Other Topics - Zyxel Community

USG FLEX H Series: RADIUS Attribute Refinement
In the latest firmware enhancement, USG FLEX H Series Firewalls now offer refined RADIUS attribute support, improving compatibility and flexibility for authentication workflows - particularly when using web authentication (captive portal) with RADIUS servers. This refinement ensures more standardized and vendor - specific…
Policy-Based VPN with Policy Routes – Advanced Control for Multi-Subnet Environments
USG FLEX H Series Firewall continues to offer flexible VPN deployment options with support for Policy-Based VPN using Policy Routing. While route-based VPNs are commonly used in modern deployments, policy-based VPNs still hold value for scenarios involving specific subnet-to-subnet communication and USG FLEX/ATP firewall…
VPN Failover and Fallback – Enhanced Redundancy for Site-to-Site Tunnels
USG FLEX H Series Firewall now supports VPN Failover and Fallback - a powerful enhancement that ensures high availability in site-to-site VPN deployments. This feature enables firewalls to automatically switch to a backup VPN tunnel when the primary connection fails and revert back once the primary is restored. In this…
SSL VPN – Controlling TLS Versions for Secure VPN Connections
With increasing concerns around outdated encryption standards, Zyxel now gives administrators more control over VPN security by allowing them to enforce a minimum TLS version for SSL VPN connections. This enhancement helps protect networks from weak encryption protocols that may expose data to compromise. In this article,…
Remote Access VPN – Provision Template Enhancement
To streamline VPN deployment and improve cross-platform support, Zyxel has enhanced the Provision Template system in its latest firmware. This article outlines what has changed and how the new Nebula-integrated template system ensures faster updates and more reliable client connectivity. 1. What Is a Provision Template? A…
Remote Access VPN Support NCAS
USG FLEX H Series Firewall has expanded its cloud-managed capabilities by integrating Nebula Cloud Authentication Service (NCAS) into its Remote Access VPN solutions. This enhancement enables administrators to manage VPN user credentials directly from Nebula Control Center (NCC) without relying on local databases or…
Nebula Assigned Domain Name
To streamline secure remote access, USG FLEX H Series Firewall now supports Nebula-assigned domain names. This feature provides each Nebula-managed firewall with a unique, auto-generated FQDN, making it easier to set up and manage Remote Access VPN connections. In this article, we’ll explore what the Nebula-assigned domain…
Remote Access VPN – Cloud Integration
USG FLEX H Series Firewall continues to unify network management and VPN deployment with the integration of Remote Access VPN configuration into the Nebula Cloud platform. With this update, administrators can now manage secure remote connectivity directly from Nebula, eliminating the need for local access to firewall…
Captive Portal – External Portal
USG FLEX H Series Firewall has introduced support for External Captive Portals in its latest firmware updates, giving administrators the freedom to design and host their own custom login pages. This feature is especially valuable for businesses, hotels, schools, and public venues seeking a branded, flexible authentication…
Captive Portal – Click to Continue Method
USG FLEX H Series Firewall has added a new authentication option to its Captive Portal: the Click to Continue (CTC) method. This alternative to traditional username-password login simplifies the onboarding process, especially for guest networks or public Wi-Fi environments. 1. What is Click to Continue? Traditionally,…
Captive Portal – Auth Policy List and New Matching Criteria
As part of our continuous effort to improve user experience and network security, Zyxel Networks has introduced a USG FLEX H Series of enhancements to the Captive Portal feature. In this article, we’ll walk you through the key updates, including the newly designed Auth Policy List UI and the addition of matching criteria…
Captive Portal – Advanced Settings
In the latest firmware update for USG FLEX H Series, Captive Portal receives significant enhancements to its Advanced Settings. This article will walk you through the new advanced features, including improved redirect behavior, landing page options, HTTPS handling, and idle timeout configurations. 1. Customizable Landing…
VPN Parameter Expansion: Increased Limits for High-End Zyxel Firewalls
To meet the growing demands of large-scale network environments, Zyxel has expanded several key VPN-related parameters in its latest firmware release. This enhancement provides more flexibility for enterprise deployments, particularly for customers using high-end models like the USG FLEX 500H and USG FLEX 700H. What’s New…
USG FLEX H Series Firewall: IGMP Proxy Support
Multicast traffic, especially for IPTV or live video streaming, requires efficient handling across networks. To support this, USG FLEX H Series firewalls now include IGMP Proxy functionality - allowing multicast traffic to flow seamlessly between your internal clients and external multicast servers. What Is IGMP Proxy?…
