-
App Patrol allowing Specific hosts on Blocked Applications
Hello, We are currently configuring a ZyWALL FLEX100 and need help implementing a policy with the following requirements: Block access to all hosts: • Movies and TV series platforms • Online games • YouTube • Social media (except for host1 - IP 192.168.1.21) • Online radio, TV and Spotify (except for host2 - IP…
-
How can I turn off logging of URL Threat Filter allowed list items?
Configuration > Security Service > Reputation Filter > Allow List tab When I add sites to the Allow list and check the box to Enable Allow List, I then get log entries for items on the allow list in the System Log. I have URL blocking set to block and log set to log. I only want to see items in the System Log when they are…
-
DNS Query over IPSec VPN with Content filter
Hi We have two sites that are connected with IPSec. We send all DNS requests from site A to site B, the DNS server on site B is a USG Flex Firewall. My problem is that all DNS responses for site A are unfiltered. Is it possible to use the DNS content filter for the for the DNS Request coming from Site B? Thanks for your…
-
USG LITE 60AX vlan firewalling
Hello, just a quick question: Does the USG LITE 60AX support firewall rules between vlans that are on the lan side of the device other than then the toggle for "Guest Network"? I know that the SCR 50AX can't do that, because I have a SCR 50AX and I have tried and there was also a question about this on the forum. But I…
-
zywall atp100w - external captive + radius
Hi all. I really need help from the community on setting up zywall atp100w. I read a lot of information on setting up, but I still couldn’t set it up correctly. Task: I have an atp100w router on which an open wifi network is configured on LAN1. Internet access is configured via WAN. NAT is configured. Wifi users access the…
-
Transfer services from USG40 to USG50 Flex
Hello everyone How can I transfer some active services related to my old USG firewall to the new one? Example: Content Filter SecuReporter If I try from the zyxel portal it tells me there are no compatible products Thanks for your help Regards F.
-
L2TP over IPSec Client (iOS, Windows, Android)
Hello all via wizard i configured the vpn in subject. I can connect I can see in the zyxel monitoring my vpn session with the Mac, but unfortunately I can't access or ping the local resources. USG50 FLEX WAN 192.168.1.200/255.255.255.0 L2TP IP Address Pool RANGE, 192.168.1.30-192.168.1.35 LAN1 IP 10.10.10.33 Can someone…
-
Default DNS servers
On my Zywall USG Flex 200 I have 2 WANs active. Both WANs got different DNS servers assigned via DHCP. The assigned DNS servers were automaticly added under 'System-DNS' with Domain Zone '*'. My question: Is it possible to prevent the automatic assignment of e.g. WAN2?
-
USGFLEX 200H - VPN IPSec Remote Access Local Network
Hello, [USG FLEX 200H] We use IPSec VPN to provide remote access to two local networks (192.168.100.0/24 & 192.168.106.0/24) The only way we found to authorize access to these two networks is using a larger subnet : But that's not clean. Is there a way to authorize only two separate networks and not all the range ? Thank…
-
Why do we need a static route for accessing remote RADIUS on USG?
When we setup an authentication through the tunnel, e.g. on remote RADIUS we should specify a static route to a remote subnet. For example, as explained here: https://support.zyxel.eu/hc/en-us/articles/360001475219-VPN-Configure-User-Authentication-through-a-Remote-VPN-Site#1-configure-site-a-usg-firewall-1 It works but my…
-
USG FLEX series and SSL VPN compatibility
Hi, Does the USG FLEX (non-H) series support SSL VPN with the latest firmware? I know the client has been discontinued, but I would like to know whether these firewalls still support it? The specs do not mention SSL VPN anywhere, however the manuals do have a chapter dedicated to SSL VPN configuration. If yes, can someone…
-
NAT from local network to Site-To-Site tunnel?
Hi! I have a scenario, where 3rd party has public and internal IP-address for a FQDN. We have site-to-site tunnel between our and their local networks. Is there a correct way to do NAT for cases, when if our computer in local network resolves incorrectly FQDN to 3rd party's public IP instead of local IP where we want to…
-
How To Add FQDN fo Viber and Wechat in ATP 700
I already added FQDN for Viber app but can not connect. I want to setup to allow Viber and Wechat for user
-
I have a USG Flex 200 having trouble with NAT rules
I can not seem to get more than 6 NAT rules working at one time?
-
IPSec IKEv2 with certificate (client to site) with StrongSwan under NAT (LOCAL IP MISMATCH)
Hello, i'm trying to configure an IPSEC IKEv2 VPN with certificate (client to site, without L2TP). The server is an ATP the client in an android device with StrongSwan. The firewall is under a router (and i feel that this is the problem since the same configuration works in other places where the firewall is directly…
-
Supported GPON / XG PON /XGS Pon SFP module on ATP200
Good morning, I have a Zyxel ATP200 now connected with the WAN port to the ISP. Now i wan't to switch to a other provider that is providing fiber optics, i don't know what type of ONT i get, but in theorie when i wan't to conect it direct to the SFP port of the ATP200 in need a GPON/ XG PON / XGS Pon module. The connection…
-
USG FLEX 100AX vs 100W: SFP the basic difference?
I downloaded the Specification and noticed 100AX has WIFI-6 support but 100W has SFP port. 100W has 3 antennas (like USG-20W-VPPN) vs AX with only 2. I seem to be missing the big picture. I just purchased a couple of 100AX units, but I want to understand the reasons someone would chose 100W over 10AX. Thanks!
-
List of compatible cellular sticks for USG Flex
Is there a list of compatible cellular sticks for the USG Flex Mobile Broadband Dongle Support Update is 1.06
-
Bug report (availability/stability) on Flex 500: network range overlap mismatch
The following steps produce a faulty configuration file, that however runs sucessfully. Only after a reboot the faulty file is rolled back (which can be many months later, making it very hard to find what the issue was in the first place): Have a subnet, i.e. 192.168.2.1/24 configured on interface LAN2 Disable the subnet…
-
NAT to a server on a different subnet through site-to-site ipsec tunnel
We have an IPsec tunnel through an ISP running on our ATP 800, connecting through WAN1. Our current setup is: Local policy: 10.0.0.0/23 subnet (with interface 10.0.1.1/24 on LAN5) Remote policy: 10.0.2.0-10.0.255.255 range Policy Route: Incoming: LAN5 Source: 10.0.0.0/23 subnet Destination: 10.0.2.0-10.0.255.255 range Next…
