Best Of
Re: IPSec VPN certificate expires soon- how do I (re)create a valid certificate directly on the USG?
Where do I get the details from the existing certificate?
Please double click your VPN certificate, the firewall will pop-out a window and show the details.
How do I enter these into the new?
You can click the add button to create a new self-assigned certification. You only need to enter the IP, same key type/signature algorithm/lifetime/extend key usage.
Please reference this video:
How do I bind the 'new' self-signed certificate to the remote access configurations?
Please navigate to Configuration > VPN > IPSec VPN > VPN gateway to change the binding certificate.
Assumption- when I log onto SecuExtender, I can synchronise the configuration and the new certificate will be imported locally?
You can get the new certificate by the function "get from server" on SecuExtender. After it gets the new configuration and certificate, it will ask you if you want to replace the VPN or other actions.
does it mean that the 'old' and not yet expired certificate will be afterwards invalid? Or I have to delete it / remove the existing bindings?
After binding the new certificate, the old one will not be used. You can delete it after unbind since it is still in your PKI storage.
Re: [XMG1915] rx/tx issue between client and up-link
Hi @joelabero ,
As for the communication failure between your client and firewall, I recommend avoiding the VLAN configuration wizard as it doesn't properly account for management VLAN considerations.
Please Manually Configure the VLAN on the web GUI of the switch.
Step1: Navigate to Switching > VLAN > VLAN Setup > Static VLAN
Step2: Click the Add/Edit button
Step 3: In the configuration window:
Enter the VLAN name and VLAN ID as shown in your requirements
Select port 10 as untagged member
Select port 16 as tagged member
In addition to this, there is still one thing I want to make sure with your firewall’s VLAN’s interface. Your switch VLAN configuration appears correct based on the information provided. However, please verify that you've properly created the VLAN 40 interface by checking your switch's MAC address table.
If VLAN 40 is configured correctly, you should see two MAC table entries:
One entry from port 10 (untagged)
One entry from port 16 (tagged)
Both showing MAC addresses from devices in VLAN 40
At last, I have some concerns regarding your firewall’s Interface Configuration.
Based on your firewall interface settings, if your switch IP is configured as 192.168.0.11, the parent interface should be igc1 (LAN interface), not the em0 interface. This seems inconsistent with your current configuration and may need attention.
Please share your switch's MAC address table so we can verify the VLAN 40 interface setup. Feel free to update this post if you encounter any additional issues.
Best Regard,
Lynn
Re: bug nat rules
Hi @Dpj
I checked in my lab and this is more likely a display bug. We will fix this and then update you.
Nat rule creation issue on our 500H
Hello,
Firmware: V1.32(ABZH.0)ITS-0423-250300903
I'm here again... I don't wkonw what excactly is going on our 500H, and sincerly I don't have the time to waste on this....but…
This is the third NAT rule I created that freezed the device and I had to reboot it
To summarize
action made: Create a new NAT rule
What happened after:
Log setting section broken, display "page loading"
Lost connectivity from some vlans
DHCP not working on some vlans
Tried to Switching to secondary device HA with same symptoms
Tried to collect the logs from the gui, aborted after a lot waiting time (more of 10 mins)
Tried to collect the logs from ssh, same as from gui

Re: Multy X setup issues via iOS App
Dear Melen,
thank you for you quick answer and your private message. Following the manual I was able to resolve my issue and was able to setup and save my Multy X devices.
Kind regards, Ed
How to upgrade firmware to the controller/Access Point by FTP?
If you don’t want to upgrade firmware by Local GUI, there is the other option to update firmware by FTP.
Step 1: Download the firmware to root C:\(do not change the file name) at your local PC.
Step 2: Open the Windows command prompt and type “ftp 192.168.1.17” (AP IP) to connect to the controller via FTP.
Step 3: Login as “admin” and password.
Noted: The default password 1234 if you haven’t changed local device password.
(If device is managed on Nebula, please check the account password from Nebula >Left Sidebar "Site-wide" > General Settings > Local credentials )
Step 4: Type “bin” for transfer type.
Step 5: Put (firmware path)
Step 6: AP will start to upgrade Firmware with a flashing red LED, please do not power off AP.
Step 7: Finished the firmware upgrade
Re: 500H - Error while DDNS updating
Update:
This issue has been addressed on V1.32 and will be fixed in the next firmware release.
Re: VLANs Setup on Flex 500H
Think I get what you mean with non H models you have to had a untag base port to which you then add VLANs to it the H models (not sure if its all) you can just do a VLAN for a given port no untag base port needed
