USG FLEX H V1.35 - IPSec connectivity check
Freshman Member
According to the release notes, Connectivity Check for IPSec VPN was implemented in this new firmware.
How can I configure this? I am not seeing it under the IPSec VPN settings.
Best Answers
-
Regarding the Connectivity Check feature for USG FLEX H Series devices, please note that it is not intended for configuration purposes. However, you can locate the “Connectivity Check” menu under VPN Status > IPSec VPN > Site to Site VPN to check the connection to a remote client through the VPN tunnel.
Zyxel Tina
0 -
Hi @p4_greg,
Sorry for the late reply!
After double confirmation, the USG FLEX H series does not support direct configuration of connectivity check like the USG FLEX (ZLD) does.
To achieve a similar function, the current workaround is to use a route-based VPN with a VTI interface to perform peer probing. However, if you use a policy-based VPN, connectivity check configuration is not available.
For how to create VTI, please refer to this FAQ. After creating the interface, navigate to Network > Interface > Advanced Settings > VTI and select Edit to configure its connectivity check.
Zyxel Tina
0
Zyxel Employee
All Replies
-
Yes I see this too can't find it.
0 -
Regarding the Connectivity Check feature for USG FLEX H Series devices, please note that it is not intended for configuration purposes. However, you can locate the “Connectivity Check” menu under VPN Status > IPSec VPN > Site to Site VPN to check the connection to a remote client through the VPN tunnel.
Zyxel Tina
0 -
That explains why I could not find it….I assumed the release notes were referring to the Connectivity Check which was previously available in the VPN Connection settings on the non-H/ZLD-based firewalls.
It has been helpful in the past when the connection gets 'stuck' and traffic does not flow over the VPN, which sometimes happens after one side of the VPN connection experiences internet issues. The connectivity check feature available on previous would automatically detect this and reset the VPN connection, which usually restored connectivity.
Are there any plans to add this feature back?
Screenshot from VPN Connection settings on an old VPN100:
0 -
Hi @p4_greg,
Sorry for the late reply!
After double confirmation, the USG FLEX H series does not support direct configuration of connectivity check like the USG FLEX (ZLD) does.
To achieve a similar function, the current workaround is to use a route-based VPN with a VTI interface to perform peer probing. However, if you use a policy-based VPN, connectivity check configuration is not available.
For how to create VTI, please refer to this FAQ. After creating the interface, navigate to Network > Interface > Advanced Settings > VTI and select Edit to configure its connectivity check.
Zyxel Tina
0
Guru Member
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 454 USG FLEX H Series
- 303 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 278 Service & License
- 435 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight
