Discussions - Zyxel Community

Why I can't find the allow subnets in ovpn file?
Question: You have setup split tunnel for OpenVPN, but can't find the allowed subnet in ovpn srcipt? Answer: The VPN server tell OpenVPN client what subnets allowed during "Connecting Phase" instead of ovpn script. You can see the process from OpenVPN log.
Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0?
Question: Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0? Answer: The old SecuExtender SSL VPN Client Windows client 4.0.5.0 is not compatible with USG FLEX H series.…
How do I access a specific LAN subnet exclusively via SSL VPN's split tunnel?
Question : In some circumstances, the user may want to access a specific LAN subnet via the SSL VPN tunnel only, while accessing the internet through the local network. How can this be set up? Answer : Please navigate to VPN > SSL VPN > Client will use VPN to access > Choose Local Network Only (Split Tunnel) and add the…
Why can't you establish an SSL VPN connection with the USG Flex H models?
Question : Why can't you establish an SSL VPN connection with the USG Flex H models, and why are there "Match default rule DROP" log messages? Answer : The possible reason is that the SSL VPN service port is not allowed from the WAN to Device security policy. For example, the Server port of the SSL VPN is 10443. The user…
Is it possible to use SSL VPN on Nebula firewall?
Question: Is it possible to use SSL VPN on Nebula firewall? Answer: On Nebula, only IPSec VPN and L2TP VPN are available in Firewall > Remote access VPN. If you need to use SSL VPN on Nebula firewall, use Cloud Monitoring Mode instead. [ATP/FLEX] How to set up Nebula Monitor Mode? I want to use cloud monitoring mode, but…
How to Use OpenVPN Client with USG FLEX 200H Behind Router NAT?
Question: Is it possible to use the OpenVPN client when the USG FLEX 200H is behind a router with NAT (Private IP in WAN)? Answer: Yes, it is possible to use the OpenVPN client with the USG FLEX 200H behind a router with NAT (Private IP in WAN). Solution: To resolve the issue, you need to change the private IP to the…
Why can't you establish an SSL VPN connection with the USG Flex/ATP models?
Question : While establishing the SSL VPN connection, it will be disconnected shortly. Why can't you establish an SSL VPN connection? Answer : The possible reason is that Two-Factor Authentication for SSL VPN Access is enabled, but the user account has not been activated yet. Please disable this option, as shown below:…
Is it possible to transfer certificates of OpenVPN between H series Devices
Question: We need to transfer OpenVPN certificates from an old Zyxel USG FLEX 700H to a new USG FLEX 700H Workaround: The current configuration file does not support this type of conversion so far We recommend redeploying the OpenVPN script.
Why the OpenVPN scripts for setting up split tunnel and full tunnel look the same?
Question: Why the OpenVPN scripts for setting up split tunnel and full tunnel look the same? Answer: This is because the allowed subnets for split tunnel are sent during the connection phase and are not controlled by the script.
How can I deploy SSLVPN Secuextender if the WAN is behind NAT.
Solution: If the customer is behind NAT and needs to use SSL with the TGB client, the recommended method is to use DDNS and fill in the 'DNS Name' field. If using DDNS is not an option, you can modify the TGB script. Just change the following line in the TGB file: <cfg_ssl> <cfg_sslconnection name="SSLVPN" server="X.X.X.X"…
Intel® Killer™ Control Center casue SSL VPN disconnecting immediately
If you are experiencing SSL VPN disconnecting immediately after connecting, it might be related to the Intel's Killer Control Center. To troubleshoot this issue, follow these steps: Disable the Killer Network Service. If disabling the service resolves the problem, please contact Zyxel Support for further helps
USG FLEX H Series - AD Server Authentication
USG FLEX H Series - AD Authentication Overview The USG FLEX H Series now supports AD (Active Directory) authentication for both IPsec VPN and SSL VPN users. This enhancement allows centralized user management and enhanced security by leveraging your existing AD infrastructure. AD Authentication for VPN Supported…
SecuExtender SSLVPN can't connect
Symptom: 1)SSLVPN can not connect on Windows SecuExtender clients, but always can connect on MacOS clients. 2)You have Destinat NAT to SSL Port on upper device, which means the port have been translated, For example. Firewall_IP:50000 → Firewall_IP:10443 (SSLVPN Port) Workadound: Since requst from windows SecuExtender…
How to Configure SSL VPN connection with OpenVPN Connect client?
Scenario : This article will guide you on how to configure an SSL VPN connection with the OpenVPN Connect client. Answer : Please navigate to VPN > SSL VPN > to configure the Incoming Interface, Clients will use VPN to access, Client Network, Authentication relative information. Once it's done, please download the SSL VPN…
Is there any way to remove saved IP from Secure Extender History?
Question: Every time when we connect to a new device via SecuExtender, the IP is automatically saved to server list. The list of server IP grows gradually. Is there any way to remove saved IP from Secure Extender History? Answer: Yes, the IP information is saved to an xml file which is located at windows user's folder.…
Can the VPN client provisioning port be separated from the device's web GUI HTTPS service port?
Question: Can the VPN client provisioning port be separated from the device's web GUI HTTPS service port? Answer: Currently, the configuration provisioning port is the same as the device's web GUI HTTPS port. It is not supported in the current version; however, it is part of our roadmap, and we plan to support it in the…
How to allow SSL VPN clients to access some internal servers only but not all local networks?
Question: How to allow SSL VPN clients to access some internal servers only but not all local networks? Answer: Disable “Force all client traffic to enter SSL VPN tunnel”. If “Force all client traffic to enter SSL VPN tunnel” is enabled, the setting of Network List will be ignored. It means SSL VPN clients are allowed to…
What does "Network Extension Local IP" mean?
Question: In CONFIGURATION > VPN > SSL VPN > Global Setting, Network Extension Local IP is 192.168.200.1. Can I assign IP pool for SSL VPN as 192.168.200.0/24? Answer: This IP address is SSL VPN interface. After the SSL VPN is established in the client successfully, it will create a routing for SSL VPN pool IP address. To…
SSL VPN disconnect due to invalid packet size
In offices where SSL VPN is deployed, everything works fine with SSL VPN but some specific computers have the disconnection issue. SSL VPN tunnel may be disconnected immediately or disconnected after a period of use. This article will explain the possible reasons for this issue. Symptom When the issue happens, the…
How to access device Web GUI remotely via SSL VPN tunnel?
(1) Add a new access policy for SSL VPN in CONFIGURATION > VPN > SSL VPN > Access Privilege. (2) Move the SSL VPN user to "Selected User/Group Objects". Set a proper IP pool for SSL VPN users. Select the address from Network List to allow SSL VPN user access to local network. In this example, SSL VPN users can access…

Welcome!

It looks like you're new here. Sign in or register to get started.