zyxwl usg40

khaukaron
khaukaron Posts: 2
First Comment
edited April 2021 in Security

I have two zyxel usg 40s. i have set up an ipsec vpn between the two equipment. and i can reach the either side of the LANs connected to the zyxel firewalls, However the LAN interfaces on either side of the zyxel firewalls are connected to hikvision DVR. I cant ping any of the DVRs from each others LAN interface though i can ping them from thier local LAN interface. How to configure the zyxel routers to allow the DVRs to access each other.

Accepted Solution

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,052  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @khaukaron ,

    Welcome to Zyxel community

    If you can reach either side of the LANs connected to the zyxel firewalls,

    Supposedly the hikvision DVR under Lan subnet should be able to ping each other as well.

    Can you check if the gateway on hikvision DVR is configured correctly?

All Replies

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,052  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @khaukaron ,

    Welcome to Zyxel community

    If you can reach either side of the LANs connected to the zyxel firewalls,

    Supposedly the hikvision DVR under Lan subnet should be able to ping each other as well.

    Can you check if the gateway on hikvision DVR is configured correctly?

  • Thanks i figured it out. The DVRs were connecting to each other using the internal NIC IPs (we had a layer 2 connection between the DVRs)and had no IP s configured on the LAN interface. However the challenge now is;

    -We can access the DVRs on either side of the LAN but the cameras are offline. I think the issue is with forwarding ports used on the DVRs on the zyxels usg 40 firewalls but failed to find a clear procedure of port forwarding ports 8080,254 and 8000 on a zyxel usg 40.

    Could some help me with a clear port forwarding procedure for zyxel usg 40? I tried this but all in vain



    https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,052  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @khaukaron

    In current design when we build up IPSec VPN, there is no rule would be added into firewall to block any port

    I think you don’t need to create port to forward it.

    If you have your own firewall rule settings in your security policy, you can checked the device log to find out the ports 8080,254 and 8000 if these ports are blocked by the firewall rule. 

Security Highlight