USGLITE60AX Route All Internet Traffic

dpipro

Hello everyone,

We’re planning to set up a site-to-site VPN between a USG LITE 60AX (branch) and a FLEX 200H (HQ), which has an active GOLD Security Pack license.

Our goal is to route all internet-bound traffic from the USG LITE 60AX through the VPN tunnel, so that all traffic is inspected by the FLEX 200H (using its UTM features such as content filtering, anti-malware, etc.).

Is this configuration supported? If so, could someone please point us to the best practice or guide for setting it up (e.g., policy routing, SNAT configuration, etc.)?

Thank you in advance!

Zyxel_Judy

Hi @dpipro ,

With the current features of the USG LITE 60AX, you can only set up a site-to-site VPN between a USG LITE 60AX and a FLEX 200H. Please refer to the step-by-step instructions in the article below.

How to Set Up Nebula site-to-site VPN on the USG FLEX H and USG Lite 60AX? — Zyxel Community

To route all internet-bound traffic from the USG LITE 60AX through the VPN tunnel, the USG LITE 60AX's static route configuration needs to support the VTI (Virtual Tunnel Interface) option. This feature is currently under evaluation for future implementation.

Please follow our Security News & Releases to stay informed about new features and enhancements.

Zyxel_Judy

Hi @dpipro ,

With the current features of the USG LITE 60AX, you can only set up a site-to-site VPN between a USG LITE 60AX and a FLEX 200H. Please refer to the step-by-step instructions in the article below.

How to Set Up Nebula site-to-site VPN on the USG FLEX H and USG Lite 60AX? — Zyxel Community

To route all internet-bound traffic from the USG LITE 60AX through the VPN tunnel, the USG LITE 60AX's static route configuration needs to support the VTI (Virtual Tunnel Interface) option. This feature is currently under evaluation for future implementation.

Please follow our Security News & Releases to stay informed about new features and enhancements.