how to disable vpn

Hi @wguenten

To disable VPN configurations or services on your Zyxel security device, please follow the steps below based on your device type.

For Nebula Devices:

• Site-to-Site VPN: Navigate to Site-wide > Configure > Security gateway > Site-to-Site VPN (or Firewall > Site-to-Site VPN) and toggle "Enabled" to "Off." For non-Nebula gateways, go to Organization-wide > Organization-wide manage > VPN orchestrator and clear the "Enabled" checkbox.
• Remote Access VPN: Go to Site-wide > Configure > Security gateway > Remote access VPN (or Firewall > Remote access VPN) and select "Disable" for "IPSec VPN server" or "L2TP over IPSec VPN server."
• VPN Orchestrator: In Organization-wide > Organization-wide manage > VPN orchestrator, select the VPN area and choose "Disable" under "Topology."

For On-Premise Zyxel Devices (e.g., USG FLEX, ATP series):

• General VPN Service Disabling: To block VPN ports, go to Object > Service > Service Group, then from "Default_Allow_WAN_To_ZyWALL", remove AH, ESP, IKE, and NATT services.
• IPSec VPN Connection: Navigate to Configuration > VPN > IPSec VPN > VPN Connection, edit the connection, and uncheck "Nailed-Up" to prevent auto-connection.
• Auto Disable VPN Service: For models like ATP100, enable "Auto disable VPN service" under Configuration → VPN → IPSec VPN → VPN Connection to disable WAN UDP ports 500 and 4500 when no IPSec VPN rules are configured.