itxnc 
Ally Member
Comments
-
We've seen the SHARE thing once or twice with our clients. Always goes away on boot. The version issue was due to Zyxel pulling 4.60 right after it got released to fix a critical security issue. When the Patch 1 version came out it seemed to hit the download servers before showing up in the cloud query.
-
Must be the fast forwarding or something changed by 4.38. Ran a diff between 4.60 and 4.38 (couldn't find 4.36 to download) and the only changes were to some default WLAN parameters, removal of des cipher/TLS1, changes to the default Content Filter profiles (which are disabled by default anyway), and some setup for…
-
Excellent - was looking in the wrong 2FA tab. Thank you!
-
Will be well worth the wait for the custom block page: [ENHANCEMENT] Support customized block page of Content Filtering and URL Threat Filter at Notification > Response Message And this!! 10. [ENHANCEMENT] Support Google Authenticator two-factor authentication for administrator access. UPDATE: Where is it? Only options are…
-
Going to bounce this for some more attention as well. Having 2FA is *great*, but the requirement of an active Internet connection is... a problem. Currently we lock down the Admin GUI with 2FA and leave the local SSH access without it. So if we have to get into a router, we SSH in, turn GUI 2FA off, and get into the…
-
That's what I figured - but just wanted to make sure. Thanks!
-
First, you need to setup the Email to SMS Integration on ClickSend and make sure the email address SENDING the message from the Zyxel gateway (configure in Notification -> Mail Server tab) is listed: Add it under Manage Allowed Addresses (the sending address listed in the Mail Server tab on the Zyxel) On the Zyxel side,…
-
So in an Active/Passive scenario where you kill connections on fail back, is there any difference between Spill-over and least load?
-
Suspect it was a lingering connection. I had not checked the 'Disconnect Connections Before Falling Back' I also had used the wrong algorithm. Initially we'd used a cellular modem- which the KB says to use Weighted Round Robin for:…
-
Correct - the extension LAN is sort of a 'shim' network but you'll have direct access to the LAN as long as the SSLVPN to any (or LAN1) default firewall rule is still there. LAN1 will route to 192.168.200.x automagically. No routes needed. And if your tunnel is a split tunnel, you create a LAN1 -> SSLVPN firewall rule…
-
Namecheap 1Yr certificates are super cheap and work great on Zyxel routers. < $10/year. But you can also just take HTTPS out of the WAN to Zywall service group if you don't use remote admin or SSL VPN.
-
Little birdies have said this is on the roadmap - hope so - would definitely be a step in right direction (*cough* UniFi *cough*). I'm not a big fan of Nebula right now because it hides so much functionality BUT jsut the direct remote access without having to VPN into a router along with centralized monitoring would be HUGE
-
But @CHS is right - when you use the SSLVPN Extension network (192.168.200.1 is the default), your scenario works fine. Just tested it on a USG40. Both with full tunnel checked and unchecked. In full tunnel mode - you don't need the LAN1->SSL_VPN Security Policy. In split tunnel mode, you do. No route needed. So I SSL VPN…
-
If you're just trying to VPN into a domain managed LAN, that LAN is using the domain server for DNS as well, correct? If so, can't you just do something like this: https://businessforum.zyxel.com/discussion/4207/how-to-force-dns-query-pass-into-ssl-vpn-tunnel To force the remote system's DNS through the VPN to the domain…
-
Interesting method to route the VLAN traffic (using the source filter). Curious if you all see pros/cons to doing that vs making each VLAN it's own Zone. For example, here is a fairly involved setup we have for a client needing extensive VLANs themselves and then VLANs for tenants in small offices they rent out: You can…
