OpenVPN (SSL VPN) not connecting after migration from USG FLEX 50HP (ZLD) to USG FLEX 100H (uOS)

Hi everyone,

I just completed a migration from a USG FLEX 50HP (ZLD firmware) to a USG FLEX 100H (uOS 1.37). The new firewall is up and running — internet access works fine, and LAN clients can reach the internal server without issues.

However, I'm unable to establish an OpenVPN connection. Here's what I've done so far:

• Configured SSL VPN under VPN > SSL VPN on the 100H (incoming interface set to WAN, port 10443, Split Tunnel mode)
• Created local users under User & Authentication > User/Group > User and assigned them to the SSL VPN allowed users
• Downloaded the .ovpn configuration file from VPN > SSL VPN > Download (the "SSL VPN Configuration" button)
• Imported the .ovpn file into OpenVPN Connect on the client side
• Connection attempt fails — the client either times out or gets a TLS handshake error (I can provide exact logs if needed)

What I've already checked:

• Port forwarding on the Swisscom router is still pointing to the correct WAN IP of the new 100H
• The SSL VPN service is enabled and shows as active in the dashboard
• I did NOT import the old ZLD config (I know ZLD and uOS configs are incompatible), so the SSL VPN was configured from scratch on the 100H
• Firewall security policy: I have not added a specific rule for SSL VPN traffic — could this be the issue on uOS? On ZLD this was handled automatically.

My questions:

1. Does uOS require a specific security policy rule to allow incoming SSL VPN (OpenVPN) connections on port 10443, unlike ZLD which handled it implicitly?
2. Is there anything specific about the .ovpn file generated by the 100H that requires a particular version of OpenVPN Connect?
3. Are there known issues with SSL VPN on uOS 1.37 that I should be aware of?
4. Should I check anything under Network > Routing or Security Policy > Policy Control related to the VPN tunnel zone?

Any guidance would be greatly appreciated. Happy to share screenshots or logs.

Thanks!