SSLVPN disconnects and oddness with zone “LAN”
Guru MemberVPN300 V5.30
This is a odd I have SSLVPN on port 443
Ge3 zone LAN1 192.168.255.247/255.255.255.192
Ge5 zone LAN 192.168.255.49/255.255.255.240
Two firewall rule from LAN to Zywall and from LAN1 to Zywall HTTPS
In this setup I connect to SSLVPN to 192.168.255.247 get disconnected within xxmins if idle.
And if I do a SSLVPN to 192.168.255.49 it disconnects right away but if I change the Ge5 zone to LAN1 it connects and then disconnected within xxmins if idle.
All Replies
-
we have the same problems with various ATP 5.30 firmware.0
-
Update workaround it seems after many years of Zyxel doing SSL VPN on port 443 with logon on the same port is now a problem and the SSL VPN is stable on a given set port other then 443 in config > VP >SSL VPN global setting
As for uptime workaround oddly if the DHCP server lease is set 2mins for a client the connecting SSL VPN stays up guess it acks as a keep alive?
0 -
Hi @PeterUK,
Did you mean you solved it after change SSL Port to others?
If the issue still persist, Kindly feel free to contact us.Thank you
Kevin0 -
No not solved by changing the port for the main issue disconnected within xxmins if idle.
Changing the port fixes the zone problem like zone “LAN” where the SSL VPN will not connect at all but zone “LAN1” does even if firewall rule is correct for zone “LAN”.
0 -
Hi @PeterUK,
Our team are investigating VPN disconnection event recently.
I will update it if there is any news.
Thanks
Kevin
0 -
Hi @PeterUK,We have found the cause. We will release weekly firmware next week to fix the issueThank for your patience.Kevin0
-
Hi @PeterUK,
Please find the following weekly firmware.
https://community.zyxel.com/en/discussion/13502/zld-v5-30-wk20-firmware-release/p1?new=1
Kevin0 -
Thanks need to do more testing but the VPN disconnection looks fixed on a different port then 443
But if WWW is port 443 and VPN is port 443 with zone LAN it disconnects right away log show.
User sslvpn1 has been denied access from HTTPS
Failed login attempt to SSLVPN from http/https (incorrect password or inexistent username)
yet login is correct and if I change zone to LAN1 it works
0 -
Hi @PeterUK,
Could you check the issue after upgrade the weekly ?
And please share the configuration via Private Messages if the issue persist.
I will try to reproduce it .
Kevin0 -
Yes the issue happens after the upgrade will send you the config
0
Freshman Member
Zyxel Employee
Categories
- All Categories
- 187 Beta Program
- 1.7K Nebula
- 90 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 917 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 450 Nebula FAQ
- 256 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight
