-
USG 110 to USG Flex 200
Good evening everyone Recently I had to replace a USG 110 and chose the USG Flex 200. According to the USG Configuration Converter, you can only convert the USG 110 to the Flex 500 and not to the Flex 200. But the USG Flex 500 would be overkill for 2 people. Is there a way to convert my USG 110 configuration for the USG…
-
Problem with VPN configuration for Android 12 and above
Hi, We have ATP100 (version: V5.38(ABPS.0)). We are unable to configure VPN connection using IKEv2. It is unable to start VPN connection. The following message appears. Here is our VPN connection and VPN gateway setup. We have a public IP address. I have one more question, is there another connection option for Android 12…
-
Port mirroring feature
Hello, I can't find any reference guide to port mirroring in a USG FLEX 700. Can anyone confirm if this is even possible? Thanks in advance. Regards
-
Routeing rules not failing correctly if interface ping is enabled
VPN300 V5.37(ABFC.2) so this is the setup only with more rules When without VPN300 interface ping check on VLAN443 on Zywall 110 I block from VLAN443 to VLAN443 the rules disable correctly then when I remove the block the rules come back on line. But if I have VPN300 ping check on interface VLAN443 to no-ip.org and…
-
Why has the geoip update policy changed?
Hi Zyxel team. Previously, I asked questions on this community forum about the geoip update. I was told the Geo IP database would not change frequently. I had one or two updates per week on USG20W-VPN, now it's been more than a month that the database has not changed without error message, it's just "up to date". Why this…
-
VPN SSL Velocidad transferencia archivos muy lenta
Hola, Tengo un Zyxel ATP100 con VPN SSL configurada y clientes Windows 10 con el software SecuExtender de Zyxel para conectar a la VPN SSL. Al intentar transferir desde cualquier PC Cliente conectado a la vpn SSL, la velocidad es terriblemente lenta. Teniendo en cuenta que todos mis usuarios suben archivos que pueden ser…
-
Disclaimer only in UAG4100 / Nutzungsbedingungen
Hallo, Ich weiß, die UAG4100 ist schon alt und jahrelang hat sie gut funktioniert, indem sich jeder Benutzer über Web-Authenifizierung anmelden musste, also Name, Passwort, Bedingunge zustimmen, fertig. Nun wurde entschieden, das Name und Passwort wegfallen sollen, nur noch den Nutzungsbedingungen soll zugestimmt werden.…
-
USG Flex 200 doesnt allow windows 11 IPSEC Phase 1 conection
Hi my USG Flex was configured for low security ipsec vpn with linux clients USG Flex 200 doesnt allow windows 11 IPSEC Phase 1 conection: "Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP, HMAC-MD5…
-
Permitir WEB
Estoy oniendo en las páginas permitidas una url, para que podamos ver dicha ppágina, pero no la desbloquea. *.gloria.* Gracias
-
hello there
If i want to reach other subnet (subnet beyond Firewall) through ssl vpn session but not internet, how to do it; my firewall is usgflex 500 Thanks in advance
-
Site-to-site USG FLEX500 - Strongswan
Hi, we had lot of routers (kerio, unifi, etc..), on each router we had set up IPsec tunnel to our datacenter. In datacenter we have Debian server with Strongswan (it has public IP). Always I set up on Debian remote and local network and on router remote and local sites too. Now we bought flex 500 and I need set up the same…
-
USG20 W VPN Access Point geht nich mehr
Guten Tag Gestern habe ich auf meiner USG20W VPN auf 5GH WLAN gewechselt, danach wieder zurück auf 2.4 GH, seither geht das WLAN gar nicht mehr, die LED WLAN leuchtet jeweils nur kurz beim Booten auf danach nicht mehr. Eine uralte Konfiguration dort funktioniert das WLAN. Leider zeigen die Logs nichts an was mir hilft.…
-
IPSEC VPN encryptions, authentication and Diffie-Hellman groups - a poll
Hello community, this post if for anyone who uses to configure IPSEC VPNs (both L2TP both pure): which encryption/authentication and DH groups do you use on each phase? Have you ever performed speed test with different values? Which is the minimum encryption that you consider safe? Which is the minimum authentication that…
-
YOUTUBE APP
Добрый вечер. У нас zyxel ATP 700, switch xgs3800, 3700 xs1930, точки доступа NWA5123-AC HD раздают с ограниченной скоростью 20 mb на пользователя. Уже 2 дня youtube на телефонах (а именно приложении YOUTUBE ) при открытии видеоролика загружется от 30-65 секунд, а на веб браузере загружается за 5 секунд. В чем может быть…
-
Content Filter on USG Flex100 block business website
Hi all, Recently, our user not able to visit one of business website normally. However, I cannot found any error log from flex100. Below is the website which is categorised as "Business" "" . We only see the error page without any warning. Even I manually add its ip (152.199.39.108) into "Trusted Web Sites" under Web…
-
SecuExtender Agent: VPN drops when user attempts to login with RDP
As the title states above, the VPN drops when the user launches RDP and attempts to login remotely. User's home workstation is Windows 10. This part of the log file stands out, but I don't know what to make of it: [ 2023/02/13 19:30:03 ][SecuExtender Agent][INFO] security tunnel is created!
[ 2023/02/13 19:30:03…
-
ATP500 - Microsoft MFA
I have a ATP500 Firewall. It is possible to configure the Microsoft MFA service for AD users? Microsoft MFA is supported? Thanks
-
AAA Server - AD user type
HI, I have a question about an AD Server connection. In the AAA Server, should the AD user be an administrator member or just a user? Thank you !
-
Web Page Blocked!! You have tried to access a web page which belongs to a DNS Filter category that i
Good morning, There is a false positive: Could you delete it? Despite having deactivated all filters, my site is still blocked... THANKS
-
Local network -> IPSec Tunnel -> L2TP Tunnel routing
Good day! The model of the problematic router is ZyWALL USG 300 There was a need to create such a chain. The diagram shows the problem based on the logs I tried to solve it in the following ways: - Specify the Policy Route with the following setting: Incoming: any Source addr: 192.168.5.0/24 Dest addr: 192.168.127.0…