USG Flex 200 v5.39 SSL VPN with SecuExtender 4.0.5.0

Boiler1976
Boiler1976 Posts: 7  Freshman Member
First Comment First Anniversary

Greetings, i need help with creating a SSL VPN access on my new USG Flex 200.
I come from a Zywall 110, where SSL VPN is working properly. I tried to configure the 200 the same way, but some settings are different or not available at all. For example, the 110 has a checkbox to enable network extension, the 200 does not have this.

for comparison, here is the working 110 config

would anyone be able to offer some advice? thank you very much!

All Replies

  • PeterUK
    PeterUK Posts: 3,335  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Likely you need to change the IP pool?

    The enable network extension is likely enabled by default on FLEX 200 I think

  • Boiler1976
    Boiler1976 Posts: 7  Freshman Member
    First Comment First Anniversary

    thank you for replying! change ip pool how? sorry for not understanding…

  • PeterUK
    PeterUK Posts: 3,335  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited October 23

    If you look at the SSLVPN option you have for Assign IP Pool to 192.168.1.101-192.168.1.199 which may conflict I suggest a IP subnet like 192.168.250.0/255.255.255.0 for the IP pool

  • Boiler1976
    Boiler1976 Posts: 7  Freshman Member
    First Comment First Anniversary

    interesting…that is a different strategy compared to the working 110 config, which is in the same range as the subnet (in that case both are 192.168.117.0). i will try with your suggestion on the 200

  • Boiler1976
    Boiler1976 Posts: 7  Freshman Member
    First Comment First Anniversary

    unfortunately, this did not work. there is just no reaction when i try to connect with SecuExtender

  • Boiler1976
    Boiler1976 Posts: 7  Freshman Member
    First Comment First Anniversary

    i narrowed it down…if i deactivate policy control, the connection is established. but i don't which policies to change or add in order to make it work with an activated firewall….

    does anyone maybe have an idea? i checked on my 110 and everything seems to be the same as far as i can tell….

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,503  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Boiler1976 ,

    To better support you, please share WAN access to your USG FLEX 200. We will access and check your Policy Control and other settings directly.

    Instructions for enabling WAN access have been sent via Community private message.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • bymusty
    bymusty Posts: 21  Freshman Member
    First Answer First Comment Friend Collector Sixth Anniversary

    hi Boiler1976

    Did you add https service to default allow wan_to_zywall service group? Now on new devices https service is not added to the group

  • Boiler1976
    Boiler1976 Posts: 7  Freshman Member
    First Comment First Anniversary

    hi bymusty

    thank you, yes, https service is in the allow wan_to_zywall service group

Security Highlight