-
VPN100 - smtp authentification password charset
Hi folks, I'm trying to setup an automatic email of our logs, but I'm facing a trouble : smtp authentification password are not considered valid if they contains a space character. As I'm using gmail to send emails, and password apps are generated by google and are always including spaces I'm in a dead end. Could you…
-
Flex 200H - Sending logs via email
Hello everyone, in the past I used to send logs via email, like you could do with USG60W. It was possible for the firewall: and for the APs managed on premise: So it was possible to config an email sent for what you wanted to see with the right panel: Is it possible to do the same also with 200H in the future? Right now…
-
use a specific wan port for a local ip address
i have usg60 device which have wan1 connected to a 5g router(with ip 192.168.1.85 and wan2 connected to a fiber router (with ip 192.168.0.85). the network is connected to lan1 with ip 192.168.2.85. in the configuration we have load balance and failover and a VPN L2TP-ipsec. the question is: how i can force a specific local…
-
IPSec ESP packets dropped by default security policy rule after reboot
This seems like pretty odd behavior. A site-to-site VPN, IKeV2, pre-shared key, local and remote policies are /24 networks, defined in the IPSec_VPN zone. On boot, the tunnel automatically connects but won't pass traffic. If I disable the security policy it will start passing traffic. If I re-enable the security policy it…
-
Cannot find SSL VPN client for MacOS anymore in Downloadcenter
a few month ago i could download SecuExtender VPN Client_SSL_VPN_Client_1.2.6 for MacOS but know i can not find it anymore. What happend? Is not possible anymore to download the client for the perpetual licenses? We bought 8 or 10 licences this year for this SSL-VPN Client moe
-
USG Flex 200H - Impossible to send config via email
Hello everyone, I upgraded to 1.21 firmware and as you can see it's impossible to send a backup config via email: While the connection test is passed: Is there a place where to set an autosend config when something is changed like it happens with "old" USG Flex and ATPs? Thanks
-
Geo IP filter works too much
I'd like to block traffic from China and I set Geo IP filter. Traffic from China is blocked. But part of traffic from Japan is also blocked. I must receive traffic from Japan. What can I do?
-
Flex 700 to Flex 700H migration
Hello, I'd like to replace an existing Flex 700 firewall with the newest Flex 700H. I didn't see any way to convert the current configuration file with the online converter tool. Can I upload directly the config file from the old system to the new one or is there a way to do so ? Thanks !
-
USG Flex 200H - Strange CPU usage
Hello everyone, as you can see with 1.21 firmware you have a strange CPU usage graph: In my case I have about 25% on Core1 and 25% on Core2, while Core3 and Core4 are at zero value. May I miss something somewhere else? To be exact these are details for each CoreX:
-
Transfer USG1100 config to Flex 500H
Need to change firewalls at location. Is this possible? 3rd party utility available? Doesn't appear to be supported via usg configuration converter.
-
Block network access when security policy doesn't comply
Hello everyone, Question, is it with zyxel possible to auto block network access from network clients when they doesn't comply to our security standards. For example: When an client is infected with ransomware, would it be possible that zyxel detects it, and block all network access of this client? I know other brands has…
-
IPSec IKEv2 with certificate (client to site) with StrongSwan under NAT (LOCAL IP MISMATCH)
Hello, i'm trying to configure an IPSEC IKEv2 VPN with certificate (client to site, without L2TP). The server is an ATP the client in an android device with StrongSwan. The firewall is under a router (and i feel that this is the problem since the same configuration works in other places where the firewall is directly…
-
USG FLEX 100 - 5.39: Loss of Internet Access after update
Had a unit auto-update this morning and since restart has not allowed internet access. No internal devices (LAN or VPN) show any logs for WAN access, even with the security policy set to log for approved and deny. Was working perfectly fine until the update. No errors found, no config was changed, only the firmware update.…
-
Who uses virtual interface please post
Please post if you use virtual interface and if you can how.
-
USG210 - No “Content-Type: text/plain;” header in email report.
My firewall (USG210) sends me logs via e-mail. They are e-mails in TXT mode. The email program receives them and reads them correctly. But the anti-spam program (MailWasherPro) cannot display the contents of these e-mails (even though the source code is displayed correctly). In my opinion, the reason for this is that the…
-
What is the EOL date for the USG20W-VPN?
-
USG LITE 60AX - VLAN assignment
how do i allocate VLANS to port interfaces of the USG LITE 60AX?
-
Possible ARP spoofing attack
I have a problem with an access point (NWA130BE). It happens that suddenly two different MAC are coming from the same device. The LAN MAC is 48:xx:xx:xx:17:c7 and should receive the IP 192.168.1.3 via the static DHCP table. But suddenly the AP comes with the MAC 48:xx:xx:xx:17:c8 and gets an IP via DHCP. The firewall…
-
Flex 200H - Dual partitions for upgrade
Hello everyone, I needed to upgrade this firewall remotely: And everything was OK: But I see only one partition available for firmware test. Wouldn't it be better to always have the double partition available? An easy way to have also the "Standby" one instead of only "Running" one like I have on all other Flex/ATP series?…
-
Flex 200H - Time needed for reboot to regain contact with Nebula
Hello everyone, I updated to a custom firmware the 200H to check a software upgrade, so I was able to reboot it manually via Nebula Configurator. Well done. My question is related to time needed for reboot, is it normal to see the firewall offline for about 12-14 minutes? Thanks a lot