Best Of

Hi @MarkoD

The firmware WK19 has patched vulnerability in hotspot function.

If your device doesn’t enable hotspot function, then it is immune on your device.

Hi @Wilker  

There are 2 ways can fulfill your requirement.

(1) Port forwarding.

You can add NAT rule and mapping to internal AP IP address.

But SNMP server have to support using different ports.

(2) VPN

If SNMP server support for VPN connection.

Then you can establish Site-to-Site VPN tunnel with USG and query all of devices those behind USG.

Hi @Tharun

You can go to Download Library and search model to find USG100 firmware. 

Hi @nphawong  

In the log it mentioned “fail to change default outing”.

You can go to check adapter status on your PC if “TAP-Windows Adapter V9 for Zyxel SecuExtender” interface is enabled.

Hi @vfm_IT  

In App Patrol function, there are some well-known VPN software are defined as “tunneling and proxy services” category.

You can block VPN software by this category.

Go to Configuration > Object > Application > And click “Add” button to create a APP Patrol object and add “tunneling and proxy services” as member.

Go to Configuration > UTM profile > APP Patrol > Click “Add” button to add a APP Patrol object. And select object which we added before.

Then Go to Configuration > Security policy > Policy control > Click Add button to block it by APP Patrol rule.

For blocking the VPN ports.

You can group the ports as an object, and block the traffic from LAN to WAN.

After these steps is able block almost VPN software traffic from LAN to WAN.

Hi @John_A  

The performance will different when testing by different PC.(if PC performance is better, the result will be better)

But 280Mbps is very close to test result.

If in multi-sessions scenario, the total performance will higher than it.

Hi @Carlsap  

You can setup policy route for this scenario:

Source: Server address, Destination: any, NextHop: WAN2

Source: LAN subnet address, Destination: any. NextHop: WAN1