VPN - Zyxel Community

Backup Interface on Policy Route
Backup Interface on Policy Route This feature is a critical enhancement for USG FLEX and ATP series firewalls managed via the cloud. Policy Route Failover Administrators can now configure both a Primary and a Backup next-hop interface for Internet traffic within a policy route. This ensures traffic is rerouted…
USG LITE 60AX Enhancements - NAT Rule Increase
USG LITE 60AX Enhancements - NAT Rule Increase Nebula 19.30 significantly expands the NAT capability of the USG Lite 60AX. Increased Profile Limits To accommodate complex networking environments and requests for non-sequential port mapping, the Virtual Server rule limit has been increased from 10 to 30 profiles. This…
USG LITE 60AX Enhancements - DHCP Option 61
USG LITE 60AX Enhancements - DHCP Option 61 The USG Lite 60AX now supports DHCP Option 61 (Client Identifier) to assist in specific ISP deployments. Implementation Details * Function: Allows the DHCP server to identify and distinguish the USG Lite to provide specific IP addresses or pools. * Configuration: Administrators…
USG LITE 60AX Enhancements - DHCP Minimum Lease Time
USG LITE 60AX Enhancements - DHCP Minimum Lease Time Based on customer feedback, Zyxel has updated the DHCP lease time requirements for the USG Lite 60AX. Lease Time Update Previously, the minimum DHCP lease time was restricted to one day. In Nebula 19.30, the minimum lease time has been reduced to one hour. This provides…
USG LITE 60AX Enhancements - 802.1P for WAN Interface
USG LITE 60AX Enhancements - 802.1P for WAN Interface The USG Lite 60AX now supports 802.1P priority tagging on its WAN interfaces. VLAN Tagging Enhancements Administrators can now enable 802.1P priority within the VLAN settings of the WAN interface. This allows the firewall to tag outgoing traffic with specific priority…
USG LITE 60AX Enhancements - CPU Memory & Session Display
USG LITE 60AX Enhancements - CPU, Memory, & Session Display The USG Lite 60AX detail page in Nebula 19.30 now provides enhanced real-time system analytics. New Dashboard Metrics * CPU Usage: Real-time percentage of processor load. * Memory Usage: Current utilization of system memory. * Session Count: The total number of…
USG LITE 60AX Enhancements - Device MAC Address Overwrite
USG LITE 60AX Enhancements - Device MAC Address Overwrite Nebula 19.30 introduces the MAC Address Overwrite feature for the USG Lite 60AX. Feature Overview This feature allows administrators to manually configure a custom MAC address for the WAN interface. This is particularly useful in environments where an Internet…
USG LITE 60AX Enhancements - Dual WAN Support
USG LITE 60AX Enhancements - Dual WAN Support The USG Lite 60AX now supports Dual WAN for improved connectivity and reliability. Port Configuration * Primary WAN: Port 6 (Internet icon) remains the default WAN interface. * Secondary WAN: Port 2 can now be configured as a secondary WAN interface. Traffic Management * Load…
Security Router-Bundled License
Security Router-Bundled License Effective with the launch of Nebula 19.30, Zyxel is introducing a bundled license promotion for security routers. Elite Pack Bundled Service * Eligibility: All stock USG Lite 60AX units (devices never registered in Nebula or MyZyxel) receive a one-year bundled Elite Pack service. *…
Why Is a VTI Interface Automatically Created in Nebula Mode, and What Are the Configuration Options?
Question: Why does a VTI (Virtual Tunnel Interface) automatically appear when configuring a VPN in Nebula mode, and what can be done if the default VTI behavior causes APIPA traffic or interoperability issues? Answer: In Nebula mode, the system automatically creates a VTI (Virtual Tunnel Interface) whenever a VPN rule is…
Why is L2TP VPN not working on Windows 11 with USG FLEX devices?
Question: I set up a VPN configuration on a USG FLEX device. The VPN works fine on iPhone but fails on a Windows 11 Pro laptop. Answer: Windows Firewall on Windows 11 may block the required connections. Follow the steps below to resolve the issue: • Enable firewall rules: Open Command Prompt as an administrator, type…
USG FLEX Lite 60AX Now Supports Traffic Logs via SecuReporter (Nebula 19.10)
The USG FLEX Lite 60AX, originally designed for SOHO environments, has been rapidly gaining popularity in small business, especially in the hospitality sector(cafés, restaurants, and hotels). A key driver of this demand is compliance—some governments, such as France, now mandate that hospitality businesses retain traffic…
Captive Portal Support on USG FLEX Lite 60AX in Nebula 19.10
With the release of Nebula 19.10, Zyxel introduces captive portal support for the USG FLEX Lite 60AX. While originally designed for small office/home office (SOHO) deployments, the USG FLEX Lite 60AX has quickly gained traction among small businesses, particularly in the EU, as an affordable all-in-one solution that…
Why is LDAP not available for IPSec VPN Authentication on Nebula?
Question: Why is LDAP not available for IPSec VPN Authenticationon Nebula? Answer: The LDAP server is not listed as an authentication option for IPSec VPN because it is not supported. Authentication options for different VPN types are as follows: IKEv1 (L2TP VPN): Nebula Cloud Authentication, Active Directory (AD), RADIUS,…
IPSec Remote VPN is connected but it's not passing any traffic, what should I check?
Question: IPSec Remote VPN is connected but it's not passing any traffic, what should I check? Answer: Check if the remote subnet is conflict with other interfaces. Check if the security policy blocks the traffic Check if the policy route direct the traffic to another place.
How to choose which LAN network the VPN user can connect in Nebula mode?
Question: How to choose which LAN network the VPN user can connect in Nebula mode? Answer: In Nebula mode, remote VPN user can access all the local interfaces since the default security policy allows it.
The SD-VPN(Nebula VPN) can't connect
Question: The SD-VPN(Nebula VPN) can't connect Answer: 1)Please check you have correct Primary interface settings. The SD-VPN / Nebula VPN is easy to setup as desgin If the issue is persist, Please kindly contact Zyxel Support
[ATP/FLEX] Where can I control the split tunnel mode on Nebula?
Question: [ATP/FLEX] Where can I control the split tunnel mode on Nebula? Answer: The remote access VPN tunnel only supports full tunnel mode. It does not support split tunnel mode.
[ATP/FLEX]Does Non-Nebula VPN support failover scenario when the Non-Nebula peer has two public IPs?
Question: Does Non-Nebula VPN support failover scenario when the Non-Nebula peer has two public IPs? Answer: No. Currently, the Non-Nebula VPN function does not support failover scenarios, even if the peer firewall has two public IPs.
Can I configure Client VPN subnet the same as LAN/VLAN interfaces?
Question: Why my remote VPN users are on 192.168.50.1 and my local users are on 192.168.1.1? I want them to be on the same. Can I configure Client VPN subnet the same subnet as LAN/VLAN interfaces? Answer: No, you cannot use the same subnet for the Client VPN subnet and LAN/VLAN interfaces. It would create IP address…

Welcome!

It looks like you're new here. Sign in or register to get started.