-
Why can't the same subnet be used on WAN and LAN on USG FLEX H?
Question: Why can't the same subnet be used on WAN and LAN on USG FLEX H? Answer: In the case of USG FLEX H device, it does not allow configuring a LAN and WAN interface within the same subnet. Attempting this on other devices, such as ATP or USG FLEX, may lead to problems, known as ARP flux. ARP flux occurs when a device…
-
How do I configure routing on USG FLEX H?
Question: How do I configure routing on USG FLEX H? Answer: In the firewall local WebGUI, go to Configuration > Network > Routing, where you can add either a Policy Route or a Static Route. After configuration, go to Monitor > Diagnostics > Packet Flow Explore to check the overall routing status.
-
How can I troubleshoot the network environment if it cannot reach 8.8.8.8?
Question: How can I troubleshoot the network environment if it cannot reach 8.8.8.8? Answer: In the Firewall local WebGUI, go to Monitor > Diagnostics > Network Tool > Tracert Router IPv4, then test the route to 8.8.8.8 to identify where traffic is blocked. If the Firewall can reach 8.8.8.8 but the PC cannot, please…
-
Can I create a static DHCP table with the same MAC address?
Question: Can I create a static DHCP table with the same MAC address? Answer: You cannot create multiple static DHCP entries with the same MAC address. The GUI has validation protection and will block duplicate MAC address entries.
-
How do I remove the SNAT address under Policy Route on an H Series Firewall?
Question: How do I remove the SNAT address under Policy Route on an H Series Firewall? Answer: In the firewall local WebGUI, go to Configuration > Network > Routing > Policy Route, edit the target rule, and remove the SNAT address. Then select Source IP so outgoing traffic uses its own IP address to NextHop Interface.
-
How can I use two WAN connections on H Series?
Question: How can I use two WAN connections on H Series? Answer: In the Firewall local WebGUI, go to Network > Interface to configure WAN1 and WAN2, then go to Network > Interface > Trunk to define Load Balancing or Failover behavior.
-
What should I check if DHCP and internet are not working on a Zyxel firewall?
Question: What should I check if DHCP and internet are not working on a Zyxel firewall? Answer: Check in this order: Confirm WAN link is up and has a valid IP/gateway/DNS from ISP. Verify LAN interface DHCP server is enabled with correct subnet, pool range, and gateway option. Ensure clients receive valid IP, gateway, and…
-
How do I check whether different VLANs belong to zones?
Question: How do I check whether different VLANs belong to zones? Answer: Go to Object > Zone to review zone configuration, then check each VLAN interface mapping to confirm which zone it belongs to. If the VLAN is correctly assigned, it will appear under the corresponding zone (for example, LAN/DMZ/WAN/custom zone).
-
Can WRR be configured by bandwidth or by metric?
Question: Can WRR be configured by bandwidth or by metric? Answer: WRR is configured based on weight, not routing metric. It distributes sessions by assigned WAN weight, where higher-weight links carry more traffic.
-
How do I configure "Disable policy route automatically while Interface link down" function?
Question : How do I configure "Disable policy route automatically while Interface link down" function? Answer : The user can navigate through the GUI path: Network > Routing > Policy Route. To enable the “Disable policy route automatically when interface link is down” function, go to Advanced Settings, as shown below: Once…
-
Where can I check whether any rule is blocking ICMP packets?
Question: Where can I check whether any rule is blocking ICMP packets? Answer: 1)Log in your Firewall by Web GUI 2)Navigate to "Security Policy" > "User/Group" > "Policy Control", Click the “Filter” icon and set the criteria to “Service = ICMP.” You can check which rule is blocking ICMP.
-
How can I confirm whether my port is actually running at 1 Gbps speed?
Question: How can I confirm whether my port is actually running at 1 Gbps speed? Answer: 1)Log in Firewall by Web GUI. 2)On the dashboard, you can see the connected port speed. For example: The Port 1 have 1Gbps speed now.
-
Why is the WAN source IP not showing on internal servers of a NAT rule?
Question: A customer using NAT rules observed that incoming traffic to their internal servers doesn't display the original WAN client source IPs. Instead, it shows the local interface private IPs. Answer: It may be affected by a policy route rule. This rule was set as 'incoming any, source any, destination any,' which led…
-
How can I renew the PPPoE IP address from the local Web GUI?
Question: How can I renew the PPPoE IP address from the local Web GUI? Answer: The user can navigate to Network > Interface > Interface, select the PPPoE interface, and click Connect to renew the PPPoE IP. When the PPPoE connection is successfully established, an information message will appear: “Dial Successfully.”. The…
-
How do I dial the PPPoE connection from the local Web GUI?
Question : How do I dial the PPPoE connection from the local Web GUI? Answer : Once the customer configures the PPPoE settings but has not yet obtained a PPPoE IP, you can navigate to Network > Interface > Interface, select the PPPoE interface, and click Connect to establish the PPPoE connection. When the PPPoE connection…
-
Why Does DDNS Fail on USG FLEX When Using a No-IP DDNS Key?
Question: DDNS on USG FLEX devices fails when configuring No-IP for WAN redundancy. The DDNS key is entered in the configuration but the update still does not work. What is the cause, and how can this issue be resolved? Answer: The issue occurs because the USG FLEX firewall does not support No-IP DDNS key authentication.…
-
Why Does the USG FLEX H Series Not Allow Configure Multiple WAN Interfaces in the Same Subnet?
Question: Why does the USG FLEX H series show the error “Duplicate static IP or subnet detected” when assigning multiple WAN interfaces within the same subnet, and is there a way to make this configuration work? Answer: The USG FLEX H series is designed to prohibit assigning multiple WAN interfaces within the same subnet.…
-
Why DDNS service can not auto-update public IP address when firewall is behind NAT router?
Question: Why does my firewall use its WAN interface IP instead of the actual public IP for DDNS, and is there a way to make it use the public IP when the firewall is behind a NAT router? Answer: When the firewall is installed behind a NAT router, its WAN interface receives a private IP address, not the real public IP. As…
-
How to make sure the AD (AAA Server) settings are correct?
Question: How to make sure the AD (AAA Server) settings are correct? Answer: There is a Configuration Validation function that verifies your domain name and AD username. If validation still fails, try specifying the full Search Base. Example: Search Base: dc=cso,dc=com
-
How to extend the SIP session timeout on the firewall?
Question: How to extend the SIP session timeout on the firewall? Answer: By default, the UDP session timeout is 300 seconds. You can enable the SIP Pinhole feature to keep your SIP sessions active on the firewall longer than the default UDP timeout.