Replaced ZyWALL 5 with USG 100 plus, lost NetBIOS browsing
Last Friday I replaced the ZyWALL 5 at our HQ with a USG 100+. It's a small business with two remote hardware IPSec VPN offices (ZyWALL 2+) and three roaming Macs with IPSecuritas (racoon).
I am thrilled that the dropped-connection problem we were having with remote activity (the dreaded TCP peer reset) is finally gone! A remote host can now maintain SSH, CalDAV, and VPN connections with HQ simultaneously and indefinitely.
Less thrilling is that our two ZyWALL-ZyWALL IPSec hardware tunnels no longer support NetBIOS browsing (the software VPNs never did). Used to be that a Mac Finder window at the remote offices would display a list of the shares available on the HQ LAN. No more. The only thing I changed was the HQ router.
To be clear -- it IS possible to remotely mount an SMB share located at HQ over the VPN. One specifies the IP address and voilà. It's just the browse capability that's disappeared.
Of course I checked "Enable NetBIOS broadcast over IPSec" in the connection policy. NAT Traversal active or not seems to make no difference. I have tried routing policies for NetBIOS packets and for broadcast packets and those made no difference; they were certainly not necessary on the ZyWALL 5. The USG has the latest firmware V3.30(AACV.1).
All critical functions work splendidly so I am not desperate -- just very curious if anything can be done!
Thanks & cheers!
p.s. I found it necessary to disable Dead Peer Detection as connections were being dropped regularly with "SPI:0x0 SEQ:0x0 No rule found, Dropping packet" in the log. Unchecking DPD cured this issue completely.