WJS  Ally Member

Those addresses are server need to access which means this is outgoing traffic. I thought you need a rule is LAN → WAN , dst: AppOutlook

Ahh, Sorry, I should note you have rule1. I think you need to design a for "DNS-Net" zone. Rule1: from"DNS-Net" zone not any

Your Secure Policy is incorrect. Correct rule be like: Source zone : WAN , Source: Any Dst znoe : LAN , Dst: Synology IP

Share your P1 P2 proposal . And capture negotiation packets. It will have what Android 14 proposal used

Just change LAN IP from Nebula GUI directly.

capture packets to see the negotiation when you updated DDNS.

It had end of support. I recommend replace a new one

It sounds like your are talking about the LAN of the third party router under the USG. I thought you have to allow RA traffic on Router. Maybe you can try to capture traffic on Router's LAN to see if any ICMPv6 .

I mean set prefix 64 at RA filed Devices are under USG50 might have ipv6 address.

your prefix length should be 64 ?

The Slave have to enable HA pro when you completed Master. -leave one cable on sync port this moment -Check both units have the same firmware https://mysupport.zyxel.com/hc/en-us/articles/360010570539--ZyWALL-USG-How-to-set-up-Device-HA-Pro-on-ZyWALL-USG-appliances

I guess you can get the correct md5 within "bin" file rather than zip file.

Try to use windows native client or SecuExtender. At least those are officially claimed to be usable

It can't do by MAC address but IP address

How about MacOS ? Find the Windows KB, if your Firewall behind the NAT router.