Hi all
I'm new to the Zyxel USG40, but so far have managed after about half a day to get the firewall configured for the most part.
The one thing I can't work out, is how to allow LAN clients to access the ADSL modem, which is the other side of the USG40. So my setup is:
ADSL modem = 192.168.0.1, which is then connected to the WAN port on the USG40
USG40 WAN = 192.168.1.2
USG40 LAN1 = 192.168.1.1
DHCP leases: 192.168.3.x (with gateway of 192.168.1.1)
masks are all 255.255.0.0
Do I need something like a security policy or a policy route to get from say 192.168.3.100 to 192.168.0.1? Without this, it is a pain to access the ADSL modem interface to change settings there.
Thanks for any pointers!
↧
USG40 - how to access ADSL modem from LAN
↧
How to configure ZyXEL P-2812HNU-F1 vT router for use with VoIP phone?
How to configure ZyXEL P-2812HNU-F1 vT router for use with VoIP phone? I want to replace Linksys SPA2102 Phone adaptor which is currently used with phone.
↧
↧
Limit Bandwidth
i have a zyxel USG 200 and i have a specific user on our network that Ties up bandwidth constantly with downloading porn and Torrents, i wanna block all torrent Ports and reduce his bandwith to a crawl, any help would be Awsome.
↧
ZyWall USG 50 Configurition for transparent IP mode
I used to have a sonicwall firewall and I have assigned transparent IP Mode. I need to configure the router so that I can plug in a server with a public IP address on one of the ports. how do I do this in Zyxel? Thanks.
↧
Custom dynamic DNS with Zyxel USG 300 ??
Is there any way to get the Zyxel to access a custom url on the WAN ports (one for each) so i can do custom DDNS on both my WANs ?? The DDNS options are very limited and anything behind the Zyxel cant do it as it randomly sends traffic across wan 1 or wan 2. ideally i would like one ddns hostname on each of my wan ports. the free DDNS options keep deleting my hostnames even when updated regularly and i have custom DDNS provided through my registrar.
↧
↧
USG 100 for sale
http://www.dslreports.com/forum/r30352360-
if interested contact me via PM
↧
Need help USG 50 new new NOOB
Good Day,
I need some help with Port triggering on my ZYwall USG50. I need these ports to be triggered per ringcentral instructions. VOIp Provider. Secondly I need help with ACL.
Please dont slap me for asking these basic questions.
Thank you
80 TCP (Registration)
123 UDP (NTP Server)
443 TCP (Registration and TLS)
4000-5000 UDP (Mobile App Media)
5060-6000 UDP AND- TCP (Phone registration ports)
8000-8200 UDP (RTP and SRTP Soft phone)
8801-8802 UDP AND- TCP (RC Meetings Signaling and RTP)
16384-16482 UDP (RTP and SRTP Desk phone)
20000-60000 UDP (RTP and SRTP Soft phone)
Summary What are the settings that I need to setup on a router with access control list?
Details
Access Control List is basically permissions a computer or a user has to other resources in the computer itself or the network. When configuring your router, the following settings can be used to any computer networking product that feature Access Control List.
IP/Subnets
199.255.123.0/24
199.255.120.0/22
b199.68.213.0/24
199.68.212.0/22
Protocols
HTTP
SIP
RTP
Ports
ALL
Tranport Protocol
UDP
↧
Configuring USG60W to manage 1123-AC AP
Newbie needs help setting up a USG60W to manage a ZyXEL NWA1123AC AP.
I have been pulling my hair out for about a day. It seems that all the documentation on both of these devices is old and I have been unable to find a document or video that explains how to configure the USG60W to manage 1123 AC.
I have followed the instructions that I have found but again I believe the documentation is all old and not current. If anyone can point me to a document or video that is current to explain this I would appreciate it. Otherwise, perhaps someone can take me through the steps.I cannot get the USG 60 W to recognize that the 1123 AC exists.
Per the video that I did find I have set up a CAPWAP_AC under the DHCP settings on lan2. The out of date instructions tell you to set the 1123 AC into management mode. However that setting does not exist on the current firmware release. Thinking that maybe it is automatic I plug the 1123 AC into port to in my USG60W does not recognize it. Any help would be greatly appreciated.
