-
Zyhel
Hello, I need help configuring L2TP/IPSec VPN on Zyxel USG FLEX 100. Problem description: I configured L2TP VPN via the Quick Setup Wizard for remote access. Using Windows 11 client, authentication method PSK. When connecting, Windows shows: "The L2TP connection attempt failed because of a security layer error occurred…
-
Problem with VPN Configuration of USG Flex 100
Hello, today I tried to set up VPN access for my iPhone and my Windows PC on my new USG Flex 100 firewall. I used the Wizard and selected the L2TP connection. After that I downloaded the profiles and installed them on my iPhone and my Windows laptop. The iPhone connected successfully, but the Windows PC did not. I get the…
-
USG Flex 100 refusing to connect to a Virgin Hub 3 via DCHP and static IP
Apologies if I've missed an answer to this elsewhere, however being relatively new to networking, a lot of the terminology is new to me. Essentially, I have a single USG Flex 100 connected from P2 into a Virgin Hub 3. The hub is in it's default configuration so it's address is 192.168.0.1, wireless is disabled as I also…
-
Why is the logfile full of source IPs which are mapped to the wrong countries?
I have an USG firewall, the logfile is full of source IPs which show the wrong country of domain registration / origin. When I look these IPs up with different tools, they may show different partially incomplete or even wrong answers, that is true as well. But using specific tools, the answer is correct. I refer to IP…
-
ssl vpn to dynamic ipsec
Computer conneted with SSL VPN to Zywall USG in Head office can not ping device in remote office via Dymaic site to site IPSec between Head and Branch office, but it works if I configure "ordinary" site to site IPSec. How can I fix it?
-
I'm Insane: Bought another USG FLEX H expecting better
Seems I am a glutton for punishment… Upload a config file that has an error (adding address objects vs. the Web UI) the device will factory reset and you have to start the setup all over, the firmware re-downloads (already on the latest) and start over. No option to revert like previous. Additionally there is no log to…
-
Issue with File Transfer Speeds using an ATP800
Hello, I have a question about performance with regard to an ATP800. The question is due to only getting file transfers speeds of about 40 MB/s on the network. In looking into this, the weak link appears to be the uplink to the ATP. We have 10G fiber throughout the company connecting all the switches and speeds on the same…
-
SSL VPN Guide
Hi, We have many customers using Flex series firewalls and we have configured L2TP VPN using windows client. Now it seems that L2TP is deprecated and would be better to find modern solutions. I have tested IkeV2 with windows client and it works, but I'd like more streamlined solution like fortinet and other firewall…
-
USG 500 - Act as stand alone Radius server - eliminate external Radius Server possible?
Can the USG 500 Firewall be its own radius server? All articles point to it working with an external Radius server. Is it possible to eliminate the external Radius server and have the USG 500 handle the 801.X authentication by itself, thus eliminating the need for an external Radius server?
-
USG LITE 60AX and IPv6 support
I have an AVM FRITZ!Box 6890 LTE that worked marvellous with both IPv4 + IPv6 on a German Telekom VDSL incl. port forwarding and am quite shocked that our new USG LITE 60AX does not seem to support IPv6 to the internet or even DNS forwarding. nslookup anysite.xy is not answered but ping is working, however only with IPv4.…
-
port forwarding problem
I have a USG Flex 500 and if i connect a server behind this device i noticed that several ports won't open while i did setup this up in NAT and policy control. If i connect the server directly on the internet without the Flex 500 in between then i don't have any problems and all the necessary ports are open.
-
Problems with the content filter ATP100
Hello, I'm from Russia. Knowing that many security services are not working, I set up a VPN with a European server a year ago to use security services. Today, I discovered that they have stopped working. I think the server has changed. It was rest.gtiservice.trellix.akadns.net. Can you tell me the current address to enable…
-
WAN and VLANS
Hey everyone, how are you? I need some more help. Look, I have two WANs, WAN1 and WAN2, and I also have two VLANs, VLAN40 and VLAN50. VLAN40 goes through WAN1, and VLAN50 goes through WAN2. I'd like to create a rule that when WAN1 goes down, VLAN40 automatically switches to WAN2, and when it comes back up, VLAN40 returns…
-
IKEv2 fragmentation support in ATP firewalls
Hi everyone, I have a weird problem setting up an IKEv2 VPN on a ATP firewall using a self signed certificate from the same ATP. Some users from some places can connect to the IKEv2 VPN and some others from other places don't. All client are using the same Windows build. I think the problem have to do with the IKEv2…
-
VPN routing between three sites with new H series and legacy Flex and third party firewall
Hi! Scenario, where we have site-to-site tunnel between site 1 (USG Flex 200) and 3rd party site. Now we would want to have vpn-connection from new site 2 (USG Flex 50H) to 3rd party site via site 1. With two USG FLEX firewall's this routing is possible with Policy routes. I have tried similar setup, so that between site 1…
-
SSL VPN SecuExtender Retirement / Licenses for IPSec SecuExtender needed?
Since the SSL VPN SecuExtender Client will be retired soon (or is already retired?), we have to seach for an alternative. The Windows build-in IKEv2 Client works so far with our USG 700 Flex and could be used, but is not so comfortable for us due to different reasons. Does Zyxel offers limited IPSec SecuExtender licences…
-
DHCP Option 61?
Hi all, Is there any way to set DHCP Option 61 on a USG Flex 100H
-
Flex 200 to 100H Migration
Hello! Attempting to migrate from a Flex200 to a Flex 100H, I've encountered a few problems. No template migration. This is a big one, there is not any ability to define multiple peer gateway addresses in an IPSEC tunnel. I needed this feature in the Flex 200, and it was there. I wanted to use Nebula with the 200, but I…
-
Windows server AD trough IPSec VPN
Hello, We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side. In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on? Many thank's L.
-
Problems with "non-default WAN IP address" and domain name in VPN gateway setting.
Hi all, I have a Zyxel USG FLEX 500. I have public IP addresses in the range 8.14.19.210/255.255.255.240, the default public IP address of the USG is 8.14.19.210. How to properly set up VPN on a "non-default IP address"? What I have described below works for me, but is it correct? If I want to set up VPN so that clients…
