Comments
-
yes, but I made a IKEv2 vpn. I am actually seeing this log [SA] : No proposal chosen on ipad I selected my WAN IP for both server and "remote ID" field. Other than that the user name and password
-
much appreciated! those settings were crucial: Just one thing, I don't have anything in L2TP VPN section Just in IPSEC VPN section I don't get any log errors. However, the ipad does not yet connect. I see a couple of IKE logs, but just info [SA] : No proposal chosen (this seems like an issue?) info IKE The cookie pair is :
-
So, I would pick: "remote access (server role)"? I think I got everything setup. However, When i try to connect form my ipad I see access is blocked on USG Security Policy Control Match default rule, DROP [count=4] Do I need to open the firewall for VPN?
-
I might give it a try. Also not sure about latency. USG is in US with client in EU. In order to make this work with ios and a laptop, what VPN server configuration do I need to select? Assuming on the laptop as simple as this:
-
thanks. BTW. I am not sure I have V2. Does this FW still apply?
-
or was there some Zyxel outage?
-
Is there any way to configure apps vs. ports in the Flex?e.g. I can enable "wahtsapp"vs. looking for ports and configure?
-
I found only port out 5222 to be logged as blocked. I opened it.I believe that whatsapp must have used 443 in the past as indicated in article link above (which was open for outbound)
-
the reason for me looking was slow web surfing. speedtest was ok. After fixing the geo fence web surfing speed is back to normal. Looks like my IP came into the crosshair.... I have a couple of questions:1.) any harm to disable SSH?2.) What exactly is "authentication server" under system?3.) Can I lock login to local…
-
my geo fences are #1 and #2 rule. However, embarrassed to report that I just found out that the GEO block "to Zywall" was set to allow.... So, my fault.
-
I am more and more baffled by this. I am getting failed SSH logins from Iran 34.100.181.71 (which is part of Asia). I blocked all Asia. Why is the security policy not trump SSH logins?
-
So, are you saying Zyxel doesn't have 61.177.173.48 in the China DB? Where in the menu can I lock down login? Frankly, I can lock it down to local network access only fro SSH and WEB
-
I have the GEO policies already at prio 1 and 2 (on top)
-
I do have two security policies:1.) any to Zywall2.) any to any(excluding zywall) both deny with a IP4 source group that includes "Asia"no log SO, I wonder why I still saw the log entry?
-
thanks for confirming. I have ip/mac binding on internal network as I have some static IP's