Enhanced DoS Prevention for Port Scanning
USG FLEX H Series Firewall has enhanced the DoS (Denial of Service) Prevention feature in its latest firmware, specifically improving the way the firewall handles port scanning attacks. These adjustments help reduce CPU load. What Is DoS Port Scanning Protection? Port scanning is a technique often used by attackers to…
Custom Source IP for Connectivity Checks
In our latest firmware update, USG FLEX H Series Firewalls has an important enhancement for connectivity and route monitoring - the ability to set a custom source IP address for connectivity checks. The Challenge Some ISPs assign: Private IP addresses for PPPoE interface negotiation Public IP addresses for actual traffic…
USG FLEX H Series Firewall: Bandwidth Management for TikTok Traffic
USG FLE X H Series latest firmware introduces a powerful enhancement to Bandwidth Management (BWM): direct control over TikTok traffic. This is especially useful for schools, businesses, and home users who want to optimize or limit TikTok usage on their networks. What’s New? A new application signature for TikTok is added…
New Security Enhancement: Anti-Malware Scanning for HTTP File Uploads
USG FLEX H Series latest firmware update brings an important upgrade to its Anti-Malware engine: real-time scanning of HTTP uploads, including HTTP POST requests. This enhancement ensures malware is intercepted not just during downloads, but also during file uploads services. What’s Implemented? Traditionally, Zyxel…
Device HA Config Apply Behavior
In the latest firmware update, Zyxel has introduced a enhancement to Device HA (High Availability) to address a situation when importing configurations with Device HA enabled to another device. Background Previously, when restoring a backup configuration from a customer site or another device that had Device HA enabled,…
Device HA: Enhanced Debug Logging Support
With the latest firmware, Device HA on Zyxel firewalls receives a significant enhancement around debug log collection - making troubleshooting HA pairs far more effective and easier to manage. What’s New 1. Persistent Debug Logs When you enable debug logging for DeviceHA, the firewall now writes logs to its flash storage,…
AP Controller Enhancement (2)- Access Control & Client Management Enhancement
1. What are the updates to MAC Filtering and Client Policy? The client-policy options have been expanded and renamed: Previous Policy New Name Behavior Normal No Policy Default – client allowed Block Block Client denied —(new) Allow Client explicitly permitted MAC Filtering Modes: Mode Description Disabled (Default) All…
AP Controller Enhancement (1) – Smart Mesh, Radio Management, SSID settings Enhancement
Overview In this firmware release, Zyxel firewalls acting as AP Controllers (APC) introduce a series of major enhancements, extending management capabilities for Wi-Fi 6 and Wi-Fi 7 access points. These updates improve Smart Mesh control, radio configuration, SSID flexibility, and client access control, ensuring unified…
uOS -Default Trunk Algorithm
Overview In the latest firmware release, Zyxel firewalls introduce an important change to the default WAN trunk configuration. The default trunk algorithm has been updated to Least Load First, replacing the previous default of Weighted Round Robin. This change improves load distribution efficiency and ensures consistent…
uOS - WAN Trunk Link Sticking
Overview The WAN Trunk Link Sticking feature is designed to maintain session consistency by ensuring that traffic from the same source IP to the same destination continues to use the same WAN interface. This function enhances connection stability for applications or services that are sensitive to IP address changes — such…
uOS Section – GUI and Feature Enhancements Overview
Overview This section introduces a collection of graphical user interface (GUI) and functionality enhancements made to the Zyxel USG FLEX H Series Firewalls in the latest firmware release. The improvements aim to simplify configuration, improve clarity, and prevent common misconfigurations across trunk interfaces, routing,…
What is the maximum number of VLAN interface supported on each operation mode of USG FLEX H?
Question: What is the maximum number of VLAN interface supported on each operation mode of USG FLEX H? Answer: Nebula mode On-premises mode USG FLEX 50H 8 8 USG FLEX 50HP 8 8 USG FLEX 100H 16 16 USG FLEX 100HP 16 16 USG FLEX 200H 32 32 USG FLEX 200HP 32 32 USG FLEX 500H 64 64 USG FLEX 700H 128 128
Why can't I initiate 'Request to Download' from the SecuReporter to download the History Data?
Question : Why can't I initiate 'Request to Download' from the SecuReporter to download the History Data? Answer : The reason the user cannot initiate 'Request to Download' from the SecuReporter to download the History Data is that only the organization owner has permission to do so. As shown below, only the org owner,…
How to troubleshoot high CPU usage on USG FLEX H?
