Uncheck "Authenticate Client Certificates" from CLI on USG Flex 500 H
Hi,
stupidly I’ve checked "Authenticate Client Certificates" option and now I’m not able to access WEB UI. How can I disable it from CLI (SSH is enabled and working)? Or there’s something else I can do? I’ve also a configuration file before this change was made.
Thank you
Kari
Best Answers
-
Hi @kaika313,
Here are the commands to disable "Authenticate Client Certificates".
usgflex200h> edit running
usgflex200h running config# vrf main http-server secure-server auth-client false
usgflex200h running config# commit
usgflex200h running config# copy running startup
Overwrite startup configuration? [y/N] ySee how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community1 -
you can't use SecuExtender SSL_VPN_Client_4.0.5.0 on H models their is
IPSec_SSL_VPN_7.7.40.019(subscription_based) or1
All Replies
-
Hi @kaika313,
Here are the commands to disable "Authenticate Client Certificates".
usgflex200h> edit running
usgflex200h running config# vrf main http-server secure-server auth-client false
usgflex200h running config# commit
usgflex200h running config# copy running startup
Overwrite startup configuration? [y/N] ySee how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community1 -
Hi @Zyxel_Emily,
thank you, this solved my problem.
I have another issue regarding SSL VPN, there’s no way to make it work. I'm using a custom port because it doesn't allow me to use same HTTPS port. Strange thing is that if I download SSL VPN configuration and use it with OpenVPN it works. If I try tu use SecuExtender (4.0.4) it doesn't work giving me these errors:
[ 2024/05/23 16:49:15 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected
[ 2024/05/23 16:49:15 ][SecuExtender Agent][INFO] [vpn] try to login serverpublicip:4491
[ 2024/05/23 16:49:15 ][SecuExtender Agent][INFO] Connect to serverpublicip:4491
[ 2024/05/23 16:49:15 ][SecuExtender Agent][INFO] Local address is localaddress
[ 2024/05/23 16:49:16 ][SecuExtender Agent][DEBUG] Connect success.
[ 2024/05/23 16:49:16 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0
[ 2024/05/23 16:49:16 ][SecuExtender Agent][ERROR] Server unexpectedly disconnected (0x0)
[ 2024/05/23 16:49:16 ][SecuExtender Agent][ERROR] Error 0x80090301 querying connection info: SECPKG_ATTR_STREAM_SIZES (0x6)
[ 2024/05/23 16:49:16 ][SecuExtender Agent][ERROR] SSL Handshake failed. (0x6)
[ 2024/05/23 16:49:16 ][SecuExtender Agent][ERROR] Failed to connect to device(1) (0x6)
[ 2024/05/23 16:49:16 ][SecuExtender Agent][ERROR] user login device failed (0x6)
[ 2024/05/23 16:49:16 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed
[ 2024/05/23 16:49:16 ][SecuExtender Agent][DETAIL] Connection ends.What I'm doing wrong?
I remember when using the previous USG40 firewall that the same problem occurred but then I was able to use same HTTPS port even if different from standard 443 and it worked. Now, using different port for HTTPS and SSL VPN it won't. Why?
Thank you
0 -
you can't use SecuExtender SSL_VPN_Client_4.0.5.0 on H models their is
IPSec_SSL_VPN_7.7.40.019(subscription_based) or1 -
Hi @kaika313,
As PeterUK said, you need to use IPSec_SSL_VPN_7.7.40.019 (Windows) to establish SSL VPN to USG FLEX H.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight