H series router user logins not working

Options
electsystech
electsystech Posts: 59 image  Ally Member
First Answer First Comment Friend Collector Sixth Anniversary
in USG FLEX H Series

We are not able to configure security policies on the H series routers to allow 'user authenticated port forwarding' where a user is required to log into the router to enable a security policy from his 'login ip address'.

Currently the H series routers says 'login denied' when a 'user' tries to log in.

When will this feature be brought back to the USG routers?

usrauth1.PNG usrauth2.PNG usrauth3.PNG

Accepted Solution

  • Zyxel_Tina
    Zyxel_Tina Posts: 471 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers First Comment
    Answer ✓

    Hi @electsystech,

    May I confirm if your intention is to create and add a user account named "etech" on your USG FLEX 50H, so that this user can log in to this 50H device?

    (As shown in the first and second images, on the USG FLEX models you could go to CONFIGURATION > Object > User/Group to add a user, and then apply this user to the User field in a Security Policy.)

    If that is the case, on the USG FLEX 50H you may create the desired user under User & Authentication > User/Group and then apply it to your policy.

    image.png

    Zyxel Tina

All Replies

  • Zyxel_Tina
    Zyxel_Tina Posts: 471 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers First Comment
    Answer ✓

    Hi @electsystech,

    May I confirm if your intention is to create and add a user account named "etech" on your USG FLEX 50H, so that this user can log in to this 50H device?

    (As shown in the first and second images, on the USG FLEX models you could go to CONFIGURATION > Object > User/Group to add a user, and then apply this user to the User field in a Security Policy.)

    If that is the case, on the USG FLEX 50H you may create the desired user under User & Authentication > User/Group and then apply it to your policy.

    image.png

    Zyxel Tina

  • mjr
    mjr Posts: 39 image  Freshman Member
    First Comment Friend Collector Seventh Anniversary

    Seeing the same issue:

    User is created on USG Flex H.

    User wants to login to USG Flex H (from WAN) - receives a "login denied"

    Best regards,

    MJR

  • PeterUK
    PeterUK Posts: 4,272 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    Could show the setup on old USG on how this works please?

  • mjr
    mjr Posts: 39 image  Freshman Member
    First Comment Friend Collector Seventh Anniversary

    comment from zyxel support:

    After consulting with our Senior colleagues, we have found out that this feature has been discontinued in the H series firewall (uOS) due to security considerations. You may refer to the release notes for further details if needed. 

  • PeterUK
    PeterUK Posts: 4,272 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited November 19

    So how did this works you login to the USG which a firewall rule to allow RDP by user from the IP you logged into from?

  • mjr
    mjr Posts: 39 image  Freshman Member
    First Comment Friend Collector Seventh Anniversary

    with the Usg flex (pre H) it was possible to configure a security policy/firewall rule/NAT (access LAN from WAN), which was bound to a specific user/user group. the user had to logon to the firewall (via webinterface), authenticate and afterwards the connection was allowed.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)