-
How to Create an SSL VPN with OpenVPN on Nebula?
Question: How to Create an SSL VPN with OpenVPN on Zyxel Nebula Answer: To configure an SSL VPN with OpenVPN on Nebula, follow these steps: On Nebula, navigate to Site-wide > Configure > Firewall > Remote access VPN. Enable SSL VPN Server and configure Type, Interface and Sign-on with method. After the configuratio file is…
-
Does the VPN service on ATP/USG FLEX firewall support OpenVPN?
Question: Does the VPN service on ATP/USG FLEX firewall support OpenVPN? Answer: ZLD firewall models such as USG FLEX/ATP firewalls do not support OpenVPN client connections. However, OpenVPN is supported by uOS firewall models like USG FLEX H. To create a VPN SSL with the OpenVPN client on USG FLEX H firewall, you can…
-
How to Resolve SSL VPN Connection Issues on USG FLEX H firewall?
Question: How to resolve SSL VPN cnnection issues on USG FLEX H firewall? Answer: If you are facing SSL VPN connection issues, such as constant disconnects and reconnects, follow these steps to resolve the problem: Check Two-Factor Authentication (2FA): If 2FA is enabled under “User & Authentication > User Authentication >…
-
What is the capacity for SSL VPN Access Profiles?
Question: What is the maximum number of SSL VPN client profile and profile user list? Answer:
-
How to Configure SSL VPN Access Profile
With multiple SSL VPN client profiles, you can create one or more profiles to apply its own settings such as IP pool, DNS and tunnel type to specific users. This example illustrates how to create multiple SSL VPN client profiles for different groups. Note: This feature is supported from firmware version uOS 1.38. Add…
-
How to Troubleshoot SSL VPN on USG FLEX H firewall?
Question: Why does the SSL VPN fail to connect? How to troubleshoot SSL VPN on USG FLEX H firewall? Answer: If you're encountering issues with SSL VPN configuration on your USG FLEX H firewall, follow these troubleshooting steps: Steps to Resolve SSL VPN Connection Issues: Ensure you have created a username under SSL VPN >…
-
Why can't I enable 2FA for SSL VPN on USG FLEX H using Google Authenticator?
Question: SSL VPN is working when selecting Nebula Cloud Authentication. Why can't I enable 2FA for SSL VPN on USG FLEX H using Google Authenticator? Answer: 2FA is not supported when "Cloud Authentication" is selected as the Sign-on method for SSL VPN. If you select "Local users" for Sign-on, you can configure Google…
-
Why was the SSL VPN client not receiving DNS IP on USG FLEX H device?
Question: Why was the SSL VPN client not receiving DNS IP on USG FLEX H device? Answer: The issue occurred when the DNS was set to “ZyWALL” or certain other combinations in the global DNS setup for SSL VPN. This configuration caused the SSL VPN client (e.g., OpenVPN or SecuExtender) to miss custom DNS settings. This…
-
SSL VPN – Controlling TLS Versions for Secure VPN Connections
With increasing concerns around outdated encryption standards, Zyxel now gives administrators more control over VPN security by allowing them to enforce a minimum TLS version for SSL VPN connections. This enhancement helps protect networks from weak encryption protocols that may expose data to compromise. In this article,…
-
Why Can't the SSL VPN Configuration File Be Downloaded from the USG FLEX H?
Question: I get an HTTP 400 error when attempting to download the SSL VPN configuration file from the USG FLEX 50HP interface. Why can't the SSL VPN configuration file be downloaded from the USG FLEX H? Answer: The issue was due to the selected Incoming Interface in the SSL VPN settings. The selected interface "ge1" did…
-
Why can't I connect to the SSL VPN?
Question: Why can't I connect to the SSL VPN, and it seems that port 10443 TCP is closed? Answer: If you are experiencing issues connecting to the SSL VPN through port 10443, follow these steps to resolve the problem: Ensure that the service "SSLVPN" is added to the service group "Default_Allow_WAN_To_ZyWALL". This step…
-
Does the Nebula firewall need to be licensed to allow VPN client connectivity?
Question: Does the Nebula firewall need to be licensed to allow VPN client connectivity? Answer: We offer Remote Access VPN (IKEv2) and SSL VPN (OpenVPN). Only the SecuExtender VPN client software requires a license for client access.
-
How can I establish an SSL VPN connection with the USG Flex H models using SecuExtender?
Scenario : This article will guide you on how to configure an SSL VPN connection with the SecuExtender VPN client. Answer : The following verification steps were performed using the USG Flex 200HP with V1.30P1 and the SecuExtender VPN client with V7.7.50.008. Please navigate to VPN > SSL VPN > to configure the Incoming…
-
Why I can't find the allow subnets in ovpn file?
Question: You have setup split tunnel for OpenVPN, but can't find the allowed subnet in ovpn srcipt? Answer: The VPN server tell OpenVPN client what subnets allowed during "Connecting Phase" instead of ovpn script. You can see the process from OpenVPN log.
-
Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0?
Question: Why can't I connect SSL VPN to USG FLEX H using SecuExtender SSL VPN Client Windows client 4.0.5.0? Answer: The old SecuExtender SSL VPN Client Windows client 4.0.5.0 is not compatible with USG FLEX H series.…
-
How do I access a specific LAN subnet exclusively via SSL VPN's split tunnel?
Question : In some circumstances, the user may want to access a specific LAN subnet via the SSL VPN tunnel only, while accessing the internet through the local network. How can this be set up? Answer : Please navigate to VPN > SSL VPN > Client will use VPN to access > Choose Local Network Only (Split Tunnel) and add the…
-
Why can't you establish an SSL VPN connection with the USG Flex H models?
Question : Why can't you establish an SSL VPN connection with the USG Flex H models, and why are there "Match default rule DROP" log messages? Answer : The possible reason is that the SSL VPN service port is not allowed from the WAN to Device security policy. For example, the Server port of the SSL VPN is 10443. The user…
-
Is it possible to use SSL VPN on Nebula firewall?
Question: Is it possible to use SSL VPN on Nebula firewall? Answer: On Nebula, only IPSec VPN and L2TP VPN are available in Firewall > Remote access VPN. If you need to use SSL VPN on Nebula firewall, use Cloud Monitoring Mode instead. [ATP/FLEX] How to set up Nebula Monitor Mode? I want to use cloud monitoring mode, but…
-
How to Use OpenVPN Client with USG FLEX 200H Behind Router NAT?
Question: Is it possible to use the OpenVPN client when the USG FLEX 200H is behind a router with NAT (Private IP in WAN)? Answer: Yes, it is possible to use the OpenVPN client with the USG FLEX 200H behind a router with NAT (Private IP in WAN). Solution: To resolve the issue, you need to change the private IP to the…
-
Why can't you establish an SSL VPN connection with the USG Flex/ATP models?
Question : While establishing the SSL VPN connection, it will be disconnected shortly. Why can't you establish an SSL VPN connection? Answer : The possible reason is that Two-Factor Authentication for SSL VPN Access is enabled, but the user account has not been activated yet. Please disable this option, as shown below:…