-
[ATP/FLEX] Full guide to set up Palworld Dedicated Server with Remote Access VPN on USG FLEX
This post is a showcase and tutorial for educational purposes only. There is no commercial cooperation or affiliation between Zyxel Networks and Pocket Pair, the developers of Palworld. This guide aims to demonstrate the capabilities of the USG FLEX series in setting up a secure gaming environment. Palworld is an…
-
Why are the site-to-site VPN traffic statistics different in Nebula and on-premise firewall GUI ?
Question : Why are the site-to-site VPN traffic statistics different in Nebula and on-premise firewall GUI ? For instance, the Nebula firewall establishes a Non-Nebula VPN connection with the peer on-premise firewall (USG Flex 50), and the customer noticed that the inbound and outbound VPN traffic statistics are different.…
-
USG FLEX Lite 60AX Now Supports Traffic Logs via SecuReporter (Nebula 19.10)
The USG FLEX Lite 60AX, originally designed for SOHO environments, has been rapidly gaining popularity in small business, especially in the hospitality sector(cafés, restaurants, and hotels). A key driver of this demand is compliance—some governments, such as France, now mandate that hospitality businesses retain traffic…
-
Captive Portal Support on USG FLEX Lite 60AX in Nebula 19.10
With the release of Nebula 19.10, Zyxel introduces captive portal support for the USG FLEX Lite 60AX. While originally designed for small office/home office (SOHO) deployments, the USG FLEX Lite 60AX has quickly gained traction among small businesses, particularly in the EU, as an affordable all-in-one solution that…
-
Why is LDAP not available for IPSec VPN Authentication on Nebula?
Question: Why is LDAP not available for IPSec VPN Authenticationon Nebula? Answer: The LDAP server is not listed as an authentication option for IPSec VPN because it is not supported. Authentication options for different VPN types are as follows: IKEv1 (L2TP VPN): Nebula Cloud Authentication, Active Directory (AD), RADIUS,…
-
IPSec Remote VPN is connected but it's not passing any traffic, what should I check?
Question: IPSec Remote VPN is connected but it's not passing any traffic, what should I check? Answer: Check if the remote subnet is conflict with other interfaces. Check if the security policy blocks the traffic Check if the policy route direct the traffic to another place.
-
How to choose which LAN network the VPN user can connect in Nebula mode?
Question: How to choose which LAN network the VPN user can connect in Nebula mode? Answer: In Nebula mode, remote VPN user can access all the local interfaces since the default security policy allows it.
-
The SD-VPN(Nebula VPN) can't connect
Question: The SD-VPN(Nebula VPN) can't connect Answer: 1)Please check you have correct Primary interface settings. The SD-VPN / Nebula VPN is easy to setup as desgin If the issue is persist, Please kindly contact Zyxel Support
-
[ATP/FLEX] Where can I control the split tunnel mode on Nebula?
Question: [ATP/FLEX] Where can I control the split tunnel mode on Nebula? Answer: The remote access VPN tunnel only supports full tunnel mode. It does not support split tunnel mode.
-
[ATP/FLEX]Does Non-Nebula VPN support failover scenario when the Non-Nebula peer has two public IPs?
Question: Does Non-Nebula VPN support failover scenario when the Non-Nebula peer has two public IPs? Answer: No. Currently, the Non-Nebula VPN function does not support failover scenarios, even if the peer firewall has two public IPs.
-
Can I configure Client VPN subnet the same as LAN/VLAN interfaces?
Question: Why my remote VPN users are on 192.168.50.1 and my local users are on 192.168.1.1? I want them to be on the same. Can I configure Client VPN subnet the same subnet as LAN/VLAN interfaces? Answer: No, you cannot use the same subnet for the Client VPN subnet and LAN/VLAN interfaces. It would create IP address…
-
How to configure Auto-Link VPN on Nebula?
Question: How to configure Auto-Link VPN on Nebula? Answer: Since Nebula version 19.00, Non-Nebula VPN is renamed to Auto-Link VPN. You can follow the guide to configure Auto-Link VPN.
-
With the Base Pack, can I configure L2TP over IPSec VPN server on Nebula?
Question: With the BASE package can I configure L2TP over IPSec VPN server? Do I need to activate a license for this feature? Answer: Yes, you can configure L2TP over IPSec VPN server on Nebula with Base Pack and download VPN configuration script.
-
The Auto-Link VPN scenario
Scenario: When establishing a VPN with a third-party gateway (Such like Check Point or Fortigate), you need to use auto-link VPN (previously called non-nebula VPN). In fact, after completing the connection by following the default profile, the Phase 2 Local Policy will only set the first subnet, which may cause traffic…
-
Certificate is outdated How to check VPN Certificate of Remote Access on Nebula Firewall ?
Question: You are not able to connect ikev2 VPN on Nebula Firewall, The logs from SecuExtender said "Certificate is outdated". How to check VPN Certificate of Remote Access ? Answer: 1)Click "Site-wide>ConfigureFirewall>Remote access VPN", 2)Download Windows script You will see the Certificate under "IPsec VPN" folder and…
-
Why can't Nebula site-to-site VPN connect across different organizations?
If you are facing issues connecting two sites using Nebula site-to-site VPN across different organizations (ORGs), it is important to note that current functionality supports the connection only within the same organization, though it can connect across different sites within that ORG. To resolve issues where a connection…
-
[ATP/FLEX] Does Non-Nebula VPN peers configuration support NAT over IPSec VPN?
Question: How to configure IPsec Site-to-Site VPN with NAT over IPSec VPN on Nebula? I want to conceal internal network subnets and not to allow remote site to see the real internal subnet. Answer: Nebula doesn't support inbound/outbound traffic NAT. If you need to use this feature, you can use Cloud Monitoring Mode…
-
How to Configure a Nebula Firewall as VPN Responder?
Question: How is it possible to let one site of the site-to-site VPN tunnel build the tunnel while the other site is just a responder? Answer: Nebula Firewall does not support responed only, it always act as initiator with nailup
-
How to Perform a Connectivity Check Through a VPN Tunnel?
Question: How is it possible to make a connectivity check (ping) through the VPN tunnel to a LAN IP address? Answer: To perform a connectivity check (ping) through a VPN tunnel to a LAN IP address in a Non-Nebula VPN setup, follow these steps: * Navigate to the "Site-Wide>Configure>Firewall>Site to Site VPN * Enter the LAN…
-
[ATP/FLEX] What does the log message 'Packet (ESP) cannot be sent. Reason: System dropped' mean?
Question : What does the log message 'Packet (ESP) cannot be sent. Reason: System dropped' mean? Answer : The error message "Packet (ESP) cannot be sent. Reason: System dropped" is triggered by the VPN log outprint function, an internal kernel function that failed to process the packet correctly. This issue may be caused…
-
[ATP/FLEX] Why can't non-Nebula VPNs set the VPN tunnel interface?
Question : Why can't non-Nebula VPNs set the VPN tunnel interface? As shown below, there is no VPN tunnel interface field. Answer : The non-Nebula VPN only supports the VPN tunnel interface in IKEv2. Please select IKEv2. Then, set the VPN tunnel interface information.