SSL VPN from internet
Freshman Member
Hi, I have a USGFLEX100HP. I configured SSL VPN according to the manual, exported the configuration file, imported it to OpenVPN, and I can connect via VPN, but only from the local network. When I try to log in from the internet, it won't let me in. It logs in, logs in, and then stops. What do I need to do? Any NAT or routing rules? Should I disable something in the firewall?
All Replies
-
You need inbound traffic to the port for the VPN to work scan for the given port here
0 -
>You need inbound traffic to the port for the VPN to work scan for the given port here
When I scan the address, I only have ports 80 and 443 open. How can I open other ports? I need this one for VPN SSL.
0 -
Hi @Residentpio
- Please navigate to Object > service (object) and find SSLVPN to ensure it exists and the port number is correct.
- Then go find "Default_Allow_WAN_to_ZyWALL" in the service group (object) and edit it.
- Add SSLVPN to this group and save.
- Please navigate to Security policy > Policy control to ensure there has a policy is "from WAN to ZyWALL with service Default_Allow_WAN_to_ZyWALL".
Zyxel Melen0 -
Where can I set a rule if I want to unblock or block a port? Where can I do port forwarding? I've configured various routers and systems, and there are always firewall rules that I can manage, enable, and disable, but I don't see them in this Zyxel. The security policy contains rules that were created automatically, but I've also added them and entered "any" almost everywhere, but it doesn't help. Please help me.
0 -
Do you have a ISP that support inbound traffic?
Does the USGFLEX100HP have the WAN IP on its interface?
0 -
Yes, static and public ip on wan zyxel
0 -
Did you port scan the SSL port with the link I said at GRC?
You will need a firewall rule from WAN to Zywall for that port
0 -
I didn't do this scan. I understand I need to go to the company where I have the router and scan it from their network, because I can't scan from home and just provide the Zyxel's IP address. However, I scanned the IP address from outside with a standard scanner and it showed only 443 and 80 as open, and my SSL VPN is running on the standard port 10443. Do you think it's running on a different port if I connect from the WAN side?
I can take screenshots of the police service; everything is standard there, but if you see this, it might become simple. It seems pretty straightforward because the VPN ports are closed on the WAN side, but I don't know how to open them and which rule is responsible for closing everything except 80 and 443. But I'm grateful for your help.0 -
ok so if you scan port 10443 because its TCP from a internet scanner that lets you and shows open this would mean there is a rule allowing it. If your seeing it blocked then you need to allow just make a object with TCP 10443 and a firewall rule from WAN to Zywall for that port service.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 222 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.5K Security
- 617 USG FLEX H Series
- 347 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 53 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 485 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 105 Security Highlight
