-
How to establish an VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client?
Question : How to establish the VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client? Answer : This article will guide you on how to establish an IKEv2 VPN connection with the USG Lite 60 AX using the macOS Sonoma native VPN client. Navigate to Site-wide> Configure > Cloud authentication > To add a…
-
How to establish an VPN connection with a Nebula firewall by the macOS Sonoma native VPN client?
Question : After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to…
-
Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Question : Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model…
-
Is it possible to configure VPN for USG FLEX H device on Nebula?
Question: Is it possible to configure VPN for USG FLEX H device on Nebula? Answer: Currently, USG FLEX H series supports Cloud Monitoring Mode only on Nebula. You need to login to the web GUI to configure VPN. You can also generate the IP address for remote connection in Devices > Firewall > Live tools > Remote…
-
How do I set up SecuExtender on a USG FLEX H device to generate a tbg file?
Question: How do I set up SecuExtender on a USG FLEX H to generate a tbg file? Answer: After you enable "Remote Access VPN" on your USG FLEX H device, go to SecuExtender VPN Client and click Configuration > Get from Server. The SecuExtender VPN Client will fetch the configuration file from USG FLEX H.
-
USG FLEX H Series - IPSec VPN Debug Logging
IPSec VPN is a crucial feature for many users of Zyxel security appliances, providing secure connectivity between different sites. However, troubleshooting VPN issues can be challenging with the standard event logs. To address this, uOS now includes detailed IPSec VPN debug logging capabilities. Key Features Real-Time…
-
USG FLEX H Series - Customize Zone in Remote Access VPN
In previous updates, we introduced the ability to set zones within the site-to-site VPN wizard. This update uOS version 1.21 extends similar functionality to remote access VPNs, making the configuration process more intuitive and streamlined. Key Enhancements Direct Zone Customization: Users can now directly change the…
-
L2TP VPN doesn't work on Windows 10, but it works perfectly on Windows 11. What should I do?
Question My L2TP VPN on Nebula doesn't work on Windows 10, but it works perfectly on Windows 11. What should I do? Answer It looks like the issue you're experiencing is related to specific Windows updates on Windows 10. The patches KB5036893 and KB5036892 have been reported to break VPN connections. To resolve this issue,…
-
How to check the detailed information of concurrent VPN connections via the CLI?
Question : In the article: How to check the number of concurrent VPN connections via the CLI?users can learn how to check the number of concurrent VPN connections using the CLI. They may also want to check the detailed information of these connections. This article will guide you on how to do this. Answer : Please use the…
-
How to check the number of concurrent VPN connections via the CLI?
Question : Users may wish to use CLI to check the number of concurrent VPN connections. This article will guide you on how to check this. Answer : Please use the CLI command show ike ike-sa-count to check it. For example : usgflex100h> show ike ike-sa-count 1 This means the USG Flex 100H has one concurrent VPN connection.
-
[Nebula]Is it possible to configure inbound/outbound NAT in Nebula VPN?
Question Is it possible to configure inbound/outbound NAT in Nebula VPN? Answer At the current design stage, Nebula does not support inbound/outbound NAT. However, it can be configured in on-premise mode.
-
How do I set up NAT port forwarding for remote AP usage on the firewall?
Scenario : Users may wish to use the remote AP service behind a NAT scenario. For example, in the topology below, the remote AP will establish a VPN service to the destination firewall USG Flex 100. Remote AP === internet === USG Flex 200 === (NAT ports forwarding) === USG Flex 100 Users may wonder how to set up NAT port…
-
USG FLEX H Series - Remote Access VPN with AD
USG FLEX H Series - Remote Access VPN with AD Overview The USG FLEX H Series firewalls now support Remote Access VPN authentication using Active Directory (AD). This enhancement allows centralized user management and improves security by leveraging your existing AD infrastructure for IPsec VPN and SSL VPN authentication.…
-
USG FLEX H Series - AD Server Authentication
USG FLEX H Series - AD Authentication Overview The USG FLEX H Series now supports AD (Active Directory) authentication for both IPsec VPN and SSL VPN users. This enhancement allows centralized user management and enhanced security by leveraging your existing AD infrastructure. AD Authentication for VPN Supported…
-
USG FLEX H Series - Two-Factor Authentication for VPN
USG FLEX H Series - Two-Factor Authentication for VPN Overview The USG FLEX H Series firewalls now support two-factor authentication (2FA) for IPsec VPN clients in addition to the previously supported admin access. This enhancement provides an added layer of security for remote users connecting to the network via VPN.…
-
Why the site-to-site VPN tunnel will disconnect hourly? How to reslove it?
Scenario : Users may encounter a situation in the site-to-site VPN tunnel that will disconnect hourly. This article will guide you on how to identify the possible reasons and resolve this problem. Answer : The possible reason for the site-to-site VPN disconnecting hourly is that the Phase 2 SA Lifetime is set to 3600…
-
Why can't we select a certificate in VPN Phase 1 for authentication?
Question: I can import a third-party certificate to FLEX/ATP without any errors. However, I am unable to select this certificate for VPN phase 1 authentication. What could be the issue? Answer: ZLD does not support ECDSA certificates in the VPN module, so we cannot select them in Phase 1. Please sign the certificate again…
-
What proposal should be configured on ATP/USG FLEX for IKEv2 native client on macOS 14 Sonoma?
Question: What proposal should be configured on ATP/USG FLEX for IKEv2 native client on macOS 14 Sonoma? Answer: Phase 1: AES256, SHA256, Key Group=DH19 Phase 2: AES256, SHA256, PFS=none
-
How to Configure SSL VPN connection with OpenVPN Connect client?
Scenario : This article will guide you on how to configure an SSL VPN connection with the OpenVPN Connect client. Answer : Please navigate to VPN > SSL VPN > to configure the Incoming Interface, Clients will use VPN to access, Client Network, Authentication relative information. Once it's done, please download the SSL VPN…
-
[ATP/FLEX] How to check site-to-site VPN disconnection status in Nebula?
Scenario : The administrator may wonder how the site-to-site VPN stability is in Nebula. This article will guide you on how to check it. Answer : You could navigate to Site-wide > Monitor > Firewall > VPN connections to check the historical disconnection status. If there was a disconnection record, it would display a red…