Well I gave up with the USG, it works as a site to site vpn, but completely useless as a client to site, it just doesn't seem to work, and its not worth the time/money/effort to get going, so its being replace with a unit what just works and an easier config.
I am not surprised the usg20 I am using go discarded by another network engineer here, he could not get it working either, its not a faulty unit, as another does the same.....
so back to ciscos and fortinets...
good luck to the rest of you with usg units, if you get them working I wonder how secure it'll be after everything is turned off to make it work.
my 2c worth, buy a proper firewall that does what you want it to without spending hours to 'try' to get it to work.....time is money
Cliff
New Zealand..