zyman2008  Master Member

Comments

  • Hi @bav, Hi @bav, The answer of the first question could be found in the packet flow explorer. Go to MAINTENANCE > Packet Flow Explorer. It's show up the routing priority of zyxel firewall. Once you setup local/remote policy on wizard. The route rule is set into the S2S VPN route table. The second answer, Yes. You can…
    in S2S VPNs star topology Comment by zyman2008 April 10
  • Hi @bav, There're two type of IPSec S2S VPN: Policy Based and Route Based The setup via wizard is policy based. And the VPN routing is depends on local/remote subnets settings. In your case, the network address of each site is Site A: 192.168.1.0/24 Site B: 192.168.2.0/24 Site C: 192.168.3.0/24 Site A, B, C network is…
    in S2S VPNs star topology Comment by zyman2008 April 9
  • Hi @FelixSchneider , Give a try to disable the "Redirect HTTP to HTTPS" in System > WWW page.
    in USG Flex 200 Captive Portal / Walled Garden SSL error Comment by zyman2008 March 7
  • Hi @cmanley , If you want to control only from LAN of FLEX 700 can route to LAN of ATP800. Then policy route is better than static route. You need add policy route on both FLEX 700 and ATP800 On FLEX 700, add policy route: source: LAN of FLEX 700, destination: LAN of ATP800, next-hop: IP address of port 10 of ATP800 On…
    in Static Route between two Zyxel Routers Comment by zyman2008 February 1
  • @QuiteSmart I found here the discussion about the Samsung Apps with the behavior. https://www.reddit.com/r/pihole/comments/hi1s69/is/ I didn't try the NetGuard Apps. (donate 7.50 EUR to get pro features) So that I don't know is that true or not, just FYI.
    in www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com Comment by zyman2008 January 26
  • Hi @QuiteSmart , I found Samsung mobile phone with this DNS query behavior once switch on WiFi. There're 3 weird DNS domain queried. *google.com www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com google.com.onion Check VirusTotal look like safe now so far. I think the workaround to block the DNS query…
    in www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com Comment by zyman2008 January 20
  • Hi @NoE , If the web services need to public to Internet. The FLEX firewall just control the access to the web service. If there're vulnerabilities on the web application (web codes) itself. That's the only potential risk and that FLEX cannot help. To narrow the attack surface of your web services. You need to well…
    in USG Flex700 vs Web Server (Synology) Comment by zyman2008 January 7
  • Hi @kawer83 , It's better to post the topology. So that can make it easy to give you comments of the settings base on best practice. Is it like this ? VPN client — Internet — Fritzbox — USG — RDP target First scenario: VPN client(IPSec client) → USG (IPSec VPN server) → RDP target Second scenario: VPN client(WireGuard…
    in VPN solution with USG20-VPN and Fritzbox Comment by zyman2008 January 3
  • Windows built-in L2TP over IPSec can support with External RADIUS service that support 2FA. All using external 2FA service. You don't need to enable 2FA settings on ZyWALL. The password is in the format(Append second factor code after first factor user password): password,code I had helped a client integrate ZyWALL with AD…
    in ATP + VPN + MFA Comment by zyman2008 December 2023
  • Hi @Peter_EO, Yes, it's a Chicken or the egg situation. You need another client device (ex: mobile phone) to get the token in the email. Impossible with the VPN client device only. Or you need to use Google Authenticator or SMS to get token instead of email.
    in Flex 500 Full Tunel SSLVPN with 2FA Authorization Problem Comment by zyman2008 December 2023
  • Hi @cfts_ea , The "port" you configure is layer 3 IP interface. So that you need to set interface Core to a ZONE(Object > ZONE), ex: Core ZONE. And interfaces Workshop/CCTV/Wi-Fi/ZUKU into another ZONE, ex: ZONE1. And then go to Security Policy > Policy Control to add rules, rule1: From ZONE1 to Core, src: any, dst:…
    in issues with understanding/get working L2 Isolation betwen fixed networks Comment by zyman2008 December 2023
  • Hi @NEP , For IPSec (IKEv2) VPN + Windows/macOS/Android StrongSwan client + Google Authenticator. The VPN use need to open browser manually to the MFA URL, after VPN connected. In this example, the URL is setup to LAN interface IP (192.168.10.1) of my ATP with default port 8008. The MFA URL will be http://192.168.10.1:8008/
    in ATP + VPN + MFA Comment by zyman2008 December 2023
  • Support in USG FLEX on premise mode. Not support on cloud nebula mode. All the configuration take place on USG FLEX local GUI.
    in USG FLEX 700 hotspot with Purple WiFi or Socifi how? Comment by zyman2008 November 2023
  • Hi @greg USG FLEX 200/500/700 + Hotspot Management service license can integrate with Socifi. You can refer the guide, The main use case is for wifi marking/Ads: () Socifi as external captive portal (easy and quick to customize the portal page) Can setup dynamic media contents once guest visit portal page Can mange…
    in USG FLEX 700 hotspot with Purple WiFi or Socifi how? Comment by zyman2008 November 2023
  • Hi @emisaacson , Add policy routes on both sites. Internet ←→ ZyWALL 1100 ←→ VPN ←→ Remote Site ←→ 10.168.20.161:443 On ZyWALL 1100, 1. Add a policy route for Internet to 10.168.20.161:443 over VPN tunnel to remote site. Internet→(ge1)ZyWALL 1100→VPN→Remote Site→10.168.20.161 source: any, destination: 10.168.20.161,…
    in Zywall 1100 NAT to a an ip address on the other side of an IPSEC VPN Comment by zyman2008 October 2023
Default Avatar
EnglishTiếng ViệtРусскийไทย中文(台灣)