Best Of
Re: Remote Site VPN connection to another VPN
Hi @Smartpeg ,
Welcome to Zyxel Community!
If you want the VPN client subnet 192.168.150.0/24 can reach Non-Nebula VPN peer subnet 192.168.52.0/24, you may configure "Remote Client VPN" as "Use VPN" at Site-to-Site VPN page.


NSG side will have a policy route automatically making traffic from 192.168.150.0/24 to 192.168.52.0/24 go through site-to-site VPN tunnel.
Please also remember there needs to have a policy route on the Non-Nebula side to make the next-hop of the traffic from 192.168.52.0/24 to 192.168.150.0/24 be Site-to-Site VPN tunnel.
Hope it helps.
Welcome to Zyxel Community!
If you want the VPN client subnet 192.168.150.0/24 can reach Non-Nebula VPN peer subnet 192.168.52.0/24, you may configure "Remote Client VPN" as "Use VPN" at Site-to-Site VPN page.

NSG side will have a policy route automatically making traffic from 192.168.150.0/24 to 192.168.52.0/24 go through site-to-site VPN tunnel.
Please also remember there needs to have a policy route on the Non-Nebula side to make the next-hop of the traffic from 192.168.52.0/24 to 192.168.150.0/24 be Site-to-Site VPN tunnel.
Hope it helps.
Re: Интервал синхронизации SNTP
Спасибо. Дамп не требуется, я сам вижу такое поведение коммутатора.
От разработчиков получил информацию, что все таки это дизайн.
Подал заявку на его изменение. Пока это все, что можем сделать.
Какие в вашем случае проблемы это создает? (я сам понимаю про лишний трафик и повышенную нагрузку, но хочу от вас услышать как именно мешает настолько частая синхронизация времени коммутаторами - может быть есть дополнительный эффект, который поможет продвижению реализации этого запроса.).
От разработчиков получил информацию, что все таки это дизайн.
Подал заявку на его изменение. Пока это все, что можем сделать.
Какие в вашем случае проблемы это создает? (я сам понимаю про лишний трафик и повышенную нагрузку, но хочу от вас услышать как именно мешает настолько частая синхронизация времени коммутаторами - может быть есть дополнительный эффект, который поможет продвижению реализации этого запроса.).
Re: Workaround for max. 4 virtual WAN interfaces on USG 110
Lets take the IP on virtual interface wan1:1
If you make a routing rule say:
incoming Interface
member lan1
source IP 192.168.1.240
next hop Interface
Interface wan1
source network address translation the wan1:1 IP
But if you remove the virtual interface wan1:1 this routing rule should still work?

5
Re: ZyWall 110 update from Firmware version v3.10 to 4.x
Pat
The firmware has been private message to you. Please have a check.
Before upgrade the firmware, you need to backup the configuration first, and update by each version. Currently, the latest firmware is v4.60, but I suggest you should upgrade at least to v4.38.
The firmware has been private message to you. Please have a check.
Before upgrade the firmware, you need to backup the configuration first, and update by each version. Currently, the latest firmware is v4.60, but I suggest you should upgrade at least to v4.38.
Re: block twitch with FQDN not working with schedule rule
Try a FQDN
*ttvnw.net
tested here with USG60 V4.60 and it works

1
Re: Enable SSL_VPN and disable remote managment
@xkp68
Go to Configuration>WWW>Session control>create the profile on Admin Service Control
Zone select the Zone which you created, and choose deny
For example, create profile OPT deny.
Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.
Go to Configuration>WWW>Session control>create the profile on Admin Service Control
Zone select the Zone which you created, and choose deny
For example, create profile OPT deny.

Therefore, client cannot remote management device by OPT's Wan IP, but can establish SSL VPN with OPT's IP.
Re: Is there a version for macOS Big Ur
@Seanlongman
The SecuExtender has been updated to support macOS 11 (Big Sur).
You can check this thread
https://businessforum.zyxel.com/discussion/5146/release-note-secuextender-software-mac-osx-version-1-2-has-been-released/p1?new=1
The SecuExtender has been updated to support macOS 11 (Big Sur).
You can check this thread
https://businessforum.zyxel.com/discussion/5146/release-note-secuextender-software-mac-osx-version-1-2-has-been-released/p1?new=1
Re: V4.60 External Black List
@bkuschel
Regarding to detect mechanism of URL Threat Filter,
the device mainly scan hostname.
Here is an example as your reference,
create txt file with office365.login.microsoftonline.com.boffic.com as context.


Therefore, on this situation, the hostname will be office365. Not login.microsoftonline.com.
You can check the result as below


Regarding to detect mechanism of URL Threat Filter,
the device mainly scan hostname.
Here is an example as your reference,
create txt file with office365.login.microsoftonline.com.boffic.com as context.


Therefore, on this situation, the hostname will be office365. Not login.microsoftonline.com.
You can check the result as below


Re: Zywall 110 cannot ping from LAN1 to clients
@Peter_NL
Regarding to VPN design(Client to Site), client as initiator can access to local server, but server cannot access or ping to client.
You can use IPSec Site to Site VPN which can fulfill your requirement .
Regarding to VPN design(Client to Site), client as initiator can access to local server, but server cannot access or ping to client.
You can use IPSec Site to Site VPN which can fulfill your requirement .
Re: VPN client for NSG100?
@Elgen007 When you get the page (Zyxel download library) you don't need to select anything just scroll down and then click download SecuExtender IPSecVPN 

