Chapter 12 SSL VPN
USG FLEX H Series User’s Guide
188
The following table describes the labels in this screen.
Table 93 VPN > SSL VPN
LABEL DESCRIPTION
Enable Click the switch to enable the SSL access policy.
Download Click to download a VPN configuration script to send to clients using SecuExtender VPN
client or OpenVPN Connect VPN client.
The supported operating systems for SecuExtender are:
• Windows 10 (64-bit) and later versions.
• macOS 10.15 and later versions.
Incoming Interface
Interface Select an interface from the drop-down list box for incoming traffic to your Zyxel Device.
DNS Name Enter the domain name (for example, vpn.zyxel.com) if you’re using DDNS to assign the
interface a dynamic IP address.
Server Port Specify the server port of the Zyxel Device for full tunnel mode SSL VPN access. Leave this
field to default settings unless it conflicts with another interface.
Local Network
Full Tunnel Select Full Tunnel to encrypt all traffic through the VPN.
Select Allow Client VPN Traffic Through WAN to allow only traffic encrypted by the Zyxel
Device from the remote client to the Internet.
Split Tunnel Select Split Tunnel to only encrypt traffic going to networks behind the Zyxel Device.
Enter an IPv4 address in CIDR notation, for example, type 192.168.1.1/24. Traffic going to the
Internet from this IP address is encrypted. Traffic going to the Internet from the remote client
does not go through the Zyxel Device is not encrypted.
Client Network
IP Address Pool Enter an IPv4 address in CIDR notation, for example, type 192.168.1.1/24. The IP address
pool is used to assign IP addresses to the VPN clients.
The SSL VPN IP pool should not overlap with IP addresses on the Zyxel Device's local
networks and the SSL user's network.
First DNS Server Specify the IP address of the DNS server whose information the Zyxel Device sends to the
remote users. This allows them to access devices on the local network using domain names
instead of IP addresses.
ZyWALL- the VPN clients use the IP address of the interface you specified in the SSL VPN rule
and the Zyxel Device works as a DNS relay.
Custom Defined- enter a static IPv4 address
Second DNS
Server
Enter a secondary DNS server IP address that is checked if the first one is unavailable.
Authentication
Primary/
Secondary Server
Select a specified RADIUS server from the drop-down list box for the Zyxel Device to use for
authentication.
User Select a user or user group to associate the user or user group to this SSL access policy.
Advanced Settings
To Next Page
Loading...
