-
USGFLEX 200H - VPN IPSec Remote Access Local Network
Hello, [USG FLEX 200H] We use IPSec VPN to provide remote access to two local networks (192.168.100.0/24 & 192.168.106.0/24) The only way we found to authorize access to these two networks is using a larger subnet : But that's not clean. Is there a way to authorize only two separate networks and not all the range ? Thank…
-
Why do we need a static route for accessing remote RADIUS on USG?
When we setup an authentication through the tunnel, e.g. on remote RADIUS we should specify a static route to a remote subnet. For example, as explained here: https://support.zyxel.eu/hc/en-us/articles/360001475219-VPN-Configure-User-Authentication-through-a-Remote-VPN-Site#1-configure-site-a-usg-firewall-1 It works but my…
-
USG FLEX series and SSL VPN compatibility
Hi, Does the USG FLEX (non-H) series support SSL VPN with the latest firmware? I know the client has been discontinued, but I would like to know whether these firewalls still support it? The specs do not mention SSL VPN anywhere, however the manuals do have a chapter dedicated to SSL VPN configuration. If yes, can someone…
-
NAT from local network to Site-To-Site tunnel?
Hi! I have a scenario, where 3rd party has public and internal IP-address for a FQDN. We have site-to-site tunnel between our and their local networks. Is there a correct way to do NAT for cases, when if our computer in local network resolves incorrectly FQDN to 3rd party's public IP instead of local IP where we want to…
-
How To Add FQDN fo Viber and Wechat in ATP 700
I already added FQDN for Viber app but can not connect. I want to setup to allow Viber and Wechat for user
-
I have a USG Flex 200 having trouble with NAT rules
I can not seem to get more than 6 NAT rules working at one time?
-
IPSec IKEv2 with certificate (client to site) with StrongSwan under NAT (LOCAL IP MISMATCH)
Hello, i'm trying to configure an IPSEC IKEv2 VPN with certificate (client to site, without L2TP). The server is an ATP the client in an android device with StrongSwan. The firewall is under a router (and i feel that this is the problem since the same configuration works in other places where the firewall is directly…
-
Supported GPON / XG PON /XGS Pon SFP module on ATP200
Good morning, I have a Zyxel ATP200 now connected with the WAN port to the ISP. Now i wan't to switch to a other provider that is providing fiber optics, i don't know what type of ONT i get, but in theorie when i wan't to conect it direct to the SFP port of the ATP200 in need a GPON/ XG PON / XGS Pon module. The connection…
-
USG FLEX 100AX vs 100W: SFP the basic difference?
I downloaded the Specification and noticed 100AX has WIFI-6 support but 100W has SFP port. 100W has 3 antennas (like USG-20W-VPPN) vs AX with only 2. I seem to be missing the big picture. I just purchased a couple of 100AX units, but I want to understand the reasons someone would chose 100W over 10AX. Thanks!
-
List of compatible cellular sticks for USG Flex
Is there a list of compatible cellular sticks for the USG Flex Mobile Broadband Dongle Support Update is 1.06
-
Bug report (availability/stability) on Flex 500: network range overlap mismatch
The following steps produce a faulty configuration file, that however runs sucessfully. Only after a reboot the faulty file is rolled back (which can be many months later, making it very hard to find what the issue was in the first place): Have a subnet, i.e. 192.168.2.1/24 configured on interface LAN2 Disable the subnet…
-
NAT to a server on a different subnet through site-to-site ipsec tunnel
We have an IPsec tunnel through an ISP running on our ATP 800, connecting through WAN1. Our current setup is: Local policy: 10.0.0.0/23 subnet (with interface 10.0.1.1/24 on LAN5) Remote policy: 10.0.2.0-10.0.255.255 range Policy Route: Incoming: LAN5 Source: 10.0.0.0/23 subnet Destination: 10.0.2.0-10.0.255.255 range Next…
-
USGflex H Remote Access VPN users: access to all resources within a site-to-site vpn network
Hello all, can someone give me a hint, please? I need some remote vpn users to have access to the complete site-to-site vpn network, not only to the site they're connected to. The remote access vpn is configured as full tunnel. I tried several things like policy routes and zone settings, but it does not work. Is there a…
-
Nat ATP200
Good evening, I would like to know how to indicate a group of IPs in the field indicated by the red arrow. In fact, it allows me to engrave only a single IP. Thanks
-
SecuReporter is often unreachable over the weekends from all across Europe
SecuReporter cannot be reached over the weekends from all across Europe. The internet connections are good from where the access over the weekend is tried. Same machines, same configurations which can instantly access the SecuReporter servers cannot connect over the weekend. Accessing other infrastructure in the Asia area…
-
[2025 March] SecuReporter Maintenance Announcement
This discussion has been moved.
-
Production Status USG20W-VPN (USG FLEX 50W): Discontinued?
Greetings, I was looking to purchase another USG20W-VPN (USG FLEX 50W) for a client and have been told by vendor it has been discontinued. Is this indeed the case?
-
ATP500 - Avast antivirus block, anti-botnet log
Hi there, we have the problem that since the last firmware update in November our ATP500 blocks the Avast antivirus and the message “BLOCK anti-botnet” appears in the log. We have configured under: Security Service > Reputation Filter > Types of Cyber Threats Coming From The Internet And Local Networks, deactivated the…
-
Router DMZ to Flex 500H
Hi, we are trying to configure the Flex 500H behind a Router with DMZ. The router has IP 192.168.2.1 configured and has a DMZ configured to 192.168.2.2.2 which is the Zywall. The problem is that we do not see anything in the log, opening port 21 for example to test. Is there anything else to configure?
-
Zyxel USG20W-VPN primary and backup link setup and IPSEC VPN
Hello guys, I have USG20W-VPN with latest firmware installed and just need little bit help with setuping my primary and backup link WAN connection. Firstly - I am using the DSL WAN connection that will work as primary link (WAN) and if this connection will fail automatically backup link will go active (Cellular, Brovi 4G…
