-
I'm Insane: Bought another USG FLEX H expecting better
Seems I am a glutton for punishment… Upload a config file that has an error (adding address objects vs. the Web UI) the device will factory reset and you have to start the setup all over, the firmware re-downloads (already on the latest) and start over. No option to revert like previous. Additionally there is no log to…
-
Issue with File Transfer Speeds using an ATP800
Hello, I have a question about performance with regard to an ATP800. The question is due to only getting file transfers speeds of about 40 MB/s on the network. In looking into this, the weak link appears to be the uplink to the ATP. We have 10G fiber throughout the company connecting all the switches and speeds on the same…
-
SSL VPN Guide
Hi, We have many customers using Flex series firewalls and we have configured L2TP VPN using windows client. Now it seems that L2TP is deprecated and would be better to find modern solutions. I have tested IkeV2 with windows client and it works, but I'd like more streamlined solution like fortinet and other firewall…
-
USG 500 - Act as stand alone Radius server - eliminate external Radius Server possible?
Can the USG 500 Firewall be its own radius server? All articles point to it working with an external Radius server. Is it possible to eliminate the external Radius server and have the USG 500 handle the 801.X authentication by itself, thus eliminating the need for an external Radius server?
-
USG LITE 60AX and IPv6 support
I have an AVM FRITZ!Box 6890 LTE that worked marvellous with both IPv4 + IPv6 on a German Telekom VDSL incl. port forwarding and am quite shocked that our new USG LITE 60AX does not seem to support IPv6 to the internet or even DNS forwarding. nslookup anysite.xy is not answered but ping is working, however only with IPv4.…
-
port forwarding problem
I have a USG Flex 500 and if i connect a server behind this device i noticed that several ports won't open while i did setup this up in NAT and policy control. If i connect the server directly on the internet without the Flex 500 in between then i don't have any problems and all the necessary ports are open.
-
Problems with the content filter ATP100
Hello, I'm from Russia. Knowing that many security services are not working, I set up a VPN with a European server a year ago to use security services. Today, I discovered that they have stopped working. I think the server has changed. It was rest.gtiservice.trellix.akadns.net. Can you tell me the current address to enable…
-
WAN and VLANS
Hey everyone, how are you? I need some more help. Look, I have two WANs, WAN1 and WAN2, and I also have two VLANs, VLAN40 and VLAN50. VLAN40 goes through WAN1, and VLAN50 goes through WAN2. I'd like to create a rule that when WAN1 goes down, VLAN40 automatically switches to WAN2, and when it comes back up, VLAN40 returns…
-
IKEv2 fragmentation support in ATP firewalls
Hi everyone, I have a weird problem setting up an IKEv2 VPN on a ATP firewall using a self signed certificate from the same ATP. Some users from some places can connect to the IKEv2 VPN and some others from other places don't. All client are using the same Windows build. I think the problem have to do with the IKEv2…
-
VPN routing between three sites with new H series and legacy Flex and third party firewall
Hi! Scenario, where we have site-to-site tunnel between site 1 (USG Flex 200) and 3rd party site. Now we would want to have vpn-connection from new site 2 (USG Flex 50H) to 3rd party site via site 1. With two USG FLEX firewall's this routing is possible with Policy routes. I have tried similar setup, so that between site 1…
-
SSL VPN SecuExtender Retirement / Licenses for IPSec SecuExtender needed?
Since the SSL VPN SecuExtender Client will be retired soon (or is already retired?), we have to seach for an alternative. The Windows build-in IKEv2 Client works so far with our USG 700 Flex and could be used, but is not so comfortable for us due to different reasons. Does Zyxel offers limited IPSec SecuExtender licences…
-
DHCP Option 61?
Hi all, Is there any way to set DHCP Option 61 on a USG Flex 100H
-
Flex 200 to 100H Migration
Hello! Attempting to migrate from a Flex200 to a Flex 100H, I've encountered a few problems. No template migration. This is a big one, there is not any ability to define multiple peer gateway addresses in an IPSEC tunnel. I needed this feature in the Flex 200, and it was there. I wanted to use Nebula with the 200, but I…
-
Windows server AD trough IPSec VPN
Hello, We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side. In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on? Many thank's L.
-
Problems with "non-default WAN IP address" and domain name in VPN gateway setting.
Hi all, I have a Zyxel USG FLEX 500. I have public IP addresses in the range 8.14.19.210/255.255.255.240, the default public IP address of the USG is 8.14.19.210. How to properly set up VPN on a "non-default IP address"? What I have described below works for me, but is it correct? If I want to set up VPN so that clients…
-
Does USGFLEX100AX support software VPN clients?
The last step in choosing my equipment upgrade is whether it supports software VPN clients like OpenVPN. This device is already recommended for my VOIP system; but I need to know I can easily connect devices remotely and without additional hardware.
-
Legacy firmware for Zywall USG 200
Hi, I'm trying to upgrade the firmware from version 2.20(AQU.1) to the latest 3.30(AQU.7) I tried to upgrade directly to the latest version but I get the error that says the firmware is not compatible, I was looking for the intermediate versions but are not available anymore from the site ftp.zyxel.com. there is a way…
-
Problemas na configuração de HA com firewalls FLEX 500
Implementamos um cenário de Alta Disponibilidade (HA) utilizando dois firewalls Zyxel FLEX 500. Durante os testes de failover, observamos que as configurações se perderam no equipamento passivo. Tentamos realizar o reset do firewall passivo para que ele sincronizasse automaticamente com o primário, porém não tivemos…
-
DNS settings for the second-level domain.
Hello everyone, Can you please help me with DNS settings? We have www pages on the Internet on the domain contoso.com. If I enter www.contoso.com in the browser, the browser is redirected to contoso.com (the page are then, for example, https://contoso.com/about.html). This works for me at home and on my mobile, but it does…
-
change rule via cli
Dear all, my name is Heimo and this is my first question. I am not a Firewall specialist and so i changed a rule (webinterface from LAN) unintentionally from allow to deny and so I am not able to access the web gui. For this gui my knowledge is ok. Does anybody know how to change a secure-policy of a FLEX-100 from deny to…
