USG firewall can not start network expansion

93

Must be an administrator to enable network expansion.

Other related questions:
USG firewall configure SSL VPN network extension
USG Firewall Configure SSL VPN to configure network extensions Network expansion refers to the user on the local PC to install the USG network extension client, generate a virtual network card, the user through the virtual network card and enterprise intranet for SSL data communication. Before the configuration to ensure that the license file has been loaded, the USG can access the internal network resources. Configuration ideas: 1. In the USG to create a virtual gateway, external network users through this virtual gateway to access the enterprise network resources. The IP address of the virtual gateway is the public address of the egress. 2. Configure the DNS server address and domain name of the internal network so that users can access the virtual gateway's service through the domain name. 3. Configure the network extension function, assign IP addresses to the external network users and add the intranet resources that the external network users can access. 4. Configure the authentication mode as a certificate challenge (secondary authentication mode: VPNDB) and configure the authentication mode as VPNDB. 5. Add a VPNDB user. VPNDB user name that is the name of the client certificate, VPNDB password is the external network user login virtual gateway need to enter the password. 6. Configure the virtual gateway source IP policy. 7. Install the client certificate for the CA certificate on the PC side where you want to access the virtual gateway.

USG Firewall SSL VPN can access the internal network resources after logging in normally
USG firewall SSL VPN can access to the internal network resources

Can the USG firewall be traversed by the tracert command?
1. Tracert firewall itself Need to release the ICMP or UDP packet filtering to the local area of the firewall. If Tracert uses ICMP packets, you need to run the ip unreachables enable command to enable sending of ICU destination unreachable packets. 2. Tracert is forwarded through the firewall A. Release the ICMP or UDP packet filtering through the firewall. B. Configure the ICMP timeout packet function (command: ip ttl-expires enable). C. Disable the Tracert packet attack defense function (command: undo firewall defend tracert enable). Description: The UDP port used by the Tracert protocol is: first hop 33434, second hop 33435, third jump 33436 ... and so on (the algorithm is 33434 + N-1 where N is the hop count).

Whether USG firewalls restrict private routers
Currently, the USG firewalls cannot restrict private routers connected by downlink users. You can configure DHCP snooping to protect the devices from the DHCP server spoofing attack and enable downlink users to obtain IP addresses from only the firewall instead of other DHCP servers (such as private routes).

Whether the firewall supports Peanut Shell
The USG2000&5000&6000 do not support Peanut Shell.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top