QuiteSmart  Freshman Member

Maybe I just didn't want to read such a thing ;-) Can we close it saying that there is no possibility to create a client-server VPN (with certificate) with a firewall behind a router?

Thank you @Peppino , thank you @PeterUK for your feedbacks. Would you be so kind to check the configuration and log that i posted a few days ago and compare it with yours? I really cannot understand what i am missing. Apart from the ATP i've made some tests on an USG40 behind a Fritzbox router: the router is configured so…

actually the firewall it's not hidden: the ISP router is configured so that the Firewall ip (router lan / firewall wan) is in DMZ so that (theorically) all the traffic to the ISP router is redirected to the firewall. I suppose that in this scenario one's able to connect via VPN, am I wrong?

Hello @zyman2008 your solution for avoiding the logs is smart and i'm likely to click "solved" I just wonder how we can understand which app is asking for it (if it's an app and not the system itself)

hello, do you see anything in the logs? if you connect a computer to another lan port of the fritzbox are you able to connect? (this test can let you understand whether the problem is the the fritz nat/dmz even if you made the test with the computer directly to the fritzbox have you tried disabling (just for test) the…

Hello, have you tried inserting domain.local in: configuration —> system —> host name —> domain name

update: i tried the same configuration on another firewall with the same firmware, the only difference is that the 2nd fw is not under NAT. In this case it works (same phone).

I'm trying to use the wizard to connect an android phone (samsung!) to an ATP with latest firmware, the firewall is under a router, I modified phase 1: in my address instead of "interface" i selected "domain name/IPv4" and entered my public (static) ip. this is what i get on the firewall: this is what i get from…

@electsystech thanks for joining the discussion. The number of oooo in my case is always the same (3 different organization's firewalls). If i google that domain it gives almost no results and this makes me thing that it's a rare problem but the fact that 3 different android phones of 3 different users connect to this…

Hello @PeterUK resetting works for sure but it would not reply any of the 4 questions. Besides you can imagine how difficoult would be to convince users to reset their phone for a problem that they do not even feel. 😓

Hello, i am trying to let 5 APs on Nebula write log on a syslog server (a Synology NAS), i cannot use the default 514 port so i found this post… since i tried to enter the IP in the format xxx.xxx.xxx.xxx:517 but Nebula still doesn't accept it. Is there any way to get through it or is it still an idea?

Thank you @Zyxel_James so if the following scenario happens: the option is V there is no configured IPSec gateway/connection the default WAN to Default ports rule still exists in the firewalling rules The option do something like creating a hidden higher rule that closes 500 and 4500, am i right? It is an useful option for…

thank you again @PeterUK your theory is wise, let's see if someone of the staff has something to add ;-)

Hello @PeterUK and thank you for your reply. Do you refer to the security policy "default allow WAN to Zywall" which by default allows AH, ESP, NATT, IKE and 2FA? In other words if there is no VPN configured it blocks that rule? By the way I use to edit that rule for better security (geo restriction and deleting VPN…