-
configuring remote access vpn
When i try to configure an remote access vpn, i get this error: There were errors saving this configuration. ERR_LOCAL_CERTIFICATE_NAME_UNEXIST any ideas?
-
Interface Rate Limiting UDP gets high! Priority with or without BWM
V1.37 Its great that Interface Rate Limiting has been added works on interfaces of a bridge but you must remove them to set the rate limit to add them back which is fine. Too bad you BWM for Transparent Bridge interface as listed in notes plus no FQDN support for BWM yet. Back to this problem when you set a Egress limit on…
-
Interface Connectivity Check and Policy route Connectivity Check don't work together
USG FLEX 200H V1.37(ABWV.0) I think I posted this bug for ZLD too so time ago... so the FLEX200H is downstream of another USG that you block traffic of the Connectivity Check to cause this to happen. So on a WAN interface of the Connectivity Check Method ICMP Period 5 Timeout 1 Attempt 2 and some IP Then on a routing rule…
-
Load a backup configuration file to a different device
If I have two 700H devices, both with the same firmware version. Can I export the configuration file from the "live" firewall and load it into the "backup" firewall without issue? I read about HA devices and that wont work in the current environment, I have limited fiber to the remote switches, both can not be connected to…
-
SSL VPN I can't ping client on LAN network
I configured an SSL VPN with a standard IP pool: 192.168.51.0/24. I use OpenVPN as my client to connect, and the connection is established correctly. However, if I try to ping a client on the network, for example, 192.168.168.10, I get no response. However, if I ping the IP 192.168.168.1, it responds correctly. I can't…
-
VPN Ike2 + 2fa auth page unreachable
Hi all, I'm trying to troubleshoot a VPN remote access issue with 2FA. (Google Auth.) My scenario: 2 Flex500Hs in HA Pro (Fw 1.35) and 30 remote users. The VPN is an IKE2 remote access + 2FA, and the authentication web page is 192.168.168.1:20443. The native Windows client is configured on each device. Issue: Randomly,…
-
uOS V1.37(ABXF.0) - BWM does not allow for 'any' as an interface
Hi, I believe this was a feature in the legacy USG series firewalls, but doesnt seem to be the same on the H series. I read the following guide on setting up BWM for VOIP traffic QoS: https://mysupport.zyxel.com/hc/en-us/articles/360010431759--ZyWALL-USG-How-to-configure-BWM-QoS-on-Zyxel-firewalls It suggests that…
-
Zyxel USG700 zabbix monitoring
Dear All! I want to monitor my new usg in zabbix, i saw that mib are available for it, but for zabbix i didnt found a proper way to install them, if i try to import then i get an error. Do you have some trick to do this? Thank you for your help! bolvar
-
Dial Remote VPN from internal network
How can I get Remote VPN to work from a local network? I have users with laptops that dial remotely and it works fine. Sometimes they bring their personal laptops into the office and connect to the guest network. Rather than set up specific DMZ/low trust type wifi network, I'd like for them to be able to dial the VPN from…
-
FQDN object is broken, does not return IPs most of the times.
Objects→Address→FQDN is querying IN ANY instead of being more specific like A, AAAA, etc. Many DNS providers do not respond to ANY queries, or only return a subset of records, because of their misuse in DNS amplification DDoS attacks, hence results are broken. Example of truncated result: Trying "dns.cloudflare.com" ;;…
-
SecuExterner - Strange name in config file
Hello everyone, this is just a personal curiosity regarding file naming in SSL VPN Zip file. As per this post I download the config archive from a 50 H firewall: And I see that inside the Zip file there are 2 items: And inside that folder there is a file with SecuExterner name: Is this a typo?
-
USG FLEX 500 H V1.37(ABZH.0)
Hello, I'm looking for the CLI command to create a new interface ge5 for example ? I'm also looking for the CLI command to remove a port (p10) from interface ge4 and finally, I'm also looking for the commande to remove an existing interface, for example ge2. I looked at this guide :…
-
IPSec VPN Site-to-Site behind router
Hello sir or madame, this is my problem. I have 3 buildings with 3 distinct types of connection: [home]#A Router#A FRITZ!Box 4040 (OS 08.03) connected to ONT Router#1 - IP 192.168.198.60 DHCP server Local Area Network 192.168.198.0/24 FTTH connection [company]#B Router#B FRITZ!Box 7560 (OS 07.30) connected to ONT IP…
-
DNS cookie...and this system...
This really is something else you got going on with all the root and TLD servers. So to bring everyone upto speed Zyxel have a system where your WAN interface links up to Nebula and does this in such a way that if you have two WAN and you try to force Zywall to use a given WAN you get blocked because Nebula was expecting…
-
Tailscale Exit node broken after V1.37(ABWV.0)
Hello just upgrade my USG Flex 200H to 1.37 today. Tailscale is no longer able to be seen as available as an exit node on my clients. The devices is reporting as offline even though no setting other than firmware was applied. I logged into the the tailscale web site and it is reporting that it was last seen right before…
-
USG Flex H series - Remote VPN no longer works since v1.36
I have upgraded a flex200H to 1.36 and now remote VPN via windows client no longer works as intended. It seems to be a routing issue as the VPN will connect and i can access and ping the USG but no local resources. Split tunneling also does not work so I have a VPN that can only access the USG and nothing else. There have…
-
A small thing, but very irritating - USG FLEX 200H
When the device configuration backup is set, after each device update to a higher version, the same with 1.37, the last backup files before the update are deleted and suddenly files from several months earlier appear that were not visible in the window before the update, e.g. from September 2025.
-
1.37 - Wrong Remote Access VPN Batch file script
Hi, this relates to a USG Flex 100H with the current V1.37 firmware. I've just setup Remote Access VPN and I used the download option for "VPN Configuration Script Download". I've used the windows batch file script to create the VPN connection. There is a syntax error in the generated batch file script related to split…
-
Remote vpn and mfa
We made a Remote access VPN connection for the customer using the native Windows VPN client. We also put a VPN on top of MFA. MFA only supports local users. The user needs Google Authenticator to use it. Is the only way to get the user a QR code for the authenticator, that the user logs in inside the firewall and scans the…
-
1.37 uOS - Gold Security Pack trial does not apply to H series
Hello everyone, as you can see I activated a Gold Security Pack trial linked to a site where I have a 100HP with 1.37 onboard: But Nebula shows me: So checking its licenses it seems to me that the Nebula update does not accept trial for updated H series: How can I fix that?