Zyxel_Cooldia  Guru Member

Hi @TriLanSupport , You also can check if it is blocked by MAC OS Privacy & Security Settings.

Hi @itxnc, The most common reason for the 'Couldn't agree a key exchange algorithm' error message in PuTTY is an outdated version of the software. To resolve the issue, you can try upgrading to the latest version of PuTTY, which should support the latest key exchange algorithms and security protocols. By the way, has the…

Hi @TriLanSupport, My lab's MAC OS is 13.2, and the SSL VPN client is 1.2.5. It does not have any issues when building up an SSL VPN tunnel. Are there any error messages that pop up when you try to build up the VPN tunnel?

Hi @ChipConnJohn , It is unable to get rid of the certificate warning because the certificate is not signed by a third party. However, you could ignore certificate errors by launching Chrome with the parameter --ignore-certificate-errors, for example: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe…

Hi @ChipConnJohn , I have reaised it as FRQ, and this feature will be avabile in 2023/Q4.

Hi @ChipConnJohn , At current design, the MAC SecuExtender VPN Client does not support web page launch, so I will raise a Feature request. Please open a browser and type URL manually for 2 factor authorization temporarily. As for password saving, could you please help to confirm it again, i can save passwords in MAC…

Hi @JCE , You can use ClickSend to send SMS for 2FA. Please refer to the link below for instructions on how to configure two-factor authentication (2FA). https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018012&lang=EN

HI @TriLanSupport , Welcome to Zyxel coummnity. Please uninstall the old VPN client and install the new client on macOS to avoid potential issues that may arise if you only update or replace the old version with the new version of the VPN client.

Hi @PhilippeBkk , The issue has been resolved. Please download the firmware from the link below.

Thank you for updating me on the test result. After changing the remote policy from an IP range of 0.0.0.0 to 255.255.255.255 to a subnet, there were no more reboot crashes.

Hi @ChipConnJohn , THanks for feedback. We are checking this issue. please wait for my update.

Hi @itxnc, When the issue occurs, can you check the gateway's ARP by using the CLI command 'show arp-table'? Assuming you can see the gateway's MAC address in the ATP ARP table, please open three terminal sessions in ATP. The first session is for pinging the WAN1 gateway, the second is for pinging 8.8.8.8, and the third is…

Hi @Catkins , Could you send me the device start up configurtian file. Assume the security policy already follow the best practice. the error message should be gone.

Hi @infosecwest , Could you please help us to confirm what is the I phone IP address when it is connected to AP? We would like to check if the phone is in bridge subnet or not.

Hi @JCE, Can you test again and check if the IP shows up in twofa-ipsec-ip? It should be listed in twofa-ipsec-ip before clicking the authorization email. Once you click the authorization email, it will be delisted from twofa-ipsec-ip. Here are the steps: Connect the VPN client.Type the CLI command "debug system ipset" to…