Zyxel USG Firewall

To configure the tunnel in the Zyxel USG Management Portal:

  1. Log in to the Zyxel USG Management Portal.

  2. Go to Configuration > VPN > IPSec VPN.

  3. In the VPN Gateway tab, click Add.

  4. In the General settings section:

    1. Select the Enable checkbox.

    2. In the VPN Gateway Name field, enter a name for the gateway.

  5. In the Gateway Settings section:

    Field

    Enter
    My Address

    Interface

    		 You WAN interface.
    Peer gateway Address
    Static Address Primary Public IP address of Harmony SASE gateway.
    Static Address Secondary

    0.0.0.0

    Authentication

    Pre-Shared Key

    Secret key specified in Configuring the Tunnel in the Harmony SASE Administrator Portal.

    Phase 1 Settings

    SA Life Time

    28800

    Negotiation Mode

    Main

  6. Click OK.

  7. Add a VPN tunnel:

    1. Go to Configuration > VPN > IPSec VPN.

    2. In the VPN Connection tab, click Add.

    3. Enable and enter a rule name.

    4. Select Site-to-Site and select the created VPN gateway.

    5. Set the local policy to your LAN subnet and the remote policy to your Harmony SASE subnet.

    6. Select Create new Object and choose IPv4 Address.

      Note - Check if the IP address of the remote subnet does not already exist on the local subnet to avoid a double IP address configuration. The remote subnet must match the local subnet to reach the local network.

    7. Select Show Advanced Settings and make sure that the Encryption and Authentication in Phase 2 Setting are the same as the Phase 1 Setting.