Discussions - Zyxel Community

How to avoid unexpected routing issues when enabling both IPsec VPN and L2TP VPN simultaneously?
Scenario : The user may need to enable both IPsec VPN and L2TP VPN remote settings simultaneously. How can unexpected routing issues be avoided when enabling both IPsec VPN and L2TP VPN at the same time? Answer : STEP1. Navigate to Site-wide > Configure > Firewall > Remote access VPN STEP2.Please ensure their Client VPN…
How to establish an VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client?
Question : How to establish the VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client? Answer : This article will guide you on how to establish an IKEv2 VPN connection with the USG Lite 60 AX using the macOS Sonoma native VPN client. Navigate to Site-wide> Configure > Cloud authentication > To add a…
How to establish an VPN connection with a Nebula firewall by the macOS Sonoma native VPN client?
Question : After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to…
Is it possible to use SSL VPN on Nebula firewall?
Question: Is it possible to use SSL VPN on Nebula firewall? Answer: On Nebula, only IPSec VPN and L2TP VPN are available in Firewall > Remote access VPN. If you need to use SSL VPN on Nebula firewall, use Cloud Monitoring Mode instead. [ATP/FLEX] How to set up Nebula Monitor Mode? I want to use cloud monitoring mode, but…
Is it possible to restrict Remote Access VPN by single user
Question: Can I restrict access to a single user for a Remote Access VPN on Nebula? Answer: Currently, it is not possible to restrict access by single user. You can only implement security policies using External User Groups. This configuration cannot be applied to individual users directly. To implement this security…
How to troubleshoot the message "no proposal chosen" when it appeares in event logs?
Question: How to troubleshoot the message "no proposal chosen" when it appeares in event logs? Answer: Site-to-Site VPN (Both sites are Nebula firewalls) On nebula, there is no configuration for phase 1 and phase 2 proposal in Site-to-Site VPN. You can check phase 1 and phase 2 proposal using command via SSH. [ATP/FLEX]…
[ATP/FLEX]How do I renew IKEV2 certificate
Question: How do I renew IKEV2 certificate? Configuration steps: When the IKEv2 IPSec Client VPN certificate expires, follow these steps: Disable and enable IPSEC remote VPN on Nebula GUI. The firewall will re-generate a new certificate. Reinstall the new VPN script. Note: Starting from 15th April 2024, the IKEv2 IPSec…
[Nebula]Can I use a custom certificate for 2FA deployment on Nebula Remote Access IKEv2 VPN?
Question Can I use a custom certificate for 2FA deployment on Nebula Remote Access VPN? Answer The device's HTTPS uses a self-signed certificate and does not support importing third-party certificates. This limitation results in a certificate warning when accessing the 2FA screen, and using a custom certificate is not…
[ATP/FLEX] How do I view connected VPN users on Nebula?
Question: How do I view connected VPN users on Nebula? Answer: To view connected VPN users on Nebula, navigate to Monitor > Firewall > VPN Connections > Client to site VPN login account. This will display a list of currently connected VPN users. You can then view information such as the user's username, Assigned IP…
Remote Access VPN on USG LITE
Remote Access VPN on USG LITE Introduction The latest update brings remote access VPN capabilities to the USG LITE series. The USG LITE series can now support secure remote access for users. This article highlights the differences between the remote access VPN features of USG LITE and firewall models. Key Differences…
[Nebula]How to set up remote access VPN on Android phone?
Question: I would like to use remote access VPN on my Android phone. How do I set up remote access VPN on an Android phone? Answer: Nebula remote access VPN supports StrongSwan for remote access VPN. We can easily download the StrongSwan configuration file and import it to the Android phone to establish remote access VPN.…
[Nebula]Where can I download remote access VPN script?
Question: I would like to deploy remote access VPN for my client. My client has various OS types: Windows, macOS, iOS, and Android. Where can I download the remote access VPN script for deployment? Answer: The remote access VPN can be downloaded at Site-wide > Configure > Firewall > Remote Access VPN. Nebula supports the…
[Nebula] The window for 2FA does not launch when VPN is connected
Question: When the user use Windows native client to establish IPSec VPN to Nebula firewall, the window for 2FA does not launch and Internet does not work. How to access the 2FA page? Answer: If you're using Windows native VPN client, 2FA does not pop up automatically. You need to open the browser and enter…
[ATP/FLEX] Full guide to set up Palworld Dedicated Server with Remote Access VPN on USG FLEX
This post is a showcase and tutorial for educational purposes only. There is no commercial cooperation or affiliation between Zyxel Networks and Pocket Pair, the developers of Palworld. This guide aims to demonstrate the capabilities of the USG FLEX series in setting up a secure gaming environment. Palworld is an…
[ATP/FLEX]How to fix WAN1 for NCAS auth when WAN2 is UP but no internet connection?
Scenario : In a specific scenario, the USG Flex/ATP has two WAN interfaces: WAN1 for internet access and WAN2 for special intranet policy and static route purposes only. In this situation, when using WAN1 as the IPsec/L2TP remote VPN server authenticated by NCAS (Nebula Cloud Authentication Server), there are instances…
[ATP/FLEX] How to configure the firewall for IPSec VPN server behind NAT router?
Topology nebula firewall (wan1: 192.168.1.34)----(lan1: 192.168.1.1)Router(wan: 61.222.x.y)-----Internet-----IPSec VPN client (IKEv2 client) On Router, you need to create a NAT rule and open ports(IKE, NATT). NAT Rule:Extermal IP: 61.222.x.y Intermal IP: 192.168.1.34 Port mapping: IKE, NATT Firewall Rule: Destination:…
[ATP/FLEX] Can I use Windows native VPN client to establish VPN to the firewall on nebula?
Turn on "IPSec VPN server" or "L2TP VPN server", and click "save". The download button for Windows VPN configuration script appears. Download the VPN script and execute the script file on Windows.
[ATP/FLEX] Why does Remote Access VPN only allow one user to be connected at a time?
Why does Remote Access VPN only allow one user to be connected at a time? When another user is connected, the current user must log off. If you set subnet mask 192.168.18.0/32, only one IP address is available for pool of IKEv2 clients. It means only one IKEv2 client can be connected simultaneously to the site. We suggest…
[ATP/FLEX] How to Set up IKEv2 VPN tunnel and Authenticate with your RADIUS server on Nebula Gateway
Nebula Control Center provides a VPN solution that allows remote VPN users to connect VPN tunnels from Internet. This guide will assist in the configuration IKEv2 VPN tunnel and authenticate with existing RAIDUS domain server. Set up external authentication server setting Go to Firewall > Configuration > Firewall Settings…
[ATP/FLEX] How to Set up IKEv1 VPN tunnel and Authenticate with your AD server on Nebula Gateway
Nebula Control Center provides a VPN solution that allows remote VPN users to connect VPN tunnels from Internet. This guide will assist in the configuration IKEv1 VPN tunenl and authenticating with exist AD domain server. Set up external authentication server setting Go to Configure > Firewall > Firewall settings and…

Welcome!

It looks like you're new here. Sign in or register to get started.