-
Routing to a dynamic IPSEC tunnel
Hi all. I've been banging my head on this issue and i think this is the right moment to ask for help. This is the network topology SITE B 192.168.172.0/24 =Dynamic IPSEC===⇒ SITE A 192.168.171.0/24 ⇐SSL VPN client 192.168.32.50 Site B USG110 V4.73 (behind a Starlink router) Site A USG FLEX200 V5.38 SSL client secuextender…
-
myZyXEL.com An SSL error has occurred
Hi , Since yesterday i'm getting error: 76 2024-05-21 09:09:12 error myZyXEL.com GetTimeZone: Can not get correct feedback from server 77 2024-05-21 09:09:12 error myZyXEL.com An SSL error has occurred and a secure connection to the server cannot be made. 78 2024-05-21 09:09:11 notice myZyXEL.com GetTimeZone: Processing...…
-
View .zysh schedule rules
I have a VLAN with default no internet access. But sometimes, manager wants to enable it, so I gave him a script with Putty which logs in automatically in his FLEX 200 and disables to deny VLANXX to WAN rule. He can enable the rule again also. So far so good. But to be sure that he doesn't forget, I want to schedule the…
-
Is my ISP wrong? Nat inside
Hi there, just a noob networking guy, tryin' to learn something. Here's my scenario. I need to reach from the external of my building, through public ip X, an internal LAN2 address —→ 10.0.0.241:9000 Modem router address is 10.0.0.1 - Firewall WAN port is 10.0.0.241 as isp requested Modem router i think got NAT rule Public…
-
USG20W-VPN FW:V5.38(ABAR.0)
Hi, I have a problem with the firewall in question, I renewed and activated the content filter subscription, but it doesn't work. Client browser 192.168.1.2 does not block yahoo.com and filters. Thank you
-
Port role for LAN2 causes network loop
USG FLEX 200 V5.38(ABUI.0) I may have to do a part draw out part of the network if needed but when I have LAN2 for Port role on FLEX 200 to the WAN2 of my Zywall110 it causes a lockup of zywall110 but if I unplug LAN1 on either FLEX 200 or Zywall110 the problem does not happen. BUT if I use reserved for Port role on FLEX…
-
SCR 50 AXE trial license expired
hi My trial license expire on my SCR 50 AXE, will the device still block threats?
-
Dual WAN IIS Setup
We have a customer with a ZyWall 110 that has 2 ISPs, coax for primary with a block of 5 IPs and cellular for backup with a single static IP. They host a server on site that uses one of the secondary IPs in the coax range for communication (hosts IIS, mail, etc.). We also need to set this up so that at least the web ports…
-
SCR50AXE and Stop mail fraud & phishing
When "Stop mail fraud & phishing protection" is enabled, it interferes with the operation of the Speedtest application. The app has trouble finding a server and is very unstable. The logs also show information about blocking servers related to the speedtest application.
-
VPN to USG LITE 60AX behind AVM FRITZ!Box 6890 LTE not working
Connected to German Telekom VDSL with a public IP port forwarding is working but no VPN access. Everything is forwarded to the USG via Exposed Host (IPv4 + IPv6), but StrongSwan always responds with received NO_PROPOSAL_CHOSEN notify error: Jun 23 12:43:06 00[DMN] Starting IKE service (strongSwan 5.9.13, Android 14 -…
-
USG110: P12 Certificate "errno:-17011"
Hi, I try to import a new P12 certificates, which works for years. Now the "import" under "certificates" gets error 'error -17011'. "errmsg: PKI certificate type is not supported". I can validate my p12 file with openssl, so the file is fine.
-
USG Flex 200 DNS cache poisoning?
Hello, Our USG Flex 200 is working just fine for clients. The device itself will not connect to the internet however. I cannot search for updates and timesync does not work for example. Using SSH to check on the machine locally the following happens: Router> ping gmail.com PING gmail.com (192.168.50.41) 56(84) bytes of…
-
Restrict access to specific vlan - windows inbuilt client
Hi! I've successfully managed to setup an ipsec/ikev2 vpn using windows 10 native client following this guide: https://support.zyxel.eu/hc/it/articles/4439075779090-VPN-Configurare-IKEv2-IPSec-con-certificato-su-Android-iPhone-iOS-Windows-MacOS Now I'd like to restrict the landing subnets for vpn clients. I've tried to…
-
WAX620D controlled by USG40 - possible?
Hello I am having a hard time registering a WAX620D on a USG40 as controller. The USG40 sees the WX620D and I can add it to the controlled group. However, the icon stays gray and I cannot manage the accesspoint. Any ideas? Thanks —Thomas
-
Unable to reach port
Hello i have fowarded 3 ports on 3 internal ip (PC) , i have already created also the policy from wan to lan1 to manual ip. For 2 are ok but one give me a error It was a similar streaming from outside to inside, if i see the log i see this Time Category Message Src. IP Src. Port Dst. IP Dst. Port Note Action 2024-06-11…
-
Custom GEO Region for USG FLEX 500
We have a new FLEX 500 gateway/firewall. I want to customize a Geo Region to allow access into our network only from Eruope and the US, as all of our techs are there. I know how to select one of the specified regions—that works. If I configure the traffic to allow only Europe, it works. But, I want to allow both Europe and…
-
Flex 100 Policy Control Question
Admittedly, I've been sick for several days, and brain fog is affecting me. In addition, it's been too long since I've been in a Zyxel. Here's my scenario: client with a Flex100 has a device on DMZ. That device now needs to have some ingress data allowed. Have the address and service objects and groups created. But think…
-
USG Flex series: offline preparation is impossible?
So… Having firmware file downloaded, having the future running configuration ready, having users prepared… Is possible to start a USG Flex device without any internet connection?
-
USG Flex 100 error phonebar Java
Hello everyone. I have a problem with my zyxel USG flex 100. It happens that while using a phonebar Java connected to a VPBX often error: Unable to communicate with server. I don’t understand what it depends, if I remove from the network the firewall is using a normal router the problem disappears.
-
ZyWALL ATP200 how to start with Vlan?
Here is my Network in a very simplified way: The ATP (will) have 2 Wan Connection one slow DSL and one fast but unreliable Cable. There are multiple Switch in the System 2 Zyxel and a Handfull Managed and Unmanaged one. I use an Netget for example for PoE to power the AP and some IP Phones. I intend to have atlest 4 Vlans…
