-
Connect via SSL VPN as a user from the AD group (USG FLEX 700)
Can't connect via SSL VPN as a user from AD A local user is connecting via SSL VPN (userl). notice SSL VPN Failed login attempt to SSLVPN from http/https (incorrect password or inexistent username) [count=2] Testing user userp in: aaa group server ad dc01 - OK username sslVPN - OK My settings: ! model: USG FLEX 700 !…
-
Monitoring Mode not working on USG FLEX 500
Got a USG FLEX 500 that the Nebula Monitoring mode page seems to be bugged, as in it doesn't seem to functioning properly or accepting the ID that you give it. This happened a few months ago and I assumed this was a regular run of the mill bug that would get patched, but it still persists. Any ideas? I have a recording of…
-
USG Flex H series "no sooner than" roadmap for missing functions/features
Is their a roadmap for when the missing functions/features in release notes 1.10 might be finished ("no sooner than")? Of course there may be other items such as a config file converter, or a means to convert USG Flex licenses to series H. 50 functions/features or so no doubt means a small number of them will not perform…
-
IPV6 on LAN1 with PPPoE (Deutsche Telekom)
Hallo, kennt jemand dem Ablauf, wie man das Einrichtet? SLAAC ist an allen Schnittstellen aktiviert, Prefix Delegation für WAN1_PPP scheint zu funktionieren... LAN1 ist ein Subnetz mit DHCP (IPV4), was ist noch zu tun, damit auch IPV6 läuft...
-
Security Policy Control Log
Hello, I have an USG FLEX 200H firewall, and I didnt find a way to make log from Security Policy Control events and save the log. The log in Log&Reports⇒Log/Events⇒System⇒Security Policy Control is very short in time range: 2-3 minutes long event list. Is there a way to make it longer and be saved or reported in email?…
-
personal agreement page has already error
-
SECUextender
-
SSL VPN failed on macOS and Linux OS
Device: Zyxel USG FLEX 500 Firmware Version: (please insert your firmware version here) Service: SSL VPN Issue: SSL VPN is not working on macOS and Linux clients. The connection works normally on Windows using Zyxel SecuExtender, but macOS and Linux clients fail to establish the SSL VPN tunnel. Error messages: macOS:…
-
Setup Guide - IKEv2 VPN from Ubuntu 24.04 to an USGFLEX 200H
Here's a step-by-step installation and configuration guide for setting up an IKEv2 VPN client on a clean Ubuntu 24.04 system, using EAP-MS-CHAPv2 authentication and a split-tunnel configuration, with working ping to the Zyxel Firewall's LAN and internet preserved. The Zyxel USG FLEX configuration is identical to the one…
-
Problem with fine-grained CIDR notation (USG Flex 40)
The security policies seems to have a problem understanding CIDR notations from /27 and up (or is it down?). The case in hand is a number of servers in the 192.168.17.96 - 192.168.17.103 range, i.e. 192.168.17.96/29. But that doesn't work. Neither does 192.168.17.96/28, nor 192.168.17.96/27. I have to go all the way to /26…
-
USG Flex 500 doesn't connect to mail server
I recently moved from a Flex 100 to a Flex 500, and carefully (I hope) copied across all the settings. That all went fine, with one exception. We run a mail server called VPOP3. Mostly that just serves clients on the local net, but it should also serve external mail clients. To do that I've created a NAT rule which allows…
-
Is it possible to use Google Authenticator for VPN access - AD users ?
Is it possible to use Google Authenticator for VPN access (IKEv2/L2TP) when users authenticate via Active Directory ? (USG Flex 700)
-
ZyWALL USG20W-VPN - WLAN broke after V5.41(ABAR.0) upgrade
Hello, I upgrade from 5.40 to 5.41 and now my usual WLAN ssid does not work anymore. It keeps connecting / disconnecting. This happen from iPhone and from Arlo webcam. I tried to upload the 5.40 config file but problem remains. Also, strange fact: after logging in into 5.41 I get the error "wrong cli cmd…" but then…
-
EOL bug in VPN300 port group
VPN300 V5.37(ABFC.2) So not expecting this to be fixed just thought I share the problem. So this is the default each port is not shared or linked to another At one point I moved P6 to Ge3 so that P3 and P6 are under that interface all worked fine. Then I want to move P6 back to Ge6 which worked but firewall was allowing…
-
Multiple IPsec connections of a single configuration
Hello, I use Zyxel FLEX 100 with firmware 5.41. I noticed multiple IPsec connections of a single configuration. It looks like this in the VPN stats monitor: Why there are multiple connections for the MASTER_VPN_VLAN200 configuration? Any advice is welcome, thank you. There are 2 configuration using this IKEv2 gateway:…
-
User name limitation that causes problem for MAC-Based Authentication
FLEX 200 So I've been configuring with 802.1x with a Cisco switch and FLEX 200 as Authentication RADIUS Server even when I could use Cisco built in option. So its really odd that my MAC was 08-00-27-EE-C7-AF but you can put that in FLEX200 because it must start with a letter so I change the MAC of the device to…
-
Vlan1 On Primary LAN Interface
Hello, I have a HUGE security concern about this topic and I am running a Flex USG500H and I spoke to tech support and discovered that I am not able to change the primary LAN interface (192.168.1.1) to any other vlan other then the default vlan1 and that is designed that way. In my opinion that is a security "No No". This…
-
Protect the link between the firewall and the switch
Hi I’m using MAC authentication on a GS1920-24 switch to prevent unauthorized devices from connecting to it. However, I can’t use MAC authentication on the uplink to the firewall. How can I ensure that only the firewall can connect to the switch, and only the switch can connect to the firewall? The firewall is a USG FLEX…
-
Zyxel SCR 50AXE Stop Working 2.4Ghz wifi after upgrade to V1.20(ACGN.0)
Hi, I upgraded my Zyxel SCR 50AXE to the latest version (V1.20(ACGN.0)), and after that, my 2.4GHz Wi-Fi network stopped working. Sometimes it appears, sometimes it doesn’t, and when I try to connect, it gives an error. It also shows a Wi-Fi network named “SSID,” but I think that was already there before the upgrade. Has…
-
ETA for next ZLD 5.X firmware
If any… for the known and sharable information at this date.
