-
Is it possible to transfer certificates of OpenVPN between H series Devices
Question: We need to transfer OpenVPN certificates from an old Zyxel USG FLEX 700H to a new USG FLEX 700H Workaround: The current configuration file does not support this type of conversion so far We recommend redeploying the OpenVPN script.
-
How can find out which certificate current RemoteAccess is using?
Answer: 1)Find out in GUI "Reference" 2)Find out by CLI usgflex200h running config# show config vrf main ike vpn RemoteAccess
-
Why the OpenVPN scripts for setting up split tunnel and full tunnel look the same?
Question: Why the OpenVPN scripts for setting up split tunnel and full tunnel look the same? Answer: This is because the allowed subnets for split tunnel are sent during the connection phase and are not controlled by the script.
-
How can I deploy SSLVPN Secuextender if the WAN is behind NAT.
Solution: If the customer is behind NAT and needs to use SSL with the TGB client, the recommended method is to use DDNS and fill in the 'DNS Name' field. If using DDNS is not an option, you can modify the TGB script. Just change the following line in the TGB file: <cfg_ssl> <cfg_sslconnection name="SSLVPN" server="X.X.X.X"…
-
NAT Rule affects remote access traffic
Symptom: When connected to the Remote Access VPN, some outbound traffic is traffic is being redirected to an Internal server due to NAT rule Answer: This is because the packet flow of the H series is different. Remote Access traffic will come in from the WAN interface. Please fixed External IP address instead of Any
-
How to check the detailed information of concurrent VPN connections via the CLI?
Question : In the article: How to check the number of concurrent VPN connections via the CLI?users can learn how to check the number of concurrent VPN connections using the CLI. They may also want to check the detailed information of these connections. This article will guide you on how to do this. Answer : Please use the…
-
How to check the number of concurrent VPN connections via the CLI?
Question : Users may wish to use CLI to check the number of concurrent VPN connections. This article will guide you on how to check this. Answer : Please use the CLI command show ike ike-sa-count to check it. For example : usgflex100h> show ike ike-sa-count 1 This means the USG Flex 100H has one concurrent VPN connection.
-
I have 2 Nebula VPN subnet but failed to connect the tunnel.
If you have two Nebula VPN subnets but the tunnel connection is failing, there are several potential causes to investigate. Follow these steps to diagnose and resolve the issue: Please be aware that Nebula will take the first subnet as the primary rule in the VPN policy, and the second one will be added to the policy route…
-
How to Find VTI (Virtual Tunnel Interface) Settings on Nebula?
The Virtual Tunnel Interface (VTI) settings in Nebula Cloud Networking platform are used to configure VPN tunnels, allowing secure communication between different network segments. To find and configure VTI settings, follow these steps: Steps Log in to Nebula Control Center: Go to the Nebula Control Center and log in with…
-
How to Add a Second Subnet to the VPN Routing on Nebula?
Adding a second subnet to the VPN routing in the Nebula Cloud Networking platform allows you to extend your VPN connectivity to additional network segments. This can be particularly useful for organizations with multiple subnets that need to communicate securely over a VPN. Follow these steps to add a second subnet to the…
-
USG FLEX H Series - VPN Zone Security
USG FLEX H Series - VPN Zone Security Overview In the latest update (version 1.20) for the USG FLEX H Series, there's a significant improvement in handling IPsec VPN and SSL VPN configurations. Now, users can automatically add VPN tunnels to their respective security zones during the VPN setup, eliminating the need for…
-
USG FLEX H Series - Remote Access VPN with AD
USG FLEX H Series - Remote Access VPN with AD Overview The USG FLEX H Series firewalls now support Remote Access VPN authentication using Active Directory (AD). This enhancement allows centralized user management and improves security by leveraging your existing AD infrastructure for IPsec VPN and SSL VPN authentication.…
-
How to enable Aggressive mode
The default is Main mode, Please type the following CLI to enable Aggressive mode FLEX200H> edit running FLEX200H running config# vrf main ike ike-policy-template {Profile Name} aggressive true FLEX200H running config# commit
-
It shows "Invalid DN syntax" when tested AAA server
Symptom: Try to lookup if the users valid in AD server but find the following error Check: Please verify User Name in AD is the following DN: CN={User Name}, CN=Users, DC={Your domain}, DC={Your domain} For example: CN=Administrator,CN=Users,DC=cso,DC=com
-
How to disable DPD in IPSec VPN
It needs to match the Peer setting, so turn off or adjust the DPD time. Please find the folloing option and set the period. (The value 0 means disable) Note: The option only be available within custom IPsec Profile
-
How to Configure SSL VPN connection with OpenVPN Connect client?
Scenario : This article will guide you on how to configure an SSL VPN connection with the OpenVPN Connect client. Answer : Please navigate to VPN > SSL VPN > to configure the Incoming Interface, Clients will use VPN to access, Client Network, Authentication relative information. Once it's done, please download the SSL VPN…
-
How to Configure Remote Access VPN with Zyxel VPN Client
This example shows how to setup Remote Access VPN on USGFLEX H and Zyxel VPN Client. The example instructs how to implement Remote Access VPN by SSLVPN and IPSec VPN Before Begin User & Authentication > User/Group > User Create local user for remote access authentication Download and install the new TGB Client Type 1: Set…
-
Can the VPN client provisioning port be separated from the device's web GUI HTTPS service port?
Question: Can the VPN client provisioning port be separated from the device's web GUI HTTPS service port? Answer: Currently, the configuration provisioning port is the same as the device's web GUI HTTPS port. It is not supported in the current version; however, it is part of our roadmap, and we plan to support it in the…
-
Which port is for VPN provisioning?
Question: In SSL VPN, the server port is 10443. In System > Settings, HTTPS port is 8443. Which port should I enter on SecuExtender for VPN provisioning? Answer: HTTPS port is used for VPN provisioning. In this example, if HTTPS port is modified in System > Settings, you also need to allow the modified HTTPS service port…
-
How to use iPhone import Provisioning script file to establish IPsec VPN connection?
Scenario : The USG Flex H series models allow users to download a VPN provisioning script file onto their iPhone and establish an IPsec VPN connection with the USG Flex H. This article will provide guidance on how to utilize this feature. Answer : Test condition : (1). The USG Flex 500 H with 1.10b8s1 firmware and the VPN…