-
Zywall 310 update a certificate
I need to update the certificate because it's expiring, the new certificate is the same as the old one except for the expiry date. If I try to upload it says to me it already exists. I deleted the old certificate and deleted it in all the services linked but I still have the error -17018 PKI certificate already exists How…
-
Zyxel USG Flex H series - How to configure route from VPN client (Site A vpn server) to Site B
Hey dear community, can't figure out how to configure this scenario Site A - Zyxel USG 100H series (configured Remote Access VPN for client, configured Site to Site VPN from site A to site B) Site B - Zyxel USG 100 series (configured Site to Site VPN from site B to site A) Site to site VPN works perfectly in both ways.…
-
USG Flex IKE v1 VPN connection to Fritz!Box
Hi! First post as the community and the help posts have been very helpful throughout the past years. We do have a setup with an USG Flex on our company site. Due to lack of time we didn't implement network segregation in the past and it was configured recently. The USG would provide multiple interfaces (most of the virtual…
-
IPSEC VPN behind a NAT
I am try to setup an IPSEC VPN, between and USG 310 and USG 20W. But the USG 20W is behind a NAT, because the internet provider give the service behind a NAT. I try to setup but even in the NAT Traversal flag is on I cannot make it working. Below the logs, do you you have any suggestion? No. Date/Time Source Destination…
-
Create policy rules VPN Access for different Geolocations
A client has 2 IPSEC VPN USers: 1 works from Belgium, other 1 from USA He wants the useraccounts only to work from their own region. So I create 2 policy rules WAN → ZyWALL, IPv4 source GEO_BELGIUM, Service IKE and User: belgium ext-group-user(AD User!) WAN → ZyWALL, IPv4 Source, GEO_USA, Service IKE and User: USA…
-
CDR Testing
Hello, my first post in this section… We want to setup CDR for customers, but first want to get familiar with it, and find out how we configure it, it does what we want. Is there a method to test it? Like download some (innocent) files but files what triggers CDR? I know Microsoft has some test files, but do they trigger…
-
I have a question about an IPSEC with VTI.
I have a question about an IPSEC with VTI. I have two routers (USG FLEX 700H AND USG FLEX 500) with dual wan I have made an IPSEC from ROUTER-1 WAN 1 to ROUTER-2 WAN 1 I have made an IPSEC from ROUTER-1 WAN 2 to ROUTER-2 WAN 2 Remote LAN Router 1: 192.168.100.0/24 Remote LAN Router 2: 192.168.1.0/24 Router 1: VTI1(via…
-
IP range
On the Flex 200 firewall, can I increase the IP range from 254 to 512 leaving the same current network submask, in this case 255.255.255.0? Is there a possibility to increase my IPs without changing the submask?
-
Device error, Wrong CLI command, device timeout or device logout.
Since this morning I get the above error when I log on to the Zyxel USG Flex 200 via the web interface. And the web display is empty, nothing can be displayed or operated. What can I do to resolve this error?
-
SecuExtender connecting to site which connects site to site
Trying to configure Remote vpn to site which connects to site to site so both sites can be reached by remote vpn. Configured a site to site VPN, then configured remote to site. created policy route to send traffic from remote vpn to other site connected to connecting site but traffice isn't going through. Contacted support…
-
Wireless Controller Issues on Recovery Firmware?
Hi, I have an ATP800 which had to go to the recovery firmware. It was being used as the controller for a WAX620D-6E prior to the recovery, but it no longer shows up in the management AP list afterwards. I've tried the standard steps of rebooting both devices, as well as resetting the AP. The ATP800 can ping the AP without…
-
How to add static routes to macOS IKEv2 VPN
Hello, Our users are accessing internal's network via a client-to-site IKEv2 VPN (using native clients both on macOS and Windows). On windows, we can configure a temporary route in the installation script that will redirect all "work-related" LAN to the IPSec tunnel. Unfortunately, we haven't find a way to do that on…
-
Replace ATP200 with other ATP200
HI, I need to replace an ATP200 with another ATP200. How to keep the same configuration? Is it possible to download startup.config.conf and load it onto the new one without reprogramming all the functions? THX Carlo
-
USG FLEX 500 and Two SUBNET Interface
I have a zyxel USG FLEX 500 firewall with lan1 interface (192.168.0.230 - DHCP managed by Active Directory) lan2 interface (192.168.33.230 - DHCP Disabled). Any machine I set in the second subnet can only communicate with the firewall and has no internet. What configuration did I forget?
-
ATP 700 showing wrong CLI command when trying to login
Has anyone had an issue with an ATP700 not logging in it just times out and then shows an error of wrong CLI command, device timeout or device logout. Its on the latest firmware since November is in standalone mode and disconnected from SecuReporter but is passing traffic fine. No ports open on the WAN appart from ICMP.…
-
PMS hôtel intégration with UAG5100 for Billings
Sir, good evening, please, how to interconnect our zyxel UAG5100 router with our hotel management PMS? After installing our PMS, we will need your API for interfacing. Could you please send us it for download? thank you in advance
-
Client VPN access to site A and B
Hi I am trying to create a senario link the one in the picture. Now: VPN Client can connect to Site A and access local resources. Site to Site VPN between Site A and Site B is working. I want users on VPN Client to be able to acces both Site A and Site B, througth the Site to Site VPN. How to do that?
-
IPSEC Secuextender IkeV2 not working in MacOS
Hi, all. I hope my question wasn't already answered: I took a look around but didn't find it. If so, please excuse me. Back to the topic, as per subject, we're trying to connect to a IPSEC VPN via MacOS. We used the way by getting configuration from server, giving IP and credentials. Configuration went well and we got the…
-
ATP500 and rekey time in phase1 for ipsec VPN tunnels
Hi I have a IPSEC tunnel, the other side is a Sophos device. We have intermittent disconnections and the Sophos guy says that it's due a bad rekey time. The remote log shows: "Received IKE message with invalid SPI" They have the tunnel configured in Phase1 for SA LifeTime of 10800s with a re-key margin of 360s, but I can't…
-
usg60w wifi and lan1 > a customer wiped one of their remote office routers
After a cable outage, the customer not only power cycled everything but used a point to hard reset the router. They use wifi to update handheld tablets for delivery drivers. I used the wizard to set up the wifi but it shows on the home/monitor screen as being on lan1 but in expert mode it shows outgoing interface lan2. Can…