zywall ssl vpn - windows 11

Buongiorno, abbiamo diversi vostri prodotti Zyxel USG 20 (o + grandi) installati c/o piccoli clienti con configurate vpn ssl.

Attraverso il client securextender ssl vpn client diverse decine di utenti (su diversi firewall/clienti) si collegavano senza problemi.
da qualche mese è in commercio e si sta diffondendo il SO microsoft Windows 11 , ed diversi clienti lo stanno adottando in azienda.
il client securextender ssl vpn non funziona più molto bene, alle volte si scollega, alle volte si collega ma non fa passare il traffico, alle volte/spesso va reinstallato/riparato per farlo ripartire.
Avete una soluzione per risolvere questo problema (penso di incompatibilità) con la nuova versione di SO ed il vostro client SSL ormai datato e solo a 32bit?

grazie saluti

All Replies

  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Welcome to Zyxel Community!
    Please update to our latest 5.30 WK20 firmware, please refer to the link below to download it:
    ZLD V5.30 WK20 Firmware release
    The 5.30 WK20 firmware already fixed SSL VPN disconnection issue.

    Please note that USG20-VPN(W) is renamed to USG FLEX 50(W) in V5.20
    You may download the firmware file of USG FLEX 50.

    Thanks,
    James
  • Digita il tZyxel_James said:
    Welcome to Zyxel Community!
    Please update to our latest 5.30 WK20 firmware, please refer to the link below to download it:
    ZLD V5.30 WK20 Firmware release
    The 5.30 WK20 firmware already fixed SSL VPN disconnection issue.

    Please note that USG20-VPN(W) is renamed to USG FLEX 50(W) in V5.20
    You may download the firmware file of USG FLEX 50.

    Thanks,
    James

    Hello James, thanks for your reply but you don't reply my questions/issue
    Now the firewall have the V5.31(ABAR.0) firmware and the issue on ssl vpn client still persist, i think that the problem are in vpn client on Windows and not in central firewall.
    You have a solution for my ssl client problem on win11?

    many thanks 
  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Please provide SecuExtenderlog through private message
    C:\SecuExtenderHelper.log
    C:\Users\[windows account]\SecuExtender.log
    Moreover, please go to Device Manager > Network adapters > TAP-Windows Adapter V9 for Zyxel SecuExtender (Properties) > Advanced > MTU, check if the MUT value is 1370

    Thanks,
    James
  • Hello All,

    I have the same issue with SSL VPN.
    I notice the following:
    Client users are connected to local network via Zywall Secure Extender. 
    Local PC and Zyxel USG can ping VPN client PC (Local network can ping outside)
    But VPN client devices can not ping Zyxel neither local PC (Outside can not ping Local network)

    Also after a few minutes VPN client PCs are disconnected. 

    I verified the network adapter TAP-Windows Adapter V9 for Zyxel SecuExtender. The MTU value is 1370.
    Zyxel firmware is uptodate.

    Waiting for reply and assistance.
  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    May I know your device model and firmware version?
    For furher checking, please provide the configuration and
    C:\SecuExtenderHelper.log
    C:\Users\[windows account]\SecuExtender.log
    via private message
    Thank you

    James
  • Model Name:USG60
    I sent via private message : configuration, Secureextender log and Securehelper log.
    Waiting for your reply.
    Kind regard:+1:
  • Zyxel_James
    Zyxel_James Posts: 606  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks for your contacting.
    I tested V4.72WK48 with your configure and connected by a Windows11 SecuExtender, I can ping to the local PC(192.168.4.5) more than half hour without problems, could you upgrade to this firmware and give it a try? Thank you
    https://community.zyxel.com/en/discussion/13958/zld-v4-72-wk28-firmware-release#latest

    USG60Download


    Moreover, We found out some user encounter a problem that MTU value showm as “1370”, but it actually still 1500. Please refer to this article to double confirm that MTU is changed to 1370. Please refer to the article below
    https://community.zyxel.com/en/discussion/14013/ssl-vpn-disconnect-due-to-invalid-packet-size#latest

    James

Security Highlight