-
Invalid state detected DROP (for VPN user)
Hello, yesterday we got strange problem with SSL VPN connected users. Both users connected successfully with Secuextender cannot reach internal LAN resources. In Zyxel debug log, we have "Security Policy Control - Invalid state detected DROP". Reconnecting not solved the issue. Only Zyxel reboot solved it. After Zyxel…
-
2nd IPSEC Vpn profile for different users
Hello, I just would like to know if it is possible to create a separate IPSEC VPN Policy with different routing policies and different security policies for another group of users. I create first VPN Policy with wizard and everything is fine with that. I tried to create a new VPN policy with same basic settings but…
-
USG LITE 60AX and IPv6 support
I have an AVM FRITZ!Box 6890 LTE that worked marvellous with both IPv4 + IPv6 on a German Telekom VDSL incl. port forwarding and am quite shocked that our new USG LITE 60AX does not seem to support IPv6 to the internet or even DNS forwarding. nslookup anysite.xy is not answered but ping is working, however only with IPv4.…
-
USG Flex 200H
Bonjour, Est-ce que d'autres utilisateurs ont des soucis avec leur USG Flex série H? De mon coté voici mes problèmes: -déconnection du tunnel VPN site à site -impossibilité d'accéder à la conf depuis le lien généré par Nebula -en local, après l'authentification, impossible de charger la page de conf, j'ai des cercles verts…
-
USG 100 Flex stuck twice in two weeks
Facts January 28 roughly 10:00 am customer calls me reporting not working internet access. Already contacted the ISP, which says "Our CPE is fine, you're not flowing any traffic among your interfaces. I contacted ISP too, verifying that the connected device (USG 100 Flex) was not making any traffic, while seeing the device…
-
VPN full tunnel + thetering
Hi folks. Scenario: android smartphone connected to an IPSec client to Site VPN IKEv2 with certificate. the VPN is full tunnel, the VPN client is Strongswan. Windows pc connected in thetering to the android smartphone. Why the traffic created by the Windows pc does not enter the tunnel? Is there a way to force it?
-
Trouble Configuring Client-To-Site VPN with IKEv2 and USG40
I'm trying to setup a Client-To-Site VPN with a USG40 Host using IKEv2 and a Microsoft VPN client. I've followed the instructions in the guide - [ZyWALL/USG] How to set up a Client-to-Site VPN (Configuration Payload/DHCP) connection using IKEv2 I've successfully connected from the remote client to the Host site and the…
-
ZyWall USG60: VPN IKEv2 Connection using Windows 11?
Hello I'm trying to connect to my LAN from outside, using a VPN IKEv2 connection as instructed here: https://mysupport.zyxel.com/hc/en-us/articles/360005744000--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Configuration-Payload-DHCP-connection-using-IKEv2 I think the security proposals there are obsolete, as Windows uses…
-
restart automatically zyxel usg flex100 ax
Hello support, I don't know where is the issue..but often (almost every day) the firewall reboot, I have the last firmware V5.39(ACFN.1) / 2024-11-16 08:04:18 Do you have any idea about that ? Please let me know asap! thank you
-
IKEv2 at ATP500
I cannot create IKEv2 vpn via Wizard a i have such info at the end CLI Number: 0Error Number: -24007Error Message: 'Append AAA method has failed.' pls help
-
USG60 config to Flex 100, how to proceed?
Hello, we used to have a USG60 of which I have a backup startup-config.conf Now I have a Zywall Flex 100 with a forgotten password, and would like to use the backup on it. Will probably reset and try to upload the backup. Not sure about the firmware version. How do I do it? Do I need to convert it somehow, or is it already…
-
Indeed Website not displaying properly.
Hello, For some reason the indeed website does not work properly. I have whitelisted the site and it did not change anything. All other sites appear to work correctly. I have attached a file with the first screenshot showing what the website should look like and three other screenshots showing various pages on the indeed…
-
Zywall 110 Throughput
What should I expect as throughput from my Zywall 110 device? I know that it depends on what is enabled as services. What is the max throughput without anything enabled beyond security policies and ADP?
-
How to monitor a endpoint for service/port traffic?
Hello, I was wondering how we would go about this. I have a client that I am auditing outbound traffic for (I am creating a security policy to prevent unapproved outbound traffic). I would like to start by analyzing the outbound traffic and see what is currently being used. I can kind of do this by going to monitor→Traffic…
-
E-mail alert format
Hi, The alert emails from the firewall (USG500 Flex) are unreadable (see below). How can I format the message? I want this vertical format (or any readable solution): No: 1 Date/Time: 2025-02-12 13:43:47 Category: secure-policy Priority: alert Source: 1.xx.xx.xx:27181 Destination: 212.xx.xx.xx:7523 Note: ACCESS BLOCK…
-
NIS2 - HowTo
Hi everyone, I need help configuring Zyxel devices in accordance with the NIS2 directive. I am familiar with the general principles of this directive, but I lack detailed information on: How to properly configure Zyxel devices according to NIS2? What elements should be included in security reports? Which vendors are best…
-
Need Help USG Flex 100 VPN mac and Windows
Hi there. Current have a client with USG Flex 100. That client is using L2TP/IPSec to connect with Windows 10 clients and iphones. SSL clients paid version to connect with macs. But now macos 15 is not compatible anymore with SecureExtender. How can i configure IKE2 protocol to work in OS15 but dont messup iphone and…
-
ZyXEL SecuExtender on Mac OSX Import Certificate greyed out
I have to install vpn client on a MAC, but if I want to import the (selfsigned) certificate (PEM → User certificate → certificate.crt) the OK button stays greyed out. On WIndows SecuExtender never had this problem. What am I doing wrong?
-
Bug report - DHCP table
I wish to report a display bug in the DHCP table display. Hardware: USG20W-VPN (USG Flex 50W) Firmware: V5.39(ABAR.1) Severity: Cosmetic See attached image - all timestamps for "Last Access" are identical to the second. Even though half the listed devices were powered down minutes or hours before the page was loaded.…
-
Can We Influence Client Routing Behavior With Zyxel L2TP or Other VPN?
Back in the day, when Apple had a server product, a number of my clients used its L2TP VPN feature. One of the features of this product was the ability to provide routing configuration information to the VPN clients, telling them which traffic to send over the VPN and which to send via the normal ISP. Is anything like this…