This article explains how to solve the problem with VPN connection after upgrading on MAC OS Sonoma for ATP/USG FLEX/USG FLEX H series devices running in Nebula mode.
Question :
After updating to macOS Sonoma, if you cannot establish an IKEv2 VPN connection with the Nebula firewall, how do you resolve this problem?
Answer :
Since there are changes to the VPN Phase 1 and Phase 2 parameters for macOS Sonoma's native VPN client, please modify them accordingly to allow the remote VPN to work.
Navigate to Site-wide> Configure > Cloud authentication > To add a user account and allow to use Remote VPN access.
Choose a WAN interface as the remote access VPN server's IP address.
Navigate to Site-wide > Configure > Firewall > Remote VPN > To choose the WAN interface and edit the Custom policy.
Choose the DH group to DH19.
Download the VPN configuration script file for macOS.
Download the script file of RemoteAccess_iOS_macOS_IPSec_VPN.mobileconfig to the Mac device and navigate to Privacy & Security > Profiles > To install the script file.
Allow to install the script file.
Edit the IKEv2 VPN profile, select 'User authentication,' and then choose 'Username.' After that, input the username and password.
Dial the IKEv2 VPN connection successfully.
Navigate to Site-wide > Monitor > Firewall > VPN connections > Check the IKEv2 VPN is established successfully.
Comments
0 commentsPlease sign in to leave a comment.