Zyxel Firewall [Nebula] - VPN problem in Nebula after upgrading to macOS Sonoma

This article explains how to solve the problem with VPN connection after upgrading on MAC OS Sonoma for ATP/USG FLEX/USG FLEX H series devices running in Nebula mode.

Question :

After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem?

Answer :

Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work.

Navigate to Site-wide> Configure > Cloud authentication > To add a user account and allow to use Remote VPN access.

1_create_user.png

Choose a WAN interface as the remote access VPN server's IP address.

2_WAN interface.png

Navigate to Site-wide > Configure > Firewall > Remote VPN > To choose the WAN interface and edit the Custom policy.

3_Remote VPN.png

Choose the DH group to DH19.

3_Remote VPN_Custom.png

Download the VPN configuration script file for macOS.

4_download script file.png

Download the script file of RemoteAccess_iOS_macOS_IPSec_VPN.mobileconfig to the Mac device and navigate to Privacy & Security > Profiles > To install the script file.

MAC_Install_Profile.png

Allow to install the script file.

MAC_Install_Profile_2.png

Edit the IKEv2 VPN profile, select 'User authentication,' and then choose 'Username.' After that, input the username and password.

MAC_edite the profile.png

Dial the IKEv2 VPN connection successfully.

MAC_VPN_Connectiopn established.png

Navigate to Site-wide > Monitor > Firewall > VPN connections > Check the IKEv2 VPN is established successfully.

connection established.png

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.