NEP  Ally Member

Comments

  • Hello. Just installed v5.32 and we are still having the same issue. The SSL VPN won't connect. Same log errors as before. 5.30 works fine, 5.31 and 5.32 do not. I saw in the changelog that there was a MAC OS issue with SSL VPN and ports not being identical. Maybe we have something similar. In any case, I have left 5.32…
    in SSL VPN Not Working Post ATP200/800 Firmware Upgrade Comment by NEP October 2022
  • @Zyxel_James What does "except IP address" after the "IP address is considered as high-risk" mean? As for your request, I don't know what the hosting website's URL is. Just pulled the info given from a Whois lookup. Having our user ask their contact now. I'll DM you all the relevant information once I have it. Thanks!
    in IP Reputation - Whitelisting Best Case? Comment by NEP October 2022
  • Thank you very much everyone! The issue is now fixed. Part of the issue was as @zyman2008 had said. There was no policy route configured for the ZyWALL back to the "requesting" IP. The other issue was that we have a VLAN at one site and not the other. I was using the wrong routing destination (ie. the site's subnet, as…
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP October 2022
  • @Zyxel_Stanley On both sides of the tunnel, I unchecked the "dynamic IPSEC rules" box and checked "Ignore Don't Fragment" but there is no change. Still no access. You mentioned ICMP, just to be clear, I can access and ping all devices on each network (that are set up to respond), except for the ZyWALL at each site…
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP October 2022
  • Does anyone have any other thoughts on this?
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP October 2022
  • @mMontana: No. Ping does not work from a device at the local site to the remote site's Zyxel device. Nor does the ping work from the Diagnostics tab of the local site to the remote site. As for network policy, not sure what you mean by that exactly. Too many similar things named "policy". Then again, I am not that familiar…
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP October 2022
  • Hi @Zyxel_Stanley. Does this have to be done on one or both sides of the tunnel? Currently, they are both unchecked, nor would I have changed that setting. Accessing the opposite device used to work, which is what's strange. It seems like a routing issue, just unsure why I can't find anything in the logs. When looking at…
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP October 2022
  • For routing, SiteA has Incoming "any (excluding ZyWALL)", Destination remote site subnet, and Next-Hop the IPSEC tunnel. This allows us to connect to any remote IP (except for their ZyWall). For Policy Control, SiteB has a policy of: From IPSEC tunnel, To ZyWALL, Source any, and Dest any.
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP September 2022
  • It wasn't, so I just added a policy to log it. It shows in the Logs now as "Web Forward" but access still doesn't work.
    in Can't Access Opposite Web Interface Across Site-to-Site VPN Comment by NEP September 2022
  • Sorry for the delay in responding zyman. That worked, though I really only needed to add a policy route for the SSL VPN scope at Site B. As it was, there was no return path for the connection, which I managed to overlook. Thank you!
    in Accessing Resources Across a Site-to-Site Tunnel when Connected via SSL VPN Comment by NEP September 2022
  • For anyone else who may have this issue, the Dev team was able to mark our issue as a false positive with the packet capture we sent. It took from 8/11 until 8/30 to get a "legitimate" solution. Over two weeks, which is long, but hopefully the detection changes help everyone else in the future. With that said, if you need…
    in IPS - lots of "Reject Receiver" on mail servers communication Comment by NEP August 2022
  • That is correct, we rolled back to v5.30 because we have users that need to use the VPN. Please do not take our rolling back as a solution. It certainly is not, as it will most likely happen again with the next firmware that is released (barring any changes). Something is not correct with the newer firmware, however, at…
    in SSL VPN Not Working Post ATP200/800 Firmware Upgrade Comment by NEP August 2022
  • So much for the Verizon theory, just had two more users confirm that they can't connect to the VPN. Both are using Comcast. One of them also confirmed that they can log into the login page, so they know their password and the SSL VPN connection info is good. User (MAC=-) from http/https has logged out DeviceUser (MAC=-)…
    in SSL VPN Not Working Post ATP200/800 Firmware Upgrade Comment by NEP August 2022
  • We've done some more testing and the SSL VPN is working for some users. Well, one user but they have tested it at multiple locations (all Comcast supplied). Waiting for a couple more users to get back to me. Anyway, those who are affected (ie. can't use the VPN) are using Verizon's services. That is what I have and I've…
    in SSL VPN Not Working Post ATP200/800 Firmware Upgrade Comment by NEP August 2022
  • Can we turn on some other logging? At the moment the system log shows nothing. It doesn't even indicate an attempted connection. In my mind at least, the issue is definitely caused by something in the firmware update. Under Firmware Management we have "V5.31(ABFW.0)ITS-22WK31-r104914" loaded in 1 (Running). The SSL VPN…
    in SSL VPN Not Working Post ATP200/800 Firmware Upgrade Comment by NEP August 2022
Default Avatar
EnglishTiếng ViệtРусскийไทย中文(台灣)