Migration from a Zyxel 110 to a USG 500H

xalexandresilva77

Hi there.

I'm tring to migrate a configuration from Zyxel 110 with v4.73 firmware from 2023 to a USG 500H. That next week will replace old model.

Migration too helps to Zyxel 110 ⇒ USG 500 then will be from USG500 ⇒ USG 500H but in the begining of secound step migration too say this is not a USG 500 config file.

Can anyone hell or i have to configure from scratch.

Best Regards

Alexandre Silva

PeterUK

With H models you have to config from scratch

PeterUK

With H models you have to config from scratch

xalexandresilva77

Ok PeterUK tanks for quick answer.

I will munual configure this.

Best Regards,

xalexandresilva77

Ok Peter.

Is possible to configure USG Flex without Nebula rules?

In the past i connect via SSL VPN connection i can allow a group to access address object.

How can i do same now? How can i create groups?

Implement a policy like USG Flex that user connects only from specific country. And only can manage firewall after connect from vpn or local.

Best Regards

Alexandre Silva

PeterUK

Yes FLEX H can be configured as standalone

I think you need under Clients will use VPN to access Local Networks Only (Split Tunnel)

as for the other thing are you talking about this bit on non H models? the admin service control?

you can lock down access to Flex H by policy control not tested access to FLEX H over VPN but should be possible

xalexandresilva77

Ok Peter i will test it. Some of my clients firewall is behind NAT and sometime is usefull to go to internet operator change NAT rules there.

How to configure without Nebula.

One more question. Portugues internet market is changing and newcomer DIGI operator only work with GNAT. Is it possible to have SSV VPN and IPSEC behind that configurations?

xalexandresilva77

Hi there.

Is it possible to downgrade firmware to version 1.10. Old version have mode options on VPN connections. And is it possible to control zyxel USG 500H firewall without Nebula?

Best Regards.

Zyxel_Melen

Hi @xalexandresilva77,

How to configure without Nebula.

USG FLEX H series is required to register to Nebula. This allows you to manage your Nebula devices in a centralized platform.

Portugues internet market is changing and newcomer DIGI operator only work with GNAT. Is it possible to have SSV VPN and IPSEC behind that configurations?

You need to check with your ISP for this. In my experience, it is not possible to connect remote access VPN if the firewall uses CGNAT WAN.

Is it possible to downgrade firmware to version 1.10. Old version have mode options on VPN connections.

I checked with our engineer, and the old firmware version doesn't have more VPN options. Could you share which VPN option you need?

xalexandresilva77

Hi Melen. Sometime i have to connect IPSec, L2TP and IKEv2 in same platform. In the past was possible. Now dont show that options, at lease in this model.