USG 110 / VPN Configuration Provisioning not working

mrwee
mrwee Posts: 40  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited March 2023 in Security

Hi,

I'm trying to get this to work on a USG110. Setting up an IKEv2 tunnel works fine, but the Configuration Provisioning does not.

I've configured the port for e.g. 448 or 4433 and configured a matching Security Policy allowing these ports to go to ZyWall itself.

But it doesn't work. on an iPhone, using Safari the page is blank, same device with Firefox (just to test), I get

"Forbidden", "You don't have permission to access this resource". The 'www setup" is set to use other ports than those I've tested with.

The log shows the traffic flowing fine to the USG ("ACCESS FORWARD")

What am I doing wrong?

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    edited June 2023 Answer ✓

    Hi @mrwee

    Currently, this VPN Provision Port feature is used for IPsec VPN client only, as below:

    VPN provision get.png
    VPN IPsec client provision.png

    If the iPhone's Safari browser needs to download the VPN Provision file still needs to use the Web-GUI access port.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    edited March 2023

    Hi @mrwee

    Thank you for your inquiry. Could you please provide us with the remote Web-GUI link and device config file via private message for further checks? We would like to review your current device settings directly. We will send you a private message shortly, please check your email inbox.

    Thank you.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    edited March 2023

    Hi @mrwee

    Additionally, please check whether the configuration provisioning has been activated, as below:

    IPsec Provisioning_edit.png

    Thanks.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Configuration Provisioning has been activated, but I've only enabled IKEv2, not L2TP.

    image.png

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    edited June 2023 Answer ✓

    Hi @mrwee

    Currently, this VPN Provision Port feature is used for IPsec VPN client only, as below:

    VPN provision get.png
    VPN IPsec client provision.png

    If the iPhone's Safari browser needs to download the VPN Provision file still needs to use the Web-GUI access port.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi Jeff,

    Thank you for the info. Since USG110 is out-of-service my assumption is that it will not be "fixed".

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)