale and USG FLEX H as Exit Node?
Question: How to troubleshoot Internet connection issues with Tailscale and USG FLEX H as Exit Node? Answer: If you're experiencing issues with internet connectivity while using Tailscale with the USG FLEX H as an exit node, follow these steps to resolve the issue: Ensure the Exit Node is Enabled: Log in to the Tailscale…
Why can't I connect to the SSL VPN?
Question: Why can't I connect to the SSL VPN, and it seems that port 10443 TCP is closed? Answer: If you are experiencing issues connecting to the SSL VPN through port 10443, follow these steps to resolve the problem: Ensure that the service "SSLVPN" is added to the service group "Default_Allow_WAN_To_ZyWALL". This step…
Why does the remote VPN with AD authentication fail on the USG Flex H model?
Question : The user may encounter an issue where they can obtain the VPN provisioning file from the firewall using AD authentication, but cannot establish an IKEv2 VPN connection with AD authentication. Why does the remote VPN with AD authentication fail on the USG Flex H model? The user can get the VPN provisioning file…
How do I enable Remote Access VPN using the Remote Configurator on a USG Flex H model?
Question : How do I enable Remote Access VPN using the Remote Configurator on a USG Flex H model? Answer : Navigate to Device > Firewall of the Nebula Control Center. Navigate to Live Tool > Remote configurator > Click 'Establish' to initiate the remote link. Copy the remote link. Paste the remote link into your browser,…
Does the Nebula firewall need to be licensed to allow VPN client connectivity?
Question: Does the Nebula firewall need to be licensed to allow VPN client connectivity? Answer: We offer Remote Access VPN (IKEv2) and SSL VPN (OpenVPN). Only the SecuExtender VPN client software requires a license for client access.
Does Zyxel allow VPN client mode like NordVPN?
Question: Does Zyxel allow VPN client mode like NordVPN? Answer: No, Zyxel firewalls do not support a client mode like NordVPN.
How to configure the remote access VPN subnet to connect with internal network devices?
Question: How to configure the remote access VPN subnet to connect with internal network devices? Answer: In the default setting, the address pool of remote access VPN is belonging to "IPSec_VPN" zone. And it is allowed to Intranet network by default Policy Control rule. If you have network connection issue, you may have a…
How to Troubleshoot When a Remote Access VPN Client Cannot Access an Internal Server?
1. Confirm VPN Tunnel Status Navigate to: VPN Status > IPSec VPN > Remote Access VPN Verify whether the VPN client is listed as connected. Ensure the VPN tunnel is successfully established to the firewall. 2. Check VPN Client IP Assignment Confirm that the VPN virtual NIC has been assigned an IP address by the firewall.…
How to check SecuExtender IPsec VPN ClientError Codes after Software Activation?
Question: How to check SecuExtender IPsec VPN ClientError Codes after Software Activation Answer: Below is a table describing the main error codes that may occur when activating the software. Error number Description Decision Error 000: Internal error The software cannot complete the activation process. This can happen if…
[H series]I have enabled 2FA required for remote VPN, why I have traffic before authentication?
Scenario User enables 2FA authentication for remote access VPN, however, some users encounter that they have traffic before pass 2FA authentication. Root cause If you use Windows native VPN client, you will need to manually connect to the authentication page. Only the SecuExtender will automatically pop-out the…
How to Set Up Nebula site-to-site VPN on the USG FLEX H and USG Lite 60AX?
This example shows how to use the USG Lite 60AX to establish IPSec Site to Site VPN tunnel with USG FLEX H series models using the Nebula Control Center. Once the Site-to-Site VPN tunnel is established, LAN hosts can communicate with each other through the VPN tunnel seamlessly. Requirements Both the USG FLEX H and USG…
I can't connect SSL VPN VPN ?
Why is the Zyxel SSL VPN not working? It seems that there was an issue with the SSL VPN configuration on the Zyxel firewall. To resolve this issue, follow these steps: * Ensure you allow port 10443 from the WAN to the ZyWALL firewall. This can be done by adding port 10443 to the service group 'Default_Allow_WAN_To_ZyWALL'.…
Why couldn't the H Series Firewall join the Active Directory?
Scenario: You have site to site VPN, where the AD or DNS server are located in VPN peer subnet. Question: Why the H series Firewall couldn't join the AD as well as DNS query or some local out traffic which need to through VPN tunnel. Solution: * It is highly recommended to use a Route-Based VPN for such local-out traffic…
How to Enable DPD in H Series Devices ?
Question: How to Enable DPD in H Series Devices ? Answer: DPD is default enabled, you can find at advance settings.
How to Enable NAT Traversal in H Series Devices for IKEv1?
How to Enable NAT Traversal in H Series Devices for IKEv1? When setting up IKEv1 on H Series devices, you may notice options for NAT Traversal (NAT-T) Are they enabled by default, or do they require configuration? Answer: In H series, NAT Traversal is enabled for IKEV1 default. You can also enable "UDP Encapsulation" to…
What does the message "Peer not reachable" in the log mean?
Question: What does the message "Peer not reachable" in the log mean? Answer: It mean the VPN peer gateway does not reply ike negotiation. Please kindly check the peer gateway status if you found this logs.
VPN Orchestrator
VPN Orchestrator enables you to automatically create Virtual Private Network (VPN) connections between sites within an organization. This allows the Security Gateway of each site and the Nebula Devices behind it to communicate securely. There are two topologies you can use when creating a site-to-site VPN, Site-to-Site and…
How to Set Up Nebula Hub-and-Spoke VPN and the USG FLEX H series model as the Spoke site?
This example shows how to use the Nebula firewalls (USG FLEX/ATP series models) to establish Hub-and-Spoke VPN tunnel between USG FLEX H series devices. It explains how to configure the Nebula Site-to-Site VPN using the Nebula Control Center. Once the Hub-and-Spoke VPN tunnel is established, LAN hosts can communicate with…
How to Set Up Nebula Hub-and-Spoke VPN and the USG FLEX H series model as the Hub site?
This example shows how to use the USG FLEX H series model to establish Hub-and-Spoke VPN tunnel between Nebula firewalls (USG FLEX/ATP series models). It explains how to configure the Nebula Site-to-Site VPN using the Nebula Control Center. Once the Hub-and-Spoke VPN tunnel is established, LAN hosts can communicate with…

Welcome!

It looks like you're new here. Sign in or register to get started.