Thanks
↧
ZyXell USG 20 VPN L2TP/IPsec
Hello all,
I am having issues with setting up an VPN connection. I followed all possible guides posted here by Brano and others but nothing seems to work.
Vpn is settled to remote access (server role) and encapsulation to transport.
The issue is:
I am able to connect to L2TP (authentication succesfull) I get assigned IP adress from my desired pool. But I can not access any network sources connected to LAN1. In routing I created rules for:
Incomming : Any (exc zywall)
Source: Lan1
Dest: VPNPool
Type:VPNTunnel
Next-Hop: my vpn connection
also created routing rule for Trunk. But yet I can't acces any not even ping server computer. When I check vpn connection details on my laptop the IP adress is assigned correctly from the pool. But Net mask is different. Computers on LAN1 run on mask ...0 and mine is on ...255 .
Any ideas how to solve this please ? Thanks in advance.
↧
↧
Zyxel- USG40 - NOOB - No Internet with Static IP
Hi Guys,
I have a pretty good grasp of basic networking. I have a Cisco RV042G and was convinced to upgrade to the Zyxel to tighten up my network.
I got the Zyxel, did some reading, created my security policies, setup my wan and DHCP, plugged it in and got nothing. I was unable to ping the WAN addresses configured to the USG. I was unable to Ping my WAN addresses from outside my network.
I went round and round, and finally gave up. Did a complete reset. I went basic and installed the USG40 between my Cisco and a computer. The USG40 got an IP from the RV042G and passed internet traffic.
The next step was I configured the LAN1 to a different IP (From 192.168... to a 10.10) - And I still have internet connectivity.
So I moved the USG40 back infront of the RV042G. So it goes from Cable Modem, to USG 40, to single computer. The only change I made was to set the WAN port to my static IP. I have 5 static IP's at my house.
I tried with both the gateway IP set and blank. But once I configure the static IP I can no longer access the internet.
I also cannot ping the WAN, the gateway, my DNS servers. And my public IP's cannot be pinged from another location.
I am sure this is very basic mistake I am missing of some setting. But I would really appreciate some help in getting me pointed in the right direction.
I don't know if this makes any difference but the status LED on the USG40 are flashing orange for WAN and LAN1. But on the web status page the LED are lit up green.
Thanks in advance.
Dave B
↧
Odd package dropping caused by Zyxel Zywall USG 1000 to Linux clients only?
Hi,
Does any of you recognize these odd symptoms? I have a number of Ubuntu based workstations in a local network that get dropped packages in connections to two Linux based servers in the same local network on an other physical location. Other very similar servers in the same other location are perfectly reachable. What happens is that web browsers gets "Connecting..." and timeout when trying to reach the troublesome servers, and only them. The next minute I can surf the affected servers again. Then again not. Using mtr I have been able to see that the connections are dropped at the ZyWall USG 1000-box. After that there are only question marks in the mtr report. When the problem is "off" the report shows that the servers are reached normally.
Thing is, there are no rules on the Zyxel that should do this and no log showing anything when this happens. If I physically bypass the firewall the same workstations will have no problem accessing the servers. Windows machines and Macs do not have this problem. It seems somehow connected to handshaking because if i try to establish a ssh-connection I will have trouble connecting initially (timeouts) but once successfully connected I have no problems. But over tcp I have constant trouble. nmap shows this problem well, first everything works. The next minute...
$ nmap -p 80 -Pn -v --reason nameofsitewithheld.com
Starting Nmap 5.21 ( http://nmap.org ) at 2015-10-20 13:24 EEST
Initiating Parallel DNS resolution of 1 host. at 13:24
Completed Parallel DNS resolution of 1 host. at 13:24, 0.01s elapsed
Initiating Connect Scan at 13:24
Scanning nameofsitewithheld.com (10.1.1.xxx) [1 port]
Discovered open port 80/tcp on 10.1.1.xxx
Completed Connect Scan at 13:24, 0.01s elapsed (1 total ports)
Nmap scan report for nameofsitewithheld.com (10.1.1.xxx)
Host is up, received user-set (0.0037s latency).
