newbie needs help to configure USG 40W, set in DMZ behind a router

Horia Posts: 33  Freshman Member
edited April 14 in Security
Hi! where could I receive help to setup an USG 40W? I am a newbie, have only experience with small home routers.
My setup is the following:
[internet] > TG588v router (with ddns domain) > DMZ > USG 40W > LAN > two simple devices with web-interface (1-home KNX server, 2-surveillance camera recorder)

to reach the USG40W from the internet, to connect to it by VPN. Through the VPN, I would like to connect to the two LAN devices (which have web-interfaces).

what I did:
I setup a ddns for the external IP of the router (the router comes from the internet provider, there is no possiblity to get a permanent, static IP address for it). Also I setup an "always up" condition for the router (so it does not disconnect from the internet when not in use).
I then connected the USG40 to the router, setting it in the DMZ zone of the router, so it receives the external IP of the router and it is not behind the firewall of the router.

I was first able to reach the web-interface (for login into VPN) of the USG, from outside (the internet). A few hours later, this was not possible anymore.
I checked the settings, but still cannot understand what happened. As I have no experience with this kind of firewalls, it would be great if I you could help or tell me where I could find a step-by-step explanation for the necessary Zyxel USG 40 settings.

thanks in advance!


  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    Hello Horia,
    I want to double confirm few things with you 
    1. does TG588v router you configured is bridge mode? 
    2. When the VPN disconnected, can you check the internet connection on both site?
    3. Since you mentioned the external IP is dynamic, did you configure DDNS on USG40W?
    4.Did you enter the DDNS on Domain name/IPv4 on VPN gateway page?

    Please private message the configuration to me for checking purpose.

  • Horia
    Horia Posts: 33  Freshman Member
    edited January 2018
    Hello Charlie! Thanks a lot for your reply! Yes, I did in the meantime what you said (modem TG588v in bridge mode). The DDNS was already configured, since a while. But I did not put the modem in bridge mode, as I considered that putting the USG40 in the DMZ of the modem (in MU mode) would be enough. It could be that this was a problem (would you confirm).
    Now I can reach the USG40 from outside (from the web) by having the web authentification activated.
    I will now need some settings for the VPN, but I first will try them myself, and only if I have problems, I will revert to you!
    Thanks a lot!

Security Highlight