Best Of
Re: FLEX700H and IPSEC VPN with MFA via e-mail code
I'm in the same situation with the native Windows client. To get around the limitation, I use a scheduled task (opens the browser to the authentication code entry page) after VPN connection.
It's certainly not "THE" solution, but at least it saves the user the hassle of manually opening the browser every time.
Lorenzo

Re: NR5307 5G Router latest firmware.
Yes. Just got the same model of router started here.
Read about potential vulnerability
https://support.zyxel.eu/hc/en-us/articles/21131267341842--SA-Zyxel-Security-Advisory-security-advisory-for-buffer-overflow-vulnerabilityin-some-5G-NR-CPE-DSL-Ethernet-CPE-fiber-ONT-WiFi-extender-and-securityrouter-devices
Patch availability:
1.00(ACJT.0)B6*
This is the current Installed version:
V1.00(ACOM.0)b1
Re: Failing to add a brand new ZyWALL Flex 100H to Nebula
Hi Melen
I have now been able to add the device. Thank you very much
Re: MSP ID
Hi @Dpj
Currently the MSP ID search is in MSP > MSP cross-org manage > MSP portal.
Re: External directional antenna for 5G-NSA on FWA510
Hi @Dr_Elmer
Please help to collect the cellular information when the signal is -83 and is -103. We want to compare the difference between these two statuses. The cellular info should be like this.
Re: Small edge switch with 802.1x support
Hello Melen,
thank you very much for your response.
The scenario is as follows:
We have an XS1930s as the central switches on each floor.
Two Ethernet cables lead into each room. However, there are more employees at the desks. 4-6
Therefore, a small switch is placed under the desk.
(Currently, these are some multigig Mikrotiks with fans, which are both noisy and something we’d like to replace with Zyxel for better environment homogeneity.)
Employees may move between rooms and must be assigned to the correct VLAN.
Unauthenticated/unauthorized devices must be placed into a guest VLANs.
The switches must be fanless with 2,5gbit ethernet with 10gbit uplinks.
If you would have any further question, please let me know.
Kind regards
P.
Re: USG Flex 100 IKEv2 tunnel stability with iPhone
Hi @kelmi
I did a local test with 5.40 firmware and iOS 26.0 but I didn't encounter this issue. The IKEv2 connection is kept over 10 minutes.
May I know if this issue happened in the previous iOS version? Also, what's the logs of the IKEv2 connection?
USG FLEX H Series - V1.35 Patch 2 Firmware Release
Zywall USG FLEX H Series Release Note
September 2025
Firmware Version on all models
- Please use the cloud firmware upgrade function to upgrade USG FLEX H Series
USG FLEX H Series | Firmware Version |
FLEX50H | V1.35(ACLO.2)C0 |
FLEX50HP | V1.35(ACLP.2)C0 |
FLEX100H | V1.35(ABXF.2)C0 |
FLEX100HP | V1.35(ACII.2)C0 |
FLEX200H | V1.35(ABWV.2)C0 |
FLEX200HP | V1.35(ABXE.2)C0 |
FLEX500H | V1.35(ABZH.2)C0 |
FLEX700H | V1.35(ABZI.2)C0 |
New Feature and Enhancements
N/ABug Fix
1. [eITS#250800776] Fix the behavior issue when Nebula is selected without network connectivity and without completing the initial setup wizard.
Please refer to the Download Link for more details.
Re: Captive Portal uOS1.35 - Active Directory
USG FLEX H doesn't support SSO agent. Instead of it, USG FLEX H will support Captive Portal with Microsoft Entra ID and Cloud Auth in the future firmware.
You may follow Security gateway News & Release category for the news.
Re: FLEX700H and IPSEC VPN with MFA via e-mail code
USG FLEX H series doesn't support e-mail MFA, therefore, it is no way to turn this on.
The reason e-mail MFA is not supported is that receiving the MFA email requires an Internet connection. If you are using IPSec remote access VPN with full tunnel, you won't have Internet access before you pass MFA. Since the Google Auth is an MFA auth tool without Internet, it ensures the user can pass the MFA no matter which remote access VPN type they connect.