Best Of

[USG Flex H] - Create Object Address based on MAC Address

Hello everyone,

I've the USG Flex 200HP from some months and I've difficulty to understand the Object Address of type "Host".
I mean, if I need to create some Control Policy rule based on some "device", I need to configure the device as Static DHCP based on Mac Address, and than configure an object address based on the IP Address.

But, I think is more convenient directly create an object address based on MAC Address, so in this way, I don't need to "force" the Static DHCP entry and if the device change it's own IP Address, the device is always managed by it's own MAC Address.

Maverick87

3

2FA with network down

Zyxel has an existing mechanism for 2FA via email and SMS. But when your WAN is down, this will not work, and that is when you often need to access your Zyxel device for some diagnostics or setup a workaround.

Would it be possible designate one physical LAN port as not requiring authentication, or alternatively, authenticating by connecting a Yubikey to the device USB port?

EricNepean2

4

Don't hide DNS filtering rules on Flex H series

Hello,

When creating a DNS filtering rules, it in reality creates two (one for lan to wan, one for lan to Zywall). Could you not hide the second rule ? (Like it was the case on non H Flex series)

Zulgrib

3

USG FLEX H - external block list also blocks traffic from WAN to ZyWALL

User @SiegfriedH found that USG FLEX H - external block list doesn't block traffic from WAN to ZyWALL. Since this is the current spec, we create an idea post for the enhancement.

Original post

Zyxel_Melen

4

H series router no hot fields in GUI

User @electsystech hopes the H series can support 'hot fields' in GUI. They don't want to drill down every time to make a selection and we don't want the mouse to be the sole method for object selection.

Example

Zyxel_Melen

3

Configuration migration tool support across different firewall hardware spec.

Currently, the configuration conversion tool only supports the models with similar hardware specifications. Due to hardware and port layout differences, migration across models with different architectures is not supported at this time.

Some users have requested a feature that allows transferring settings between firewalls with different hardware spec. — for example, from a smaller-port model (e.g., FLEX100) to a larger-port model (e.g., FLEX500H).

This suggestion originated from the post found here:

USG Flex H device - Backup/Restore configuration between device - Page 2 — Zyxel Community

If you find this idea useful, please show your support by leaving a comment or voting for it. Your feedback will help us evaluate the feature.

Zyxel_Tina

3

Add meshagent/MeshCentral to the App Patrol list

User @General99 requires to add meshagent/MeshCentral to the App Patrol list.

Anyone who has the same requirement, please leave your comment and give it a vote.

Original link

Zyxel_Melen

3

Use External Block List only option

Very simple really a option to use only External Block List for IP Reputation filter

PeterUK

4

SecuReporter Settings Support for USG FLEX H Series in NCC

Currently, SecuReporter configuration options are only available via the local GUI.

(Note: SecuReporter settings in NCC only apply to USG FLEX/ATP Series and USG LITE 60AX.)

Therefore, user @GiuseppeR would like to request support for SecuReporter configuration in the Web GUI in future.

This suggestion originated from the post found here:

https://community.zyxel.com/en/discussion/31583/flexh-1-36-uos-secureporter-options-on-local-ui

If anyone likes this idea, please show your support by leaving a comment or voting for it.

Zyxel_Tina

4

Feature Request: Immediate DHCP Renewal for IP Passthrough Mode

Hello Zyxel Team and Community,

I’d like to submit a feature request regarding the behavior of the IP passthrough mode on Zyxel routers, specifically the NR5101.

Current Behavior: I have a setup where a Unifi UDM Pro is connected to the Zyxel router's LAN1/WAN port, with the Zyxel configured in IP passthrough mode. The issue arises when the mobile broadband connection reconnects, causing the ISP to assign a new public IP address. In this case, the Zyxel router obtains the new IP, but the UDM Pro does not pick up the change immediately and continues to use the old IP address until it renews the DHCP lease (which can take up to 10 minutes). This results in an internet connection downtime, which could be avoided.

From my understanding, the Zyxel router, being aware of the new public IP, does not relay this change to the downstream device immediately. Instead, it waits for the UDM Pro to request a DHCP renewal on its own. This behavior feels counterintuitive because the Zyxel router is already aware of the updated IP, and there’s a significant delay before the downstream device realizes it needs to renew.

Feature Request: Would it be possible to implement a feature (either as a default behavior or an optional setting) where the Zyxel router proactively relays the new IP assignment to the downstream device as soon as the mobile broadband reconnects? This could minimize the connection downtime that occurs when the ISP renews the public IP, as the downstream router would be immediately notified.

Reasoning: Given that cellular networks are inherently prone to occasional disruptions, I believe this behavior would benefit a significant portion of your users who rely on IP passthrough mode for their network configurations. Reducing the downtime during IP renewals would improve the overall user experience.

I’d appreciate feedback from the Zyxel team and the community on this suggestion. Thank you!

Krillsson

3