Comments
-
Hi @RAV_ZYXEL, You can go to Expert mode GUI. To run diagnostic test, (1)ping DG (2)If ping DG is OK. Then do traceroute
-
Hi @USG_User, Not sure what's happened. So that recommend to take some monitoring action. That might has a chance to catch something. 1. Send "User" category log to external syslog server or save to USB flash disk. This can monitor if any abnormal user object change(add/edit/delete) action happened. 2. Setup Configuration…
-
Hi @RAV_ZYXEL, There are two type of topology 1. ISP DG --- ONT(bridge) --- Firewall(bridge mode) --- Clients(public IPs) In case, ISP offer a block of public IPs for clients & firewall (1)You need to configure USG20 as bridge mode (2)All client setup static public IP and DG is the DG of ISP 2. ISP DG --- ONT(bridge) ---…
-
This is what you need to solve first with help from your ISP before connect your USG20 VPN firewall.
-
From the fault-tolerant design point of view. That's make sense to separate different group workload to different module. After check the user guide and CLI guide of 4600 switch. Cannot find how to configure the lacp port-priority, which is common used in Cisco/HPE/Aruba even TP-link switch. Look like 4600 switch support…
-
To support change mss on all interfaces (include GRE interface) could be a solution. Please Zyxel consider to support change mss on GRE interface.
-
DH19(ECP256), DH20(ECP384) is support by Azure. (DH21 is not support) It's an alternative to DH16,17,18 with same security strength but fast.
-
Here what I use to monitor network device & server. Commercial product - PRTG Easy to install, more features and you can call support if purchase license. Open Source, - Zabbix Free, need to has Linux knowledge to install and trouble shoot.
-
The link you post is a very old article. This is up to date one, https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding- You need to add the security policy. It's not automatically add allow WAN to LAN firewall rule for NAT.
-
Hi @GPX, Zyxel firewall IKEv2 for VPN client support authentication with certificate + EAP-MSCHAPv2 only. You can follow these steps to configure, 1. Create a self-sign certificate for IKEv2 rule. (1)On GUI, go to Object > Certificate > My Certificates, click add. (2)In subject, you can choice IP address and type-in your…
-
Hi @Mattia_Tecnosoft_Srl, Here the configuration steps, 1. Create address objects (1)Create address object of your local network 10.0.1.0/24 ex. object name: LOCAL_NETWORK, type: SUBNET, network: 10.0.1.0/24, netmask: 255.255.255.0 (2)Create address object of remote network 10.96.0.0/11 ex. object name: REMOTE_NETWORK,…
-
Hi @me_medesimo, Yes, you need to add policy route on both main office and each office router on other site. Here a configuration guide you can refer, https://support.zyxel.eu/hc/en-us/articles/360007265299-How-to-forward-traffic-to-branch-site-server-after-client-established-VPN-tunnel
-
I using Python 3.8.2 on Windows 10, with netmiko module. Write simple Python script to send command and get output from my ZyWALL110. So far, no problem.
-
Hi @Brano, Here the problem, 10.10.20.0/24 is not included in the local policy for client. So that the traffic from client to 10.10.20.0/24 will not go into the VPN tunnel. You can change the local policy to subnet 10.10.0.0/19 (10.10.0.0/24 ~ 10.10.31.0/24), which include both 10.10.10.0/24 and 10.10.20.0/24.
-
Hi @alexAT, That's what I know about Zyxel IPSec VPN. It doesn't support multiple traffic selectors in phase 2. So that it depends on what's the peer VPN gateway supported. If the peer VPN gateway support route-based IPSec VPN. Then, change both side to use route-based IPSec VPN is the choice.