IPSec through F-Secure PSB Firewall
Got F-Secure PSB and IPSec VPN to my office and can't get those propely working together.
I am accessing Windows fileshare and webserver on remote machine but connection is still laggy and slow.
I have allowed IKE, ESP, IGMP, Windows networking, UDP and UPnP broadcast on firewall.
Please refer to this article.
Sorry for the confusion on my side.
In order to investigate this you could try to do a packet logging as described here.
You could also try to temporarily create a test firewall rule to allow all the traffic between 2 test machines.
If this rule doesn't work them some other component could be affecting the connections.
Many IPsec-based VPN software have their own personal firewall integrated, sometimes based on the ZoneAlarm engine. FSAV PSB also has a built-in distributed firewall and the two can cause conflicts. Possibly you need to disable the VPN client's firewall driver or service to make things work smoothly?
Yours Sincerely: Tamas Feher, Hungary.
The Checkpoint VPN client software used to include a Zonealarm personal firewall engine, with the driver name "vsdatant.sys" and that one needed to be disabled before it could be used on the same computer with F-Secure Client Security.
(However, that was several years ago and may no longer be true. Nowadays most VPN clients are SSL-based, not the complicated IPSEC things.)
Best Regards: Tamas Feher, Hungary.
Well, you do!
A bit of research revealed that the Firewall-Drivers Zyxel implemented are from ZoneLabs.
@Ben please escalate. Deutsche Telekom is using Zyxel routers in business environments during the upcomming VOIP-Transition.
A propper step-by-step advise is needed, even better fix the interoperability.
@itsupport could you open a support ticket so we can better understand and investigate the issue.
You can refer to this thread and provide an fsdiag of an affected machine to speed up the process.
IPSEC client traffic is outbound so none of this is actually relevant as long as you allow the process (IKE Daemon) to connect. The dynamic firewall will then proceed to open up what it needs, no need to manually do any firewall configuration.
For me the process (tgbikeng.exe) has automatically created dynamic udp rules for ports 4500, 1194, 500. I have not created any manual rules in addition.
If you connection is laggy the issue might be elsewhere, unless you do not experience the same with PSB turned off.1 1Like