Discussions - Zyxel Community

How do I set up 2FA login for users on the Web-GUI of USG Flex H models?
Scenario : The user may want to set up 2FA login on the USG Flex H models for better security protection. This article will guide you through the setup process. Answer : Navigate to User & Authentication > User Authentication > Two-factor Authentication > Enable 2FA feature and choose 2FA authentication for We service. Add…
Radius group does not work as expected
Symptom: You used the Filter-ID (11) attribute to identify the Radius Group, but everything did not go as expected. The firewall did not recognize the correct Filter-ID (11) value for the user. Workaround: Because the Firewall only recognizes the first Filter-ID value. For example, if a user "Kevin" has multiple Filter-ID…
It shows "Invalid DN syntax" when tested AAA server
Symptom: Try to lookup if the users valid in AD server but find the following error Check: Please verify User Name in AD is the following DN: CN={User Name}, CN=Users, DC={Your domain}, DC={Your domain} For example: CN=Administrator,CN=Users,DC=cso,DC=com
Can only specific MAC addresses be allowed to connect to an SSID?
To ensure that only certain MAC addresses clients can connect to the SSID, you can implement MAC-based Authentication feature. This method permits only devices with MAC addresses that are included in the Access Point's MAC address list to connect to the Wi-Fi network. For detailed instructions on how to set this up, please…
[FLEX/ATP]How do I dump AAA log to console for log analysis?
Question: How do I dump AAA log to console for log analysis? Answer: Use the commands below,. Router# debug authentication server log activate Router# debug authentication server log dump to console
If you are experiencing issues with AD authentication
Issue: If you have authentication issue with AD after enabled MSChapv2. Checking: 1)Please capture packets when client tried to authenticate. You will find AD reject Samba request. Root cause: 1)Due to Legacy USG only supporting SMBV1, if your AD server has disabled SMBv1 for security concern, it will result in a failure.
How to speed up the authentication process when using ad as the authentication method?
It takes more than 12 seconds for the client to pass the authentication when using ad as the authentication method. How to speed up the authentication process? Go to CONFIGURATION > System > DNS > Domain Zone Forwarder.Add a DNS domain zone forwarder to speed up the AD authentication.In this example, the domain zone is…
How to configure WPA2-Enterprise (802.1X) with Dynamic VLAN by Nebula Cloud Authentication Server
When the station wants to connect with the AP, you can use Nebula Cloud Authentication Server (NCAS) to provide access control to your network. In this example, assuming there are two stations in different groups and they can connect to the same SSID for accessing the Internet, but get IPs in different subnets because of…
[Notification] 802.1x authentication failed on wireless station with OS Windows 11 Pro ver 22H2
Issue Description: When a wireless station with OS Microsoft Win11 Pro 22H2 connects to the SSID with 802.1x enterprise security, the authentication fails. Root Cause: Microsoft Win 11 Pro 22 H2 uses TLSv1.3 protocol by default for 802.1x authentication with RADIUS Server. When connecting to the RADIUS server by setting…
How to Use Two Factor with Google Authenticator for Admin Access?
In previous firmware versions, USG supports pin code by SMS/Email as two-factor authentication method. However, SMS-based two-factor authentication is not safe. Compared to SMS-based method, Google authenticator is the most secure method to receive verification code for 2-factor authentication. Google authenticator gives a…
How to Configure 802.1x EAP-TLS to Secure the Wireless Environment with Third-party CA Certificate?
This example shows how to use Android/iOS phone import the third-party certificate to get the wireless connection with 802.1x EAP-TLS protected. We need a certificate which is purchasing by the third-party CA. Configure Certificate 1 Generate certificate request on the NXC. Go to CONFIGURATION > Object > Certificate > My…
How to Configure 802.1x EAP-TLS to Secure the Wireless Environment with Self-Signed Certificate?
This example shows how to use Android/iOS phone import the self-sign certificate from NXC to get the wireless connection with 802.1x EAP-TLS protected. We need a certificate which is generated by the NXC. Configure Certificate 1 Go to CONFIGURATION > Object > Certificate > My certificates, and add a self-signed…
How to Configure 802.1x to Secure the Wireless Environment with an External AD Server?
The example instructs how to set up the NXC controller with an external AD server. When the station wants to connect with the AP, you can use an AAA server to provide access control to your network. In this example, the AD server is external but not embedded in the NXC controller, and the controller is already set to use…
How to Configure 802.1x with Dynamic VLAN by Using External AAA server?
When the station wants to connect with the AP, you can use an AAA server to provide access control to your network. In this example, assuming there are two stations in different groups and they can connect to the same SSID for accessing the Internet, but get IPs in different subnets because of the dynamic VLAN settings.…
How to Configure 802.1x to Secure the Wireless Environment with an Internal RADIUS in NXC?
The example instructs how to set up NXC controller and let users do local authentication without external radius server. The user data base is set up in the NXC controller and the client can enter the username and password to do authentication via 802.1x. 4.4.1 Configure Authentication Method Setting 1 Go to CONFIGURATION…
How to Configure 802.1x to Secure the Wireless Environment with an External LDAP Server?
The example instructs how to set up the NXC controller with an external LDAP server. When the station wants to connect with the AP, you can use an AAA server to provide access control to your network. In this example, the LDAP server is external but not embedded in NXC controller, and the controller is already set to use…
How to Configure 802.1x to Secure the Wireless Environment with an External RADIUS Server?
The example instructs how to set up NXC controller with an external radius server. When station wants to connect with AP, you can use an AAA server to provide access control to your network. In this example, the radius server is external but not embedded in NXC controller, and the Radius server is set ready for…
How to configure IKEv2 with MS-CHAPv2 on ZyWALL?
The USG1100 must join an AD domain. In the following example, domain name is usg.com. Go to CONFIGURATION > System > DNS > Address/PTR Record and add a record. In this example, the IP of AD server is 10.214.48.71. Go to AAA Server > Active Directory > AD object. Configure Domain Authentication for MSChap.The user in this…
How to get different privileges by RADIUS authentication
Background: In the ZyWALL USG, you can configure local users with different privileges such as admin, limited-admin, users and guests. This allows users to have different privileges when they login to the USG. For ext-user accounts, which are authenticated by an external RADIUS server, the USG sets the privilege for…
How to configure USG Series to authenticate SSL VPN client with Microsoft Active Directory
For example, we have a AD server with the configuration as below: * IP:192.168.1.35 * Domain name: cso.net * Domain user: aduser * Domain administrator: administrator * Domain administrator's password: admin1234 [Configuration Steps] Step 1: Building an SSL Application (wheter for Web application or File Sharing) Step…

Welcome!

It looks like you're new here. Sign in or register to get started.