Comments
-
On my environment, I did not see this popup page during connected with USG. you may also tick "Treat all future networks that I connect to as public, and dont as me again" to avoid the popup page.
-
Do you enable any UTM feature? The firmware version your are using is quite old, you may check with firmware v4.38.
-
If the pop"select network location" appear, it's probably connecting to different routers or connect new network. you can check this discussion https://superuser.com/questions/236996/why-does-set-network-location-pop-up-every-time-i-connect-with-vzaccess-manage
-
I think the certificate still need to be imported to each USG and Ipsec clients, since its self-signed cert.
-
You can check device's help,"enable failover when device service fails" Select this to have the passive Zyxel Device take over when a monitored service daemon on the active Zyxel Device fails. You can also check this KB https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=017502&lang=EN As my environment,…
-
Do you want Ipsec VPN client to do the authentication without username/password(authenticate with certificate)?
-
Check this article to avoid local subnet overlapping problem. However, it could be managed easier if the network with different subnet. https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=014715&lang=EN
-
As you mentioned, you only can configure one subnet either in the remote policy or the local policy. However, you can segment subnet widely which include servers IP address. Is the Server under ATP? If so, you can access it via VPN tunnel without NAT You may draw the topology to understand it easily.
-
Try to test PC with Netflix instead of Smart TV in your environment.
-
If you want to limit only some service go through indicated interface. Go to object to customize service or port to be group. Create the account which will be controlled. Go to routing, and set as below Failover for internet, just add two wan interface in the customized profile on trunk page
-
Can the USG get public IP directly? To make scenario purely, try to remove the TP-Link device, let USG get public IP and check it again.
-
Does the device reboot continually? or there is not LED blinking on the device?
-
It seems the 404 not found and 401 unauthorized appeared on the packet, so you may check the client information add in server correctly.. Also, did you create the NAT rule on the another NAT router?
-
Per my understanding, you dont need to configure NAT rule for it. Why you want to add allow traffic for stun server? Was the traffic blocked by ATP?
-
Configure remote subnet widely which include multiple IP address, so client can access it.