Discussions - Zyxel Community

How to make H series as VPN server role?
Scenario: The branch1, 2 would access HQ subnet and vice versa through Site to Site VPN Solution: If you don't want to use Route based VPN, You can use Policy based VPN as alternative. HQ Site: 1)Setup Peer Address is Dynamic Addeess 2)Check Iniation is Responder Only and Remote TS is "0.0.0.0/0" You don't need to add…
How to verify which traffic will into VPN tunnel on H series?
Question: How to verify which traffic will into VPN tunnel on H series? Answer: You can fine which traffic will into Tunnel by following command usgflex700h> show ipsec xfrm-policy vrf main
How to import TGB profile in MACOS
Question: How to import TGB profile in MACOS Answer: 1)Select import 2)Choose the File with .tgb extension
How to establish an VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client?
Question : How to establish the VPN connection with the USG Lite 60 AX by the macOS Sonoma native VPN client? Answer : This article will guide you on how to establish an IKEv2 VPN connection with the USG Lite 60 AX using the macOS Sonoma native VPN client. Navigate to Site-wide> Configure > Cloud authentication > To add a…
How to establish an VPN connection with a Nebula firewall by the macOS Sonoma native VPN client?
Question : After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to…
Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue?
Question : Why can't I establish a VPN connection after updating to macOS Sonoma? How can I resolve this issue? Answer : Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work. USG Flex/ATP firewall model…
Is it possible to configure VPN for USG FLEX H device on Nebula?
Question: Is it possible to configure VPN for USG FLEX H device on Nebula? Answer: Currently, USG FLEX H series supports Cloud Monitoring Mode only on Nebula. You need to login to the web GUI to configure VPN. You can also generate the IP address for remote connection in Devices > Firewall > Live tools > Remote…
How do I set up SecuExtender on a USG FLEX H device to generate a tbg file?
Question: How do I set up SecuExtender on a USG FLEX H to generate a tbg file? Answer: After you enable "Remote Access VPN" on your USG FLEX H device, go to SecuExtender VPN Client and click Configuration > Get from Server. The SecuExtender VPN Client will fetch the configuration file from USG FLEX H.
USG FLEX H Series - IPSec VPN Debug Logging
IPSec VPN is a crucial feature for many users of Zyxel security appliances, providing secure connectivity between different sites. However, troubleshooting VPN issues can be challenging with the standard event logs. To address this, uOS now includes detailed IPSec VPN debug logging capabilities. Key Features Real-Time…
USG FLEX H Series - Customize Zone in Remote Access VPN
In previous updates, we introduced the ability to set zones within the site-to-site VPN wizard. This update uOS version 1.21 extends similar functionality to remote access VPNs, making the configuration process more intuitive and streamlined. Key Enhancements Direct Zone Customization: Users can now directly change the…
L2TP VPN doesn't work on Windows 10, but it works perfectly on Windows 11. What should I do?
Question My L2TP VPN on Nebula doesn't work on Windows 10, but it works perfectly on Windows 11. What should I do? Answer It looks like the issue you're experiencing is related to specific Windows updates on Windows 10. The patches KB5036893 and KB5036892 have been reported to break VPN connections. To resolve this issue,…
How to check the detailed information of concurrent VPN connections via the CLI?
Question : In the article: How to check the number of concurrent VPN connections via the CLI?users can learn how to check the number of concurrent VPN connections using the CLI. They may also want to check the detailed information of these connections. This article will guide you on how to do this. Answer : Please use the…
How to check the number of concurrent VPN connections via the CLI?
Question : Users may wish to use CLI to check the number of concurrent VPN connections. This article will guide you on how to check this. Answer : Please use the CLI command show ike ike-sa-count to check it. For example : usgflex100h> show ike ike-sa-count 1 This means the USG Flex 100H has one concurrent VPN connection.
[Nebula]Is it possible to configure inbound/outbound NAT in Nebula VPN?
Question Is it possible to configure inbound/outbound NAT in Nebula VPN? Answer At the current design stage, Nebula does not support inbound/outbound NAT. However, it can be configured in on-premise mode.
How do I set up NAT port forwarding for remote AP usage on the firewall?
Scenario : Users may wish to use the remote AP service behind a NAT scenario. For example, in the topology below, the remote AP will establish a VPN service to the destination firewall USG Flex 100. Remote AP === internet === USG Flex 200 === (NAT ports forwarding) === USG Flex 100 Users may wonder how to set up NAT port…
USG FLEX H Series - Remote Access VPN with AD
USG FLEX H Series - Remote Access VPN with AD Overview The USG FLEX H Series firewalls now support Remote Access VPN authentication using Active Directory (AD). This enhancement allows centralized user management and improves security by leveraging your existing AD infrastructure for IPsec VPN and SSL VPN authentication.…
USG FLEX H Series - AD Server Authentication
USG FLEX H Series - AD Authentication Overview The USG FLEX H Series now supports AD (Active Directory) authentication for both IPsec VPN and SSL VPN users. This enhancement allows centralized user management and enhanced security by leveraging your existing AD infrastructure. AD Authentication for VPN Supported…
USG FLEX H Series - Two-Factor Authentication for VPN
USG FLEX H Series - Enhancement on Authentication for VPN Overview The USG FLEX H Series firewalls now support several authentication types for VPN access: Local User with Two-factor authentication (2FA) External User on AD/LDAP Server Local Users - Two-Factor Authentication for VPN Clients How It Works When a remote user…
Why the site-to-site VPN tunnel will disconnect hourly? How to reslove it?
Scenario : Users may encounter a situation in the site-to-site VPN tunnel that will disconnect hourly. This article will guide you on how to identify the possible reasons and resolve this problem. Answer : The possible reason for the site-to-site VPN disconnecting hourly is that the Phase 2 SA Lifetime is set to 3600…
Why can't we select a certificate in VPN Phase 1 for authentication?
Question: I can import a third-party certificate to FLEX/ATP without any errors. However, I am unable to select this certificate for VPN phase 1 authentication. What could be the issue? Answer: ZLD does not support ECDSA certificates in the VPN module, so we cannot select them in Phase 1. Please sign the certificate again…

Welcome!

It looks like you're new here. Sign in or register to get started.