dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1636
share rss forum feed

Aranarth

join:2011-11-04
Stanwood, MI
Reviews:
·Frontier Communi..

[Connection Sharing] Suggested setting for a Zyxel Zywall USG 50

We just got in a new Zywall USG 50 and I'm having trouble making sure everything is configured properly before I put it into production.

This is to replace a overly simple soho level Netgear Wireless router.

We purchased it for its SSL VPN ability.

We currently have a cable modem from charter (single wan) which connects to the router.

The router then connects to a 24 port gigabit switch with several other smaller switches hanging off of it.

The current router is not providing any VPN so that,s not an issue.
This router is providing basic firewall, simple port forwarding, nat (192.168.1.XXX), dhcp, and DNS through opendns (free).

The current wireless router will provide wireless internet access only.
So I will be putting it on the DMZ port.

I just need to make sure ssl vpn is available and properly configured, and the internal network is secure.

If anyone is familiar with this router and knows of any potential pitfalls to watch out for, please let me know.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

Re: [Connection Sharing] Suggested setting for a Zyxel Zywall US

Tech support is available M-F, 8-5pm California time (800)255-4101 ext 5.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to Aranarth

said by Aranarth:

If anyone is familiar with this router and knows of any potential pitfalls to watch out for, please let me know.

Specifically to SSL VPN. The USG50 model comes with 2 free concurrent users with pay upgrade option to 5 concurrent users.

The SSL VPN is currently lacking DPD (Dead Peer Detection) (IPSec & L2TP have it). Meaning if your SSL user does not disconnect gracefully or the idle timeout doesn't expire (i.e. remote user just closes his/her laptop lid and the machine goes to sleep) the user will remain active on USG side and soon you run out of available licenses to login and will get error "Out of concurrent licenses" even though you may have zero real users logged in.

I've reported this to ZyXel, apparently it has been logged as issue with engineering but there's not resolution ETA at the moment.