Tailscale Question?

Hi @dereknl,

The Zyxel H Series firewalls integrate Tailscale VPN support, offering a peer-to-peer VPN solution built on the WireGuard protocol. This integration simplifies VPN deployments and provides a more flexible alternative to traditional IPsec VPNs.

Here's how a Zyxel Firewall helps when using Tailscale:

• Advertised Networks: The firewall allows you to advertise your local LAN subnets to the Tailscale network, making it easier for other Tailscale devices to access resources within your local network.
• Exit Node Functionality: The Zyxel firewall can be configured as an Exit Node, which means all internet traffic from devices connected to your Tailscale network can be routed through your firewall. This is particularly useful for remote workers who need to access internal network resources securely and ensures their internet traffic is subject to the corporate firewall's security measures.
• Enhanced Security: While you can install Tailscale directly on individual devices, integrating it with a Zyxel firewall allows you to route internet-bound traffic from connected clients through the firewall. This means all traffic benefits from the firewall's centralized security policies, such as content filtering and intrusion prevention.
• Simplified Network Management: The firewall integration streamlines the management of your Tailscale network. You can enable Tailscale directly on the Zyxel firewall and manage its connection to the Tailscale admin console.

To use Tailscale with your Zyxel H Series firewall, you would typically follow these steps:

1. Generate an authentication key from the Tailscale Admin Console.
2. Enable Tailscale on your Zyxel firewall and enter the generated key.
3. Configure "Advertised Network" to share your LAN subnets with the Tailscale network and "Accept Route" to receive routes from other Tailscale devices.
4. Approve these routes in the Tailscale admin console for full communication between devices.
5. Optionally, set your Zyxel firewall as an Exit Node.

To provide you with more specific guidance, please provide the following information:

• Device Model: (e.g., USG FLEX 100H)
• Firmware Version:
• Network Topology Map: A simple diagram showing how your devices are connected.
• Nebula Organization/Site Name (if your firewall is Nebula-managed): This will allow our support team to view your cloud environment configuration directly, which can significantly speed up troubleshooting. You can enable Zyxel Support Access via Help > Support Request in the Nebula console.