Question: How to troubleshoot high CPU usage on USG FLEX H? Answer: If the CPU usage rises again, use the following debug commands, one at a time. Share the output with support for further assistance. show clock date show clock time show cpu ps | no-pager show cpu status | no-pager show mem ps | no-pager show mem status…
Why is USG FLEX H Series Traffic Usage Not Displayed in SecuReporter?
Question: The "Traffic Usage" ranking section in SecuReporter is not displaying any data for the USG FLEX H Series devices. Even though traffic logs are properly generated and visible under SecuReporter > Search Log > Traffic Log, the dashboard shows no data. Why is USG FLEX H series traffic usage not displayed in…
How to set an automatic logout timing on USG FLEX H?
Question: How can I configure automatic logout for users? Answer: You can configure an automatic logout time via the web GUI. Log in to the web interface of the USG FLEX H. Navigate to User & Authentication > User/Group > Setting. Adjust the "Reauthentication Time" for each user type account as needed. This will enforce a…
Why is admin logged in on 127.0.0.1?
Question: Why does the admin appear logged in at "127.0.0.1"? Answer: The "127.0.0.1" login address originates from the Nebula Live Tool when a remote configuration connection is established. Verify if the remote configurator has been used to establish a remote session to your device.
Why can't security policy names be renamed in Nebula?
Question: Why can't security policy names be renamed in Nebula? Answer: In the current uOS system architecture, the security policy name is used as a unique key for system identification and processing. As a result, it is not possible to rename security policy names without significantly changing the underlying system…
How to Deploy Device HA on USG FLEX H?
The Device HA feature acts as a failover when one of the devices in the network fails or can’t access the Internet. Device HA uses a dedicated heartbeat link between an active device and a passive device for status syncing and backup to the passive device. On the passive device, all ports are disabled except for the port…
Secure Reporter Performance and SecurePilot Enhancements in Firmware 1.35
Alongside role-mapping improvements and Pay-As-You-Go license support, the latest updates to Secure Reporter focus on improving performance, log handling, and AI-driven insights. Log Throttling for Better Performance One of the challenges in Secure Reporter is handling large volumes of event logs efficiently. With firmware…
Admin 3.0 and Secure Reporter: Role Mapping and Privilege Updates
With the release of Admin 3.0, Zyxel introduces a revamped role and privilege structure designed to align more closely with Secure Reporter and Nebula Control Center (NCC). This alignment ensures a more consistent administrator experience across platforms and improves security management across multi-device and MSP…
Secure Reporter Update: Pay-As-You-Go Subscription Model Now Supported
Zyxel’s Secure Reporter now supports the Pay-As-You-Go (PAYG) subscription model, offering customers greater flexibility in managing their security service licenses. What’s New? Previously, Secure Reporter only displayed information for license-based subscriptions (fixed-term licenses with expiration dates). With firmware…
Firmware 1.35 Update: SSID Names Now Support UTF-8 Characters
Zyxel firewalls continue to align with modern wireless standards and Nebula features. With firmware version 1.35, SSID names configured on the firewall now support the UTF-8 character set. What Does This Mean? Previously, SSID names were restricted to basic alphanumeric characters and a limited set of symbols. With UTF-8…
Firmware 1.35 Update: Mesh Wireless Bridge Configuration Now Available via Firewall
Mesh Wireless Bridge isn't a new feature for Zyxel access points—but with firmware version 1.35, you can now configure and manage wireless bridge settings directly from the firewall’s AP Controller interface, making it easier to deploy wireless bridging without needing separate tools or platforms. What Is Mesh Wireless…
New in Firmware 1.35: Group-Level LED Suppression for Managed APs
Zyxel continues to enhance the usability of its AP Controller (APC) feature with the introduction of AP Group LED Suppression Settings in firmware version 1.35. This small but meaningful update gives administrators better control over the visual behavior of their access points (APs)—especially in environments where…
New in Firmware 1.35: Local MAC Authentication for Wireless Clients via AP Controller
With firmware version 1.35, Zyxel firewalls gain a valuable enhancement for wireless security: local MAC authentication for wireless clients managed via the built-in AP Controller (APC). What’s New? Previously, Zyxel firewalls supported MAC address-based authentication only through external RADIUS servers. With this…

Welcome!

It looks like you're new here. Sign in or register to get started.