-
Nebula Status Network Tool in uOS: Troubleshoot Cloud Connectivity
The Nebula Status tool is an essential network diagnostic feature introduced in uOS 1.30. This tool helps administrators quickly diagnose connectivity issues between their firewall and NCC. Where to Find the Nebula Status Tool Navigate to: Maintenance → Diagnostics → Network Tool → Nebula Status When testing Nebula status,…
-
How do I check the syslog level from the packet file?
Question: The user can refer to this FAQ: How do I check the syslog packets using Wireshark? to check the packet file. But how to identify its syslog level from the packet file? Answer : The user can identify the syslog level from the Level field of the Syslog message, for instance, the syslog server receives the…
-
How do I configure USG Flex H firewall to send debug-level logs to a Syslog server?
Question: How do I configure USG Flex H firewall to send debug-level logs to a Syslog server? Answer : Please navigate to the GUI path Log & Report > Log Settings > Remote Server 1, and select the debug-level Log Categories you want to enable. Activate the Syslog feature, select the log format, set the Syslog server…
-
How do I check the syslog packets using Wireshark?
Question: The user can refer to this FAQ: How do I capture the syslog packets through the GUI on the USG Flex H model? to use the Web-GUI to collect the syslog packets. But how can the syslog packets be checked using Wireshark? Answer : When the user opens the .cap file in Wireshark, they can enter the keyword 'syslog' to…
-
How do I capture the syslog packets through the GUI on the USG Flex H model?
Question: How do I capture the syslog packets through the GUI on the USG Flex H model? Answer : The user can use the Web-GUI to collect syslog packets as a useful debugging method. Navigate to the GUI path Maintenance > Diagnostics > Select the interface and Host port 514(the default syslog service port), and save this…
-
How to resolve L2TP VPN connection issues on Nebula firewall?
Question: Why can't my iPhone connect to the L2TP VPN server of Nebula firewall? What settings should I check on Nebula? Answer: If your iPhone shows the error "The L2TP VPN server is not responding" follow these steps to troubleshoot: 1. Verify if the WAN IP address assigned to your Nebula firewall is private or public:…
-
How to perform the speed test on the Web-GUI of the USG Flex/ATP model?
Question : How to perform the speed test on the Web-GUI of the USG Flex/ATP model? Answer : The USG Flex/ATP model has a built-in speed test tool. To perform the speed test, follow these steps: Navigate to Maintenance > Diagnostics > Network Tool > Select Speed Test > Choose the WAN interface that you want to test. Select…
-
How to use the CLI to check if the security policy is enabled or disabled on the USG Flex H model?
Question : In this FAQ: How to use CLI to enable and disable security policy? And this FAQ will guide you on how to use the CLI to check if the security policy is enabled or disabled on the USG Flex H model. Answer : Please use the CLI "show config vrf main secure-policy enabled" to check the result. usgflex200h> show…
-
How to show real time throughput of interface?
Question: How to show real time throughput of interface by CLI for H series Answer: usgflexH> show interface throughput name {Interface Name} For example: usgflexH> show interface throughput name eth0 IFNAME IN pkt/s (IN bit/s) OUT pkt/s (OUT bit/s) eth0 16.0 (16.0K) 1.0 (1.6K) eth0 44.0 (85.6K) 20.0 (56.1K) eth0 113.5…
-
How to debug ipsec dial up problem on H series
We have real time debug command on H series. 1)Please login by SSH and pefrom the following command cmd debug ipsec trace log 2)Replicate issue, trying to dial-up Remote Access VPN or Site to Site VPN. 3)Provide the output of command to Zyxel Support.
-
How to resolve RDP session disconnections on FLEX/ATP?
How can I resolve constant RDP session disconnections on Zyxel USG Flex 100? If your RDP sessions are constantly disconnecting when using a Zyxel USG Flex 100 firewall but work fine when connected directly to a modem or a wireless hotspot, the issue could be related to the ICSA protection mechanism on the firewall. To…
-
DPPSK with External Server
Dynamic Personal Pre-Shared Key (DPPSK) is a powerful feature aimed at enhancing user privacy and data integrity in a wireless network by assigning unique passwords to individual clients. This ensures that each client's traffic is encrypted with a unique key, enhancing security. Scaling DPPSK with External RADIUS Server…
-
Why Smart VPN does not work
Scenario: You have on cloud Firewall are trying to establish Non-Nebula VPN by Smart VPN function, but there are no negotiation packets, seems to the funciton does not enable. Answer: Please verify you have enabled "Nebula VPN enable" Feel free to reach out for further assistance if the issue persist.
-
Why the virtual server rule does not take affect?
Question: I have a USG FLEX with virtual server, but the NAT rule does not take affect even disable all security policy. Answer: 1)Make sure the port are listened on internal server. 2)Please check your WAN interface have correct zone settings, Otherwise, it will not match on the proper NAT rule
-
How to check the nslookup result via CLI commands on USG Flex H models?
Scenario : The user may need to use CLI commands to check nslookup result for troubleshooting or maintenance purposes. This article will guide you on how to execute it. Answer : Please issue the CLI "cmd diagnostics nslookup domain-name-or-ip domain-name URL" to check the result. Refer to the below example : cmd…
-
Why can't create a excepational cases on the Secureporter For Nebula organization
Question: Why can't create a excepational cases on the Secureporter For Nebula organization? It can't select Nebaul organization Answer: To adjust this for Nebula, please go to the Nebula page to make the changes. This setting is only applicable to on-premise environments.
-
How to restart the call home process
Scenario: You noticed that Nebula shows the device is disconnected even though the network is normal. This could be due to some reasons causing the call home to fail. Workaround: 1)log in by SSH and perfom the following CLI. usgflex200h> cmd debug nebula callhome restart And please contact Zyxel support to investigate the…
-
NAT Rule affects remote access traffic
Symptom: When connected to the Remote Access VPN, some outbound traffic is traffic is being redirected to an Internal server due to NAT rule Answer: This is because the packet flow of the H series is different. Remote Access traffic will come in from the WAN interface. Please fixed External IP address instead of Any
-
Cannot download OpenVPN profile
Question: What should I do if I encounter an error while downloading the SSL VPN configuration? Answer: To resolve the SSL VPN configuration download error, please follow these steps: 1)Check you have IP address on Incoming interface. 2)Please contact Zyxel Support if the issue persist.
-
403 Forbidden when attempting to access WebGUI
Issue: Users may encounter a "Forbidden" error when attempting to access WebGUI Resolution: To resolve this issue, follow these steps: Access your firewall settings. Disable the authentication client for HTTPS on the firewall. H> edit running H running config# vrf main http-server secure-server auth-client false H running…