-
Zyxel USG 100
Hello, How to solve issue Cli Number :0 Error number: -2 Error Message: Not connected to ZySH Daemon Best regards
-
USG 210 - weird behaviour during WAN failover
Hi community, this is my first post here. I'm playing with a Zyxel USG 210, I'm trying to configure properly the WAN failover feature. We have 2 WAN connection, WAN1 is pure ethernet with static IP, WAN2 is a PPPoE connection over VLAN 100, which parent's interface is WAN2. Connectivity check is also enabled on both WAN1…
-
USG20-VPN -> Security policy -> Default rule
Hi there, We own a USG20-VPN running as our gateway-firewall with the wan-nic connected to the Internet. Checking the configuration we've found something i (hope) don't understand. What looks to me like the default (catch-all) rule is set to "Allow"…(see image) but i was expecting to find it set to "Deny" ! There is…
-
Routing between Lan1 and Lan2
Hi I have a USG200, appreciate it's an old unsupported product, but it's at hand so hopefully I can use it to do what I need. Have 2 networks, Lan1 172.16.20.0/24 and Lan2 192.168.50.0/24, set ports 4 and 5 to LAN1 and ports 6 and 7 to LAN2. Lan2 comes from a broadband router it's gateway is 192.168.50.1. Lan1 is a…
-
ZYWAL ATP700 so that it sees MikroTik's subnet
Hello, I wanted the ATP700 to see the MikroTik subnet and to show up in the logs. Well, I can't set up static routing either, I've tried, but somehow I'm not sure if I'm making a mistake. Help me solve this problem.
-
for USG20W-vpn:Device error, Wrong CLI command, device timeout or device logout.
Where/How does one acquire the necessary cable(s) to connect my Windows laptop to my router? What application am I using to connect, PUTTY? Is there a Link to solution/instructions?
-
IPSec VPN Client-To-Site IKE2 50H behind NAT
Hi all, it's my first time on new firmware, I'm trying to create a IKE2 IPSec behind nat. I've tryed all config but always error. Please advice. WAN1 10.20.30.2 LAN1 10.10.10.X VPN Address Pool : 192.168.50.0/24 on log file you can read all my try. Please let me know. Thank you very much for your help. Bye…
-
Delete Device/Account
How do you remove a device and account from Zyxel?
-
"network client" interface in "Easy Mode" not working (USG40W) - bug
when logged into the USG40W, and when in easy mode, if I click in the window "network client" on the "menu" icon (upper right corner, see image below), then it starts saying "loading" and nothing happens (forever). See image below: I have to reload the page in the browser, to get rid of the "loading" sign (otherwise I am…
-
IPSec VPN certificate expires soon- how do I (re)create a valid certificate directly on the USG?
I have an USG20W-VPN firewall. My IPSec VPN certificate will expire soon. How do I create a valid new certificate for the VPN part? I have seen the instructions when using Nebula, I do not use that. How can I do that directly on the firewall? Thank you.
-
User can't login with Firmware 5.40
Updated firmware this morning and since then users authenticated by ad can't login. I've tested the ad connection and everything is fine. During logon the ad log show that the user has been successfully logged in, but the Zyxel USG Flex 700 login page just shows login denied. Login with a local user is working. Tried to…
-
How to route router (fw) traffic via LAN IP to IPsec VPN.
Hello, I have a IPsec tunnel between Zyxel USG Flex 100 and Fortigate 301E, everything works fine but one thing. I need to send Zyxel syslogs to device at Fortigate network. When I try to ping in zyxel console the device the ping fails. When I specify Zyxel's LAN1 IP as a source it works. So in default the zyxel uses WAN…
-
Cannot send mail to two-factor authentication for SSL VPN
Hi, I would like to use two-factor authentication for SSL VPN access but from the logs I see this error and I can't understand what I should do. Thanks Max
-
ZyWALL SecuExtender end of life. How connect to VPN?
Hello we have a USG FLEX 200, how can i connect to vpn without pay a license for it? For example fortinet give a client (forticlient) for free and update it Thanks
-
USG Flex 200H: ipsec vpn - peer gateway BACKUP address
I have a question. On our old USG 310, we were able to set up a primary and a secondary IP address for the IPSEC VPN "peer gateway address." It's now missing, and I don't know why. Is there another solution for a fallback? I couldn't find. Thank you for your help!
-
USG 20 VPN it freezes, the vpn stops working
I have a site-to-site configuration in location A there is USG 20 in location B USG 20 After about 24-48 hours of work, the USG20 hangs in location A and B. The VPN stops working, you can't log in to the USG 20 in location A and B. (but the login page shows up but doesn't log in), but the internet still works, as does the…
-
Change certificate of a managed AP?
Is it possible to add a new certificate to a AP (WAX650S) managed by a USGFlex200? When I'm connecting direct to the AP, I will get a “not secure” message of the browser. I have added the cert and give the rights, but the browser says: This server could not prove that it is 192.168.xxx.xxx. Its security certificate is from…
-
USG FLEX 500 behind other firewall - no IPV6 routing
Hi, I´m trying to set up my USG Flex 500 that is situated behind an OPNsense firewall. I went through several manuals and tutorials but I couldn´t figure out how to set it up right. The ISP is providing Dual Stack (shared IPv4 + IPv6). The OPNsense is used to provide internet for 2 seperate company branches. Branch 1…
-
Migrated to Flex 500, but having problem with sending email from mail server to GMAIL addresses
Hi, we have migrated our working firewall from USG310 to new Flex 500 and we are using internal Mail Server. If we use old USG310 instead everything works fine without any problems even to GMAIL addresses and MXToolBox gives green light on all of their tests. Also we have added to our DNS records everything that Google…
-
ZyWall110 to ATP200 conversion
Hello, I have to replace the Firewall at a customer. He is using a Zywall110 with many different settings. The conversion tool can not convert from Zywall110 to ATP200. So do I have to copy the settings one after another by hand or is there an other option to convert the whole configuration at once? Hope anybody can help…
