-
out of production usg flex 200
Today i heard the usg flex 200 is out of production, and the EOL date is 2030. Is that correct. Wondering what's the follow up product of the flex 200. Off course you have the flex 200h, but that one is much more expensive, and maybe difficult to sell to our customers. 5 years and then EOL? that's a little quickly in my…
-
USG FLEX 500 VPN Server EAP-MSChapv2 vs EAP-TLS/PEAP on Radius
Hello, i've got some trouble setting up remote user connection with certificate instead of user/password, and i don't find much documentation about this on Zyxel networks. I've setup VPN gateway & tunnel for remote user connection with radius authentification EAP-MSChapv2 successfully, but when i'm trying to change Windows…
-
DHCP server setup on ATP500 shows "Error -4027 : DHCP network setting conflict"
I want to setup DHCP server function on one of the LAN interface on the ATP500 device (firmware version being "V5.39(ABFU.1) / 2024-11-16 03:14:26"). After entering the parameters of : DHCP (server), IP pool start address (192.168.1.130), pool size (10), First DNS server (ZyWALL), default router (ge4 IP) with rest…
-
No entries in device insight
Hi, I have configured one device insight profile. Inside this only the criteria for OS "Windows" is selected. I would have now expected, that my laptops and desktops are listed in the device insight table of monitoring, but this table is always empty. I'm sure I have misunderstood or done something wrong. Kind regards SB
-
DNS lookup issue
We've got a really weird issue with a FLEX100. So a client reported that they can't access their website from their office network. On any device. If they turn WiFi off on their phones, they can acces it fine. Sure enough, the FLEX100 is not returning ANY address for their primary domain. But every public DNS server…
-
redirecting http
Hi! I have a webserver behind a zyxel 200H (frimware: V1.30) and I cant reach its website with its domain name/url, and instead of the website all I get is the zyxel 200H login screen. I looked up the problem, and I should find a "HTTP Redirect" instruction on…
-
Source NAT through vpn tunnels
Let's say we have three sites: Site A (USG Flex 50) - Policy based vpn - Site B (USG Flex 200) - Policy based vpn - site C (other device, managed by others) Note: between A and B it's simple routing, hosts keep their IP. Between B and C it's different: all B lan address reach C site SNATted (in B-C vpn policy) to a single…
-
url check
-
Error while trying to import a certificate. P12 certificate "errno: -17011"
Hi. When trying to import a certificate to UGL Flex 700 I get the error errno: -17011 errmsg: PKI certificate type is not supported I am on version V5.39(ABWD.1)
-
P12 Certificate "errno:-17011"
I have been importing P12 certificates for years. It is scripted openssl to generate pkcs12 from PEM files. openssl has not updated on linux since 2020. Now the "import" under "certificates" gets error 'error -17011'. "errmsg: PKI certificate type is not supported" Tried a different browser, chrome and firefox both error.…
-
usg20-vpn and surfshark
is there anybody able to share a configuration to connect my old usg20-vpn with surfshark? Actually looks like they provide a certificate for an ikev2 that i cannot import because they provide no secret key with it, and also no shared key. I think i should use the username and password system through ms chap, but it seems…
-
Advice on policy control issue
Hi Zyxel world, I wonder if you can help please - We've 3x USG60, connecting IPSEC to an Azure VPN Gateway, all 3x VPNs connect and remain connected but only 2x pass traffic (pings) and one does not. The key settings look identical as far as I can tell, having compared them side-by-side, aside from the expected network…
-
SFP Slot at USG 700 Flex - which standard is supported?
Which SFP standard support the SFP ports on USG 700 FLEX? The problem is, that we most probably get only one single fiber and have to put dual wave length for TX and RX on it. But this would be 1000BASE-BX standard. Many devices on the market only support 1000BASE-SX /-LX /-ZX standards where different fibers are in use…
-
SSL VPN SecuExtender Retirement / Licenses for IPSec SecuExtender needed?
Since the SSL VPN SecuExtender Client will be retired soon (or is already retired?), we have to seach for an alternative. The Windows build-in IKEv2 Client works so far with our USG 700 Flex and could be used, but is not so comfortable for us due to different reasons. Does Zyxel offers limited IPSec SecuExtender licences…
-
USG20-VPN (now USG Flex 50) problem with the upgrade
"I have a USG20-VPN device that has been updated to the USG Flex 50 version. On the standby partition, there is the old firmware V5.10(ABAQ.0), and on the running partition, there is firmware V5.30(ABAQ.0). Now, the latest firmware version has been released. When I try to upgrade to the latest firmware, nothing happens. It…
-
USG FLEX 500H - Client VPN with Entra ID login
Hi Is it possible to use Entra ID accounts to login to a client VPN (Remote Access VPN or SSL VPN)? Right now I'm using a Cisco ASA where I have created a SAML setup to Azure, and it works just fine with the login and also to ask for the users MFA. I have the same setup on some FortiGate firewalls, but I just can't find…
-
USG FLEX 500H - SNAT on a Site-2-Site VPN
Hi I want to replace a Cisco ASA 5506-x with a USG FLEX 500H. I have multiple Site-2-Site VPN connections and and got them all but one up and running. The last one uses SNAT, where my lan subnet (/24) has to be translated to another (/32). All information I could find so for on SNAT in a VPN tunnel is for the old model, or…
-
USG60 - Problem with internal LAN.
Good morning, I have a strange behavior with our USG60 regarding the local LAN port. Since we changed the network provider every time the provider's router reboots (power loss, random reboot, manual reboot, etc.), the USG changes the internal LAN IP mask. Something that it never had done in the past. To give you an…
-
HA config(Flex 700)
I have the following set up. The question I have is what takes precedence when it comes to HA, and what would give the desired end result? two 700 in functional HA pair. WAN1, WAN2 policy routes for different traffic to go primarily through WAN1 or WAN2, policy routes have connectivity check to fail down to an alternate…
-
ATP200 - unable to update antimalware
After updating "Firmware Version V5.37(ABFW.2) / 2024-01-20 05:47:51" I have: Anti-Malware signatures are updated to the latest version 2.1.1.20231130.0.. (success) at Mon Mar 11 09:03:50 2024 Threat Intelligence Machine Learning (TIML) signatures are updated to the latest version 1.0.0.20240310.0.. (success) at Mon Mar 11…