Comments
-
create another policy with higher priority. You wanna exclude IP1 For example: Rule1 : IP1 allow any Rule2: IP1's subnet allow any with scheduled.
-
How did you do "planification to shutdown internet connection", you mean you already implemented on FLEX500 ?
-
The ports connected to PC do not need Tagging (Trunk) .
-
Your upper device have Port forwarding ? Ensure the SSLVPN port are the same. For example: Client connected "VPN server:10443" and your Firewall GUI is also 10043
-
For example, 1)you can make lan1 as vlan1 2)Then creating VLAN20/30 set Base Port lan1 ,interface type "internal", VLAN ID , IP address also dhcp service. By the way, I think create customize zone for respective vlan since it's better for design secure policy 3)Creating policy to restrict service as you want. From zone:…
-
What block message show after you deactivated UTM filter ? or any logs ?
-
Can you see prob traffic sent from VPN300 or receive on zywall110 ? And what's your check period timeout tolerance?
-
Try latest 4.73 weekly. https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version
-
It seems that Zyxel encourages to use cloud upgrade to avoid unreachable Read the Note: Note: For the initial installation of the USG FLEX H Series firewall, please using the firmware wizard to upgrade to uOS 1.08 Patch 1 firmware first, and then proceed with the upgrade to uOS1.10 firmware. The device becomes unreachable…
-
Try to disable if you are using Chrome chrome://flags/#enable-tls13-kyber
-
FQDN object should work with now alive appliance. But sounds like you have FQDN object which mean your firmware should support this feature. Maybe try the latest firmware ?
-
It can. It works with FQDN objects.
-
Those addresses are server need to access which means this is outgoing traffic. I thought you need a rule is LAN → WAN , dst: AppOutlook
-
Ahh, Sorry, I should note you have rule1. I think you need to design a for "DNS-Net" zone. Rule1: from"DNS-Net" zone not any
-
Your Secure Policy is incorrect. Correct rule be like: Source zone : WAN , Source: Any Dst znoe : LAN , Dst: Synology IP