-
How to perform the speed test on the Web-GUI of the USG Flex/ATP model?
Question : How to perform the speed test on the Web-GUI of the USG Flex/ATP model? Answer : The USG Flex/ATP model has a built-in speed test tool. To perform the speed test, follow these steps: Navigate to Maintenance > Diagnostics > Network Tool > Select Speed Test > Choose the WAN interface that you want to test. Select…
-
How to use the CLI to check if the security policy is enabled or disabled on the USG Flex H model?
Question : In this FAQ: How to use CLI to enable and disable security policy? And this FAQ will guide you on how to use the CLI to check if the security policy is enabled or disabled on the USG Flex H model. Answer : Please use the CLI "show config vrf main secure-policy enabled" to check the result. usgflex200h> show…
-
How to show real time throughput of interface?
Question: How to show real time throughput of interface by CLI for H series Answer: usgflexH> show interface throughput name {Interface Name} For example: usgflexH> show interface throughput name eth0 IFNAME IN pkt/s (IN bit/s) OUT pkt/s (OUT bit/s) eth0 16.0 (16.0K) 1.0 (1.6K) eth0 44.0 (85.6K) 20.0 (56.1K) eth0 113.5…
-
How to debug ipsec dial up problem on H series
We have real time debug command on H series. 1)Please login by SSH and pefrom the following command cmd debug ipsec trace log 2)Replicate issue, trying to dial-up Remote Access VPN or Site to Site VPN. 3)Provide the output of command to Zyxel Support.
-
How to resolve RDP session disconnections on FLEX/ATP?
How can I resolve constant RDP session disconnections on Zyxel USG Flex 100? If your RDP sessions are constantly disconnecting when using a Zyxel USG Flex 100 firewall but work fine when connected directly to a modem or a wireless hotspot, the issue could be related to the ICSA protection mechanism on the firewall. To…
-
DPPSK with External Server
Dynamic Personal Pre-Shared Key (DPPSK) is a powerful feature aimed at enhancing user privacy and data integrity in a wireless network by assigning unique passwords to individual clients. This ensures that each client's traffic is encrypted with a unique key, enhancing security. Scaling DPPSK with External RADIUS Server…
-
Why Smart VPN does not work
Scenario: You have on cloud Firewall are trying to establish Non-Nebula VPN by Smart VPN function, but there are no negotiation packets, seems to the funciton does not enable. Answer: Please verify you have enabled "Nebula VPN enable" Feel free to reach out for further assistance if the issue persist.
-
Why the virtual server rule does not take affect?
Question: I have a USG FLEX with virtual server, but the NAT rule does not take affect even disable all security policy. Answer: 1)Make sure the port are listened on internal server. 2)Please check your WAN interface have correct zone settings, Otherwise, it will not match on the proper NAT rule
-
How to check the nslookup result via CLI commands on USG Flex H models?
Scenario : The user may need to use CLI commands to check nslookup result for troubleshooting or maintenance purposes. This article will guide you on how to execute it. Answer : Please issue the CLI "cmd diagnostics nslookup domain-name-or-ip domain-name URL" to check the result. Refer to the below example : cmd…
-
Why can't create a excepational cases on the Secureporter For Nebula organization
Question: Why can't create a excepational cases on the Secureporter For Nebula organization? It can't select Nebaul organization Answer: To adjust this for Nebula, please go to the Nebula page to make the changes. This setting is only applicable to on-premise environments.
-
How to restart the call home process
Scenario: You noticed that Nebula shows the device is disconnected even though the network is normal. This could be due to some reasons causing the call home to fail. Workaround: 1)log in by SSH and perfom the following CLI. usgflex200h> cmd debug nebula callhome restart And please contact Zyxel support to investigate the…
-
NAT Rule affects remote access traffic
Symptom: When connected to the Remote Access VPN, some outbound traffic is traffic is being redirected to an Internal server due to NAT rule Answer: This is because the packet flow of the H series is different. Remote Access traffic will come in from the WAN interface. Please fixed External IP address instead of Any
-
Cannot download OpenVPN profile
Question: What should I do if I encounter an error while downloading the SSL VPN configuration? Answer: To resolve the SSL VPN configuration download error, please follow these steps: 1)Check you have IP address on Incoming interface. 2)Please contact Zyxel Support if the issue persist.
-
403 Forbidden when attempting to access WebGUI
Issue: Users may encounter a "Forbidden" error when attempting to access WebGUI Resolution: To resolve this issue, follow these steps: Access your firewall settings. Disable the authentication client for HTTPS on the firewall. H> edit running H running config# vrf main http-server secure-server auth-client false H running…
-
How to check the firewall operate in on-premise mode or Nebula mode via the CLI?
Question : The USG Flex/ATP models can operate in on-premise mode or Nebula mode. There is a simple way to check the mode status via the CLI command. Answer : The CLI command is "debug show sdwan_ztp status". If the firewall operates in on-premise mode, the CLI result will show as below: Router> debug show sdwan_ztp status…
-
My firewall pushes wrong ssl certificate to my https webservice, how can I deactivate that?
Scenario: You can't access WebGUI due to TLS handshake failure. Because you choose the incorrect Server Certificate . Workaround: Change certificate to default by CLI. Router# configure terminal Router(config)# ip http secure-server cert default Router(config)# write
-
SecuExtender SSLVPN can't connect
Symptom: 1)SSLVPN can not connect on Windows SecuExtender clients, but always can connect on MacOS clients. 2)You have Destinat NAT to SSL Port on upper device, which means the port have been translated, For example. Firewall_IP:50000 → Firewall_IP:10443 (SSLVPN Port) Workadound: Since requst from windows SecuExtender…
-
The DNS content filter is not working
Scenario: The DNS content filter is not working, Already check the settings on GUI is find. -Enable DNS content filter -The profile already applied at Secure Policy " LAN→WAN and LAN→Zywall" Check List: 1) Router(config)# show security-service status dns-content-filter activation: no If the value is "no", please enalbe by…
-
Why can't we select a certificate in VPN Phase 1 for authentication?
Question: I can import a third-party certificate to FLEX/ATP without any errors. However, I am unable to select this certificate for VPN phase 1 authentication. What could be the issue? Answer: ZLD does not support ECDSA certificates in the VPN module, so we cannot select them in Phase 1. Please sign the certificate again…
-
[Nebula] I cannot access my internal server. What steps should I take to check for NAT issues?
Question: On Nebula, I have configured my NAT ports correctly, but I am unable to access my server using the public IP. What steps should I take to ensure visibility of my server with the public IP? Answer: If you've configured NAT ports correctly but still cannot access your server using the public IP, here are some steps…