-
How can I check the service group object on USG Flex H model using the CLI?
Question : How can I check the service group object on USG Flex H model using the CLI? Answer : The user can run the CLI command "show config object service-object group Service Group object name" to check the service group object settings on the USG FLEX H model. For example, the user checks the service group object…
-
How can I check the current address objects on a USG FLEX H model using the CLI?
Question : How can I check the current address objects on a USG FLEX H model using the CLI? Answer : The user can run the CLI command "show config object address-object address" to check the current address object settings on the USG FLEX H model, as shown below: The corresponding address object settings in the device GUI.
-
Is the Zyxel Converter tool available for migrating from the VPN series model to the H series model?
Question : Is the Zyxel Converter tool available for migrating from the VPN series model to the H series model? Answer : Yes, the Zyxel Converter tool (https://convert.cloud.zyxel.com/) supports this function. The user can select legacy VPN series models (VPN50, VPN100, VPN300, VPN1000) and migrate them to USG Flex H…
-
What is the threshold of the memory usage of the USG Flex H model?
Question : What is the memory usage threshold of the USG Flex H model? Answer : The memory usage threshold of the USG Flex H model is 80%. Once it reaches 80%, the user can view the alert system log message under Log & Report > Log / Events > System.
-
[USG FLEX H] How to download configuration file via Local WEB GUI?
At times, you may be asked to provide the configuration file for further troubleshooting. This article will guide you through the process: Access the local Web GUI. Navigate to Maintenance > Firmware/File Manager > Configuration File. Select startup-config.conf and then click the Download button. For more details on the…
-
How to install an NTP Server inside the USG Flex H firewall?
Question: How to install an NTP Server inside the USG Flex H firewall? Answer: you can configure the USG FLEX H firewalls to function as an NTP server for your internal devices via the CLI using the following commands: edit running running config# / vrf main ntp server-subnet <priority> {allow| deny}{CIDR subnet| all}…
-
How can I show the correct location of the H Firewall?
Question: How can I show the correct location of the H Firewall? Answer: Nebula detects the firewall's location by Cloud management IP. If you want the map to show the correct location in Site-Wide > Firewall page, please click Position Device, and select "Use the following address or coordinates", enter the complete…
-
Why I can't upgrade firmware by cloud firmware management?
Qustion: Why I can't upgrade firmware by cloud firmware management? Answer: Please check the event log if there is a log "[Nebula] Automatic firmware update was unsuccessful. Please reboot the device first, then do the firmware update".It means the firewall requests a reboot to release the memory to download the firmware…
-
Why I always get CPU core 3/4 as 100% usage when using standard MIB?
Question: Why I always get CPU core 3/4 as 100% usage when using standard MIB? Answer: The utilization values for cores 3 and 4 obtained using the standard MIB do not represent their true utilization. Currently, the Zyxel proprietary MIB is required to obtain the average utilization of the fast-path CPUs (cores 3 and 4).
-
Why Can’t Non-Admin Users Access the Firewall WebGUI?
Question: Non-admin users are unable to log in to the firewall. What is causing this behavior, and how can it be resolved? Answer: Non-admin login access will be denied when the Captive Portal function is disabled. If Captive Portal is turned off, the system will automatically block login attempts from non-admin accounts.…
-
Why does the WebGUI allow moving rules but the CLI does not?
Question: Why does the WebGUI allow moving rules but the CLI does not? Answer: The WebGUI uses a different mechanism. When you move a rule in the GUI, the system does not directly change the priority of a single rule. Instead, it rewrites the entire rule list in the background to reflect the new order. This behavior is…
-
I can't convert ZLD configuation to H Firewall with Sensitive Data Protection enabled.
Question: I can't convert ZLD configuation to H Firewall with Sensitive Data Protection enabled. Answer: When Sensitive Data Protection is enabled, the online converter cannot decode it, so please disable Sensitive Data Protection before downloading the configuration for conversion.
-
How can I transfer H Firewall config to a different Nebula org site?
Question: How can I transfer H Firewall config to a different Nebula org site? Answer: When a USG FLEX H series firewall is transferred to a new organization or site in Nebula, its configuration does not automatically transfer and will be reset to default upon removal from its original organization/site. To ensure…
-
Will the site password be cloned when a new site is cloned from an existing site in Zyxel Nebula?
Question: Will the site password be cloned when a new site is cloned from an existing site in Zyxel Nebula? Answer: Yes, the site password will be copied to the new cloned site as part of the cloning process. This feature ensures that the cloned site retains the same device management settings for consistency across your…
-
What’s the Behavior of Nebula Upgrading Firmware?
Question: What’s the Behavior of Nebula Auto-Upgrading Firmware in Monitor Mode? Why does the Nebula system auto-upgrade firmware when my device is in Monitor Mode? Answer: When a Zyxel firewall is connected to Nebula—regardless of whether it is in Nebula Mode or Monitor Mode—the firmware management settings in Nebula…
-
Is there any way to pause the HA failover count?
Question: Is there any way to pause the HA failover count? Answer: We can pause the HA failover count by using the CLI command cmd device-ha failover pause-count disable.
-
How to clear the device HA failover count to avoid reaching the maximum failover limit?
Question: How do I clear the device HA failover count to avoid reaching the maximum failover limit? Answer: We can clear the failover count by using the CLI command cmd device-ha failover pause-count clear.
-
How do I check if coredump files have been generated on the firewall?
Question: How do I check if coredump files have been generated on the firewall? Answer: We can check whether the firewall has generated any coredump files by using the CLI command show dir coredump.
-
How to know how many accounts are logged in to the firewall at this moment?
Question: How do I know how many accounts are logged in to the firewall at this moment? Answer: We can check the logged-in users by using the CLI command show users.
-
How to check the device running and standby partition firmware versions?
Question: How do I check the device running and standby partition firmware versions? Answer: We can check the firmware versions by using the CLI command show version.