USG FLEX H Series [Firewall] - How to Configure IKEv2 Remote Access VPN with Apple MAC OS Sonoma native VPN client?

This article provides a step-by-step guide on configuring IKEv2 Remote Access VPN for Apple macOS Sonoma devices. Due to the elevated encryption requirements of the macOS Sonoma native VPN client, it becomes essential to adjust the default encryption algorithm from AES128 to AES256 for the successful establishment of the remote VPN connection. After installing the provisioning file on the MAC device, users are prompted to modify the user authentication settings to include a username and password. This step ensures a secure and tailored authentication process for accessing the VPN connection.

Disclaimer!  This article offers a general overview of the series and may not apply uniformly to every model,
software/firmware version. Before purchasing or using the device, please consult the
model/version-specific documentation or reach out to technical support for accurate information.


  • Log in to the web GUI of your firewall
Go to VPN > IPsec VPN > To set the IKEv2 related information, as shown below:

Scroll down the page until you see "Advanced Settings"

To ensure optimal security, please set both Phase 1 and Phase 2 Encryption and Authentication settings to AES256/SHA256. In the case of the Apple MAC OS Sonoma native VPN client, this is a must.

Вownload the "VPN Configuration Script Download" file to your macOS device and install it

  • To set the profile on your MAC OS
Go to System Preferences > Privacy and Security

install profile.png

  • Double-click on the downloaded profile and install it

install profile_2.png

install profile_3.png

MAC may prompt for an administrator username and password to set the profile, enter the details, and click "OK"

Go to System Settings > VPN and edit the profile

  • Choose User authentication to Username and type the username and password

user authentication.png

  • Enable VPN connections and you're done

dial VPN.png

To verify the successful configuration and establishment of the IKEv2 VPN connection with the specified settings, follow these steps:

  • Navigate to the USG Flex H graphical user interface (GUI)
  • Access the VPN Status section
  • Within the VPN Status, go to IPsec VPN
  • Select Remote Access VPN

Upon reaching this location, you should observe that the IKEv2 VPN connection has been successfully established

Articles in this section

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.