Question: How to troubleshoot the message "no proposal chosen" when it appeares in event logs? Answer: Site-to-Site VPN (Both sites are Nebula firewalls) On nebula, there is no configuration for phase 1 and phase 2 proposal in Site-to-Site VPN. You can check phase 1 and phase 2 proposal using command via SSH. [ATP/FLEX]…
Scenarion: I was trying to configure non-Nebula VPN between two different Nebula orgs. The configuration was configured correctly, but the event logs show "Phase 2 policy mismatch". What happen? Answer: It could be remote subnet is mismatched. For Site_A, there are 3 local interfaces enabled for Site-to-Site VPN, and the…
When site to site VPN is configured between Nebula Firewall and the peer gateway, we can use policy routes to force the subnet of Nebula Firewall to access the Internet via the WAN connection of the peer gateway. The article instructs how to configure a policy route on each device to route all traffic to the peer gateway.…
The following is an example of setup site-to-site VPN between Nebula device(USG FLEX 100) and non-Nebula device(USG40). Non-Nebula device USG40(on-premises) has a public IP, but Nebula device USG FLEX 100 is behind NAT. Configure Steps Nebula Device Configuration (USG FLEX 100) Navigate to Configure > Firewall >…
Here is the example for the user who uses Zyxel NSG and Microsoft Azure and wants to configure Site-to-Site VPN configuration. It only has a few simple steps to accomplish securitly VPN connection between two Cloud Management Platforms! Scenario: Let's begin with the steps on NSG and Microsoft Azure! [For NSG] (Please note…
It looks like you're new here. Sign in or register to get started.