PORT STATE SERVICE REASON
80/tcp open http syn-ack
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
$ nmap -p 80 -Pn -v --reason nameofsitewithheld.com
Starting Nmap 5.21 ( http://nmap.org ) at 2015-10-20 13:25 EEST
Initiating Parallel DNS resolution of 1 host. at 13:25
Completed Parallel DNS resolution of 1 host. at 13:25, 0.01s elapsed
Initiating Connect Scan at 13:25
Scanning nameofsitewithheld.com (10.1.1.xxx) [1 port]
Completed Connect Scan at 13:25, 2.00s elapsed (1 total ports)
Nmap scan report for nameofsitewithheld.com (10.1.1.xxx)
Host is up, received user-set.
PORT STATE SERVICE REASON
80/tcp filtered http no-response
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.28 seconds
Interestingly tcptraceroute works all the time, again indicating that the ZyWall for some reason prevents handshaking but lets TCP SYN through.
As you have probably gathered by now I am no network expert. But all this seems to me to point at the Firewall as the culprit. It's running 3.30.4 firmware and I am trying to persuade our firewall admin to upgrade. In the weak hope that might help my problem.
Any experiences and pointers appreciated.
↧
USG-50 to host domain name
I'm interesting in using the usg dns server to host my domain name. How can i disable the recursive or forwarding feature of the zywall dns server, so my zywall isn't an open resolver?
↧
USG50 L2TP to Android - So Close....
So, I setup an L2TP connection on my USG50 following all the best practice guides. I can successfully make an L2TP connection from my Android Phone to the USG50. The phone gets assigned an IP address of 192.168.3.1. I can successfully ping 192.168.3.1 from my LAN (192.168.1.0/24) and can successfully ping that address from my phone. I cannot ping anything in my LAN IP space from the phone. In the USG50 log I can see that the ICMP packets are getting dropped, e.g. "no rule found" so I must need an additional rule but I can't figure out what the rule needs to be. I am already allowing any from Default_L2TP_VPN_Connection to ZyWALL. Any hints?
↧
↧
Dynu.com and USG50
So I am trying to setup the DDNS service on the USG50. I registered a DDNS name on Dynu.com using the free service and can ping against that DNS name successfully and can successfully VPN against that address. I setup a DDNS service on the USG50 selecting Dynu Basic and provided the password and DDNS name. The DDNS status keeps showing Fail. I edited the start-up config and added a username. The field was blank and Dynu says you don't need it but tried it anyway. Same result. Logs don't seem to indicate any issue except when I uploaded the new start-up config. I am running firmware version 3.30(BDS.7).
1) Is Dynu Basic the same as the free service?
2) Has anyone else gotten this running using the same firmware version?
[att=1]
↧
Zyxel Beta testers
Can you Beta testers send an email to Zyxel since you will get a couple of layers deeper then I could and ask them to get in touch with Kaspersky and include this in the Kaspersky AV feed that Zyxel uses. If I try, it will go nowhere.
https://www.fireeye.com/blog/threat-research/2015/11/xcodeghost_s_a_new.html
.
↧
Firewall rules for Windows L2TP pass-through?
Windows 2008 R2 server L2TP endpoint sitting behind USG-100 with a 1:1 NAT rule. Can connect to the L2TP end point from inside the network, but not outside. Have the following allowed in a service group:
ESP
GRE
IKE
NATT
PPTP
PPTP_Tunnel
UDP 1701
PPTP connects from outside with these rules. I have the firewall set to log all allowed connections for the group rule. The only thing I see is 1723 TCP when I connect via PPTP.
Any ideas?
↧
Need help USG 50 VOIP QOS
Good Day,
I have recently insstalled a new USG 50. Recently the VOIP phones have been working horrible. Dropping calls, bad voice quality, etc. I was hoping someone could guide me to perform some QOS for VOIP Traffic.
Is it also bad because they dont currently have managed switches. All switches are gigabit but none are managed.
Thank you
↧
↧
Block IP and IP ranges, incoming and outgoing, on USG 50?
Due to certain variants of crypto, Im going to block some IP ranges but Im not seeing on how to do that on the USG 50.
I want to block for example (these are examples)
8.8.8.8
56.34.*.*
78.23.1.5 - 78.23.1.80
91.23.40.99 - 91.23.45.50
How do I do these examples?
Thank you
↧
USG 100 for sale
http://www.dslreports.com/forum/r30352360-
if interested contact me via PM
↧
USG layer 2
Is there a way to have the zyxel usg series do layer 2 bypass. No nat, no dhcp, just filter for firewall and av, etc.
Like so https://support.software.dell.com/kb/sw8220
↧