-
Should I enable IP/MAC binding on ISP interface?
Should I enable IP/MAC binding on ISP interface?What are the pros/cons?
-
USG FLEX 100 does not receive DPD_ACK from remote linux client l2tp
Hello, any help solving the below problem is appreciated 1. usg flex 100 <->nat<->internet<->nat<->android 10 client (working) 2. usg flex 100 <->nat<->internet<->nat<->ubuntu 20.04 client (not working) 2.a. symptoms: 2.a.1 R_U_THERE (DPD) from usg flex 100 are received and answers are send (but never received) Oct 10…
-
USG 1100 - DHCP issue - stops serving IP addresses
I have a USG 1100 running v4.35 which is providing DHCP for the configured lans and vlans. Most of the devices on the lans and vlans are set up with IP/Mac binding so that they are always assigned the same IP address. Periodically (4 times in the last 48 hours) the USG 1100 stops serving IP addresses. When this happens no…
-
which one to choose?
could you give me a hand for a quote to do for a customer relating to a firewall that performs the following functions: - 2 separate LAN IPs (LAN1 x OFFICE SWITCH 192.x.x.x and LAN2 x GUEST SWITCH 122.x.x.x)
- 2 WAN with load balancing or bonding and failover backup operation (WAN1 x FIBRA ESTRA proprietary router not…
-
How to analyze IPv6 issues on Zywall
My Zywall is behind a cable modem (home network router) provided by the ISP. The cable modem has hardly any configuration options, but supports IPv6.If I connect a device directly to the cable modem, it gets an IPv6 address and "everything" works. The cable modem has the IPv6 prefix 1234:5678:9abc:def00::/56 (IP addresses…
-
How to debug IPv6 Issues with Zywall 100 (duplicate post)
My Zywall is behind a cable modem (home network router) provided by the ISP. The cable modem has hardly any configuration options, but supports IPv6.If I connect a device directly to the cable modem, it gets an IPv6 address and "everything" works fine. The cable modem has the IPv6 prefix 1234:5678:9abc:def00::/56 (IP…
-
Can't connect L2TP VPN
Hi everyone, i have a atp 500 firewall. There is an L2TP configuration made by xyxel distributor. Genarally i have no problem but some clients can not connect with l2tp. I 've tried deactive client's firewall, network protection and antivirus program but this is not helped. I can access to my local using l2tp with same…
-
L2TP VPN saved credentials connects...not saved disconnects
Our L2TP VPN connection connects when the user saves their user credentials through Windows VPN client. If they don't have VPN credentials saved and wait for windows to prompt, by the time the user enters credentials the VPN has disconnected. -----------------------------------------------------------------------…
-
Can't Access Opposite Web Interface Across Site-to-Site VPN
Hello. We have a Site-to-Site IPSEC VPN set up between two sites. From either site we can access all resources (eg. computers, servers, APs), but we can't access the web interface of the opposite side's ATP via its internal IP. The connection simply times out and we don't see anything listed in the logs. However, we can…
-
SSL Inspection question (iPhone iOS 16)?
Hi. I've been experimenting with SSL Inspection on my iPhone (iOS 16) and it seems to work most of the time (traffic is being inspected as it should be). But some apps like Apple App Store, banking apps, national ID apps, home security apps and so on always seem to have an "untrusted certificate chain" flag when checking…
-
Zyxel USGFLEX 200 problem with two PPPOE
Zyxel USGFLEX 200 problem with two PPPOE connections, I have a message like in the attachment. What am I doing wrong that after 1 minute disconnects # 1 or # 2
-
Problem ssl vpn client
Good morning,on an atp 500, firmware V5.30 (ABFU.0), i configured a ssl vpn connection.On the various PCs I have installed the ZyWALL SecuExtender client.It happens on many stations that at a first connection everything works, in subsequent connections it is not possible to connect in vpn. Uninstalling ZyWALL SecuExtender…
-
Destination unreachable on DHCP renew bug
VPN300
V5.31(ABFC.0)ITS-22WK31-r104914 Start by a capture of a
interface set to DHCP then disable/enable interface all is fine then
go the monitor > traffic statistics > Interface Status and
click renew for the interface now every time it does a request a ACK
happens but the VPN300 send a ICMP destination unreachable…
-
IPsec IKEv1 with user authentication
Hi Support, I'm facing an issue with setup of an IPsec VPN on my USG20-VPN device at version 5.31 I'm using with success a IKEv1 tunnel only with the Pre-shared key authentication from SecuExtender IPsec client. But, when I try to adding an authentication level with username+password the tunnel doesn't connect as expected.…
-
USG 40 throughput
Hello, I am running a small network with USG 40 (no wifi). I recently increased the ISP WAN speed from 100M/10M -> 250M/50M. However, I can get only 110 Mbps throughput with the USG. If I connect a laptop directly to the WAN (bypass the USG40), I get full 250M throughput. I searched from the forums and discovered that…
-
How i can block VPN Hotspot
I have an issue, I configured to block some applications such as Youtube and Facebook on my Zywall, but some users installed the VPN software and they can access those websites normally. How can I block the VPN program?
-
USG-60 - On VPN SSL I have "Error 0x800b0109 authenticating server credentials! (0x0)"
Hi As in subject, followed all instructions found here with no success. If I reboot USG it works fine and for some days everything is fine but after a while if I try to reconnect I get error again Is there a way to solve this? Best regards…
-
Windows 11 and securextender frequent disconnects
Having major problems with having a stable connection on a Windows 11 pro laptop. Have disabled wifi and using ethernet only. Connection disconnecting after 2 minutes almost every time using a BT router, continuous ping which is sub 6ms and a 30+ broadband connection. Have re-installed client, rebuilt laptop, disabled AV…
-
Why doesn't Content filter block adobe.com on USG20-VPN?
Have a customer with a USG20-VPN with content filter subscription. They have computers on a strict whitelist only policy. There's only 24 websites on their Trusted Websites. Putting *adobe.com and *.adobe.com in the Forbidden sites doesn't block it either. I also setup the same content policy with DNS content and there's…
-
Enable IP/MAC Binding and DHCP Enforcement
So what I get is a client in the list doing DHCP will get the IP listed and should a client not doing DHCP thats in the list for an IP is allowed. But the way I read DHCP client not get DHCP IP from this firewall that the client doing DHCP thats not in the list should not get a IP? but does and is allowed? maybe a option…
