Lost SSL Connection - after firmware upgrade from 4.38 on ZyWall 110 to 4.60
All Replies
-
Hi @IPCETRIX
You may double confirm your SSL VPN IP pool and Network extension local IP without IP subnet conflict with your interfaces.And then you can make sure SecuExtender has installed successfully on your PC. (TAP-Windows Adapter V9 for Zyxel Extender has installed successfully)
0 -
But may the SSP IP Pool and the Local Network Extension IP Address be of the same subnet (of course without conflict)?For example, our USG Local Network Extension IP reads 192.168.200.1 while the SSL IP Pool is from 192.168.200.10 to 192.168.200.50.Unfortunately the term Local Network Extension IP is not really good explained in user manual.edit:At least both our SSL VPN and IPSec VPN are still running after firmware update from 4.39 to 4.60(AAPH.1)
0 -
Hi @USG_User
Local Network Extension IP address is a virtual interface on device.
After SSL VPN is established, SSL VPN client traffic will send to virtual interface.
You can check routing table, you will find the extension IP as a gateway in the list.
And it is the reason IP shouldn’t conflict.
0 -
Hi!
Thank you all for your professional advice.
Apparently from the firmware 4.39 and above ZyXel restrict all users from Admin group to use SSL.
Don't ask me why as I have no explanation. Moving user from Admin to User group resolve the problem.
Second issue was that we shift HTTPS listening port from 443 to XX443 for remote access to web interface from specific IPs, however SSL VPN continue listen to port 443. From firmware 4.39 Zyxel bind both services. You need to set the same port in SecureExtender as it in WWW setting.
0 -
Hi @IPCETRIX
It’s good to know you can establish SSL VPN tunnel.
We have restricted admin type user to establish SSL VPN tunnel.
In the future, we has planed to change SSL VPN port to others.
Then WebGUI and SSL VPN will listen in different ports.
0 -
We've changed the SSL VPN Access Port from 443 to XX443 in SYSTEM > WWW. Further we've denied the access to Admin GUI from any other zones than internal LAN1. Works fine since many months.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight