FLEX 100 H - policy route and next hop

Posts: 22  Freshman Member
First Comment Seventh Anniversary
edited December 2023 in USG FLEX H Series

On my old USGs I could select the vpn tunnel as the next hop. On the flex 100 h I have no option under the policy routes. I created to site to site vpn tunnel, but no option. Is there something new that I don't know or understand?

Thanks for the help!!

Welcome!

It looks like you're new here. If you want to get involved, click on this button!

Accepted Solution

  • Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @weite,

    Thanks for your feedback.

    It is confirmed in our roadmap, we will support it in near future.

«1

All Replies

  • Posts: 3,491  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    It has not been added yet

  • Posts: 22  Freshman Member
    First Comment Seventh Anniversary

    That's a problem, but I will survive it. I hope that it will added soon.

    Thanks for the fast answer!

  • Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓

    Hi @weite,

    Thanks for your feedback.

    It is confirmed in our roadmap, we will support it in near future.

  • Posts: 22  Freshman Member
    First Comment Seventh Anniversary

    We like to upgrade our other old firewalls and now need policy routing. Is there a publication date of the new fimrware version?

  • Posts: 2  Freshman Member
    First Comment

    Any information about the future availability of the feature ? Because it is still not available.

  • Posts: 2,646  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi all,

    The latest firmware supports the Next hop to the VTI interface for route-based VPN. The next hop to a VPN tunnel, which is a policy-based VPN, is in our roadmap. If we have any ETA, I will update this post.

    Zyxel Melen


  • Posts: 22  Freshman Member
    First Comment Seventh Anniversary
    edited November 2024

    1 year and still no change. It was already promised for May and October, but unfortunately nothing. Is there any new information here? What tells the roadmap?

  • Posts: 2,646  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @weite,

    I apologize for the delayed reply.

    May I know why you still need the "next hop to a VPN tunnel" even though the latest firmware supports "the Next hop to the VTI interface for route-based VPN"?

    Could you share your topology and scenario so we can help check if it can be built using a route-based VPN and the Next hop to the VTI interface?

    Zyxel Melen


  • Posts: 22  Freshman Member
    First Comment Seventh Anniversary

    Ok, tell me how can I add a VTI?
    I see the VTI under interface → network → advanced settings but there is no add button. Is there a other way to add them? I'm confused.

  • Posts: 3,491  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    The setup for VTI vs how H models do to non H are different but here is a short setup

    VPN client IKEv2 192.168.144.0/24 > Zywall 110 > VTI 192.168.138.13/28 > FLEX200H VTI 192.168.138.12/28 > LAN 192.168.138.1/28 to 192.168.138.2 DNS server

    On FLEX200H you go to VPN > IPSec VPN > add

    IKEv1 with custom select Route-Based
    VTI Setting
    Local IP 192.168.138.12
    Subnet Mask 255.255.255.240

    Route Setting add 192.168.144.0/24 this will add a static route for any IP for that subnet to go down the subnet.

Welcome!

It looks like you're new here. If you want to get involved, click on this button!

Welcome!

It looks like you're new here. If you want to get involved, click on this button!