-
[ATP/FLEX] Full guide to set up Palworld Dedicated Server with Remote Access VPN on USG FLEX
This post is a showcase and tutorial for educational purposes only. There is no commercial cooperation or affiliation between Zyxel Networks and Pocket Pair, the developers of Palworld. This guide aims to demonstrate the capabilities of the USG FLEX series in setting up a secure gaming environment. Palworld is an…
-
How to Enable VPN Split Tunneling in SecuExtender VPN
Question: Is it possible to use split tunneling with SecuExtender VPN when using IKEv2, and how can we set it up? Answer: Yes, it is possible to enable split tunneling on the SecuExtender VPN client, although some manual configuration is required for VPN settings. Steps to Configure Split Tunneling: * Edit your VPN…
-
How to resolve L2TP VPN connection issues on Nebula firewall?
Question: Why can't my iPhone connect to the L2TP VPN server of Nebula firewall? What settings should I check on Nebula? Answer: If your iPhone shows the error "The L2TP VPN server is not responding" follow these steps to troubleshoot: 1. Verify if the WAN IP address assigned to your Nebula firewall is private or public:…
-
How to change the L2TP VPN Pre-Shared Key on Nebula?
Question: How to change the L2TP VPN Pre-Shared Key on Nebula? Answer: On Nebula, go to Configure > Firewall > Remote access VPN > L2TP VPN server. You can modify the Pre-Shared Key of the field "Secret".
-
Is SecuExtender VPN Client chargeable?
Question: Is SecuExtender VPN Client chargeable? Answer: Yes, SecuExtender VPN Client is a subcription based software. You can vist Zyxel Marketplace and go to License Store > Software Licenses > VPN Client to purchase SecuExtender license.
-
Why the IKEV2 VPN failure while adding VPN settings on Windows manually.
Question: Why the IKEV2 VPN failure while adding VPN settings on Windows manually. Answer: Since on-cloud firewall does not support the default proposal form Windows. We recommend using script(.bat) to deploy as instead.
-
Why can't I set up a Nebula Site-to-Site VPN between devices in different organizations?
If you are trying to set up a Nebula Site-to-Site VPN between two USG FLEX devices registered under different Nebula organizations, you will encounter issues because Nebula VPN only supports devices within the same organization.
-
Does USG LITE 60AX support certificate to connect VPN?
No, USG LITE 60AX only supports the account/password method to connect VPN.
-
How to avoid unexpected routing issues when enabling both IPsec VPN and L2TP VPN simultaneously?
Scenario : The user may need to enable both IPsec VPN and L2TP VPN remote settings simultaneously. How can unexpected routing issues be avoided when enabling both IPsec VPN and L2TP VPN at the same time? Answer : STEP1. Navigate to Site-wide > Configure > Firewall > Remote access VPN STEP2.Please ensure their Client VPN…
-
How to establish an VPN connection with a Nebula firewall by the macOS Sonoma native VPN client?
Question : After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to…
-
[ATP/FLEX] How to test a ping from one site to the remote VPN site on Nebula firewall?
Question: How to test a ping from one site to the remote VPN site on Nebula firewall? Answer: Firstly, ensure the VPN tunnel is established. Then access SSH or console of one Nebula firewall. [ATP/FLEX] How to access SSH service of Nebula Firewall? On SSH or console, enter the command to ping the client located in the…
-
Why is My VPN Not Connecting Even Though Settings are Identical?
Q: A specific user cannot connect to the VPN through their client, even though their settings are identical to others. What could be the issue? A: Sometimes, VPN connection issues can occur despite having identical settings, especially after Microsoft patches the system. In such cases, try the following steps: * Review the…
-
Is it possible to use SSL VPN on Nebula firewall?
Question: Is it possible to use SSL VPN on Nebula firewall? Answer: On Nebula, only IPSec VPN and L2TP VPN are available in Firewall > Remote access VPN. If you need to use SSL VPN on Nebula firewall, use Cloud Monitoring Mode instead. [ATP/FLEX] How to set up Nebula Monitor Mode? I want to use cloud monitoring mode, but…
-
Why is there Network Congestion on ATP700 VPN?
When experiencing network congestion on your ATP700 VPN, you might observe logs indicating full TX queues. This issue can stem from several factors: * Bandwidth Management (BWM) limiting traffic. * Interface ingress/egress bandwidth configuration. * Internet Service Provider (ISP) bandwidth restrictions. To address the…
-
How to Add a Second WAN Interface for VPN Failover on Nebula?
Question: How can I add a second WAN interface for VPN failover on my Nebula CC? Answer: To add a second WAN interface for VPN failover on your Nebula CC, follow these steps: * Navigate to Site-wide > Configure > Firewall > Site-to-Site VPN. * Change the outgoing interface to auto and set WAN 1 as the preferred link. * If…
-
Why Smart VPN does not work
Scenario: You have on cloud Firewall are trying to establish Non-Nebula VPN by Smart VPN function, but there are no negotiation packets, seems to the funciton does not enable. Answer: Please verify you have enabled "Nebula VPN enable" Feel free to reach out for further assistance if the issue persist.
-
How to troubleshoot the message "no proposal chosen" when it appeares in event logs?
Question: How to troubleshoot the message "no proposal chosen" when it appeares in event logs? Answer: Site-to-Site VPN (Both sites are Nebula firewalls) On nebula, there is no configuration for phase 1 and phase 2 proposal in Site-to-Site VPN. You can check phase 1 and phase 2 proposal using command via SSH. [ATP/FLEX]…
-
Where is the option of Dead Peer Detection on Nebula?
Question: Where is the option of Dead Peer Detection on Nebula? Answer: DPD is enabled by default in Nebula, so you cannot see the option in Nebula.
-
How to reset 2 factor authentication for Remote VPN user?
Scenario: I was trying to reset 2FA for a Remote VPN user, but the user has a new phone, and I need to update this 2FA, how can I do it? Answer: Go to Site-wide > Configure > Cloud authentication, edit the user, tick "Email to user" and click Update User, the user will receive a new email for 2fa authentication, then the…
-
How to fix non-Nebula VPN tunnel with Phase 2 policy mismatch
Scenarion: I was trying to configure non-Nebula VPN between two different Nebula orgs. The configuration was configured correctly, but the event logs show "Phase 2 policy mismatch". What happen? Answer: It could be remote subnet is mismatched. For Site_A, there are 3 local interfaces enabled for Site-to-Site VPN, and the…
-
[ATP/FLEX] How to Configure Multiple IP Segments Routing in Non-Nebula VPN scenario?
To connect remote LANs with non-Nebula IPSEC VPN, you need to set up a VTI interface in "Non-Nebula VPN" setting. 1. Navigate to the Non-Nebula VPN settings and click "IPSec Policy" Setting button. —> Under VPN tunnel interface, enter a custom IP address for the VPN tunnel. 2. Set up routing policies for your VPN traffic…