Other Topics - Zyxel Community

USB Storage – Full Warning in USG Flex H Series
Disk Full Warning Overview This feature provides event logs and automated actions when the remaining space on a connected USB Flash Drive falls below a user-defined threshold. Key Behavior: Threshold criteria: Based on remaining space (not total capacity). Additional option can be applied that automatically removes the…
Unlocking Lockout Users in USG FLEX H Series (v1.31 Update)
What are Lockout Users? The firewall automatically blocks source IP addresses that attempt to brute-force device login by exceeding the fail threshold. [New in v1.31] Lockout IP Management Page Provides administrators with a dedicated page to view and manage locked-out IP addresses.Allows manual unlocking of locked-out…
uOS – Configuration Migration Tool
Seamlessly Upgrade Your Firewall Configuration Zyxel has introduced a Configuration Migration Tool to help users migrate settings from older Zyxel firewalls (USG, ATP, VPN, FLEX) to USG FLEX H-Series firewall. This tool automates the process, reducing the need for manual reconfiguration when upgrading to USG FLEX H-Series…
uOS 1.31 – Email Certificate Feature
New Feature: Email Certificates Directly from Your Firewall In uOS 1.31, Zyxel firewalls now allow administrators to email SSL certificates directly from the firewall's interface. Instead of manually downloading and sharing certificates, you can now send them as email attachments to recipients. How to Configure It Go to:…
uOS 1.31 – Notification Alert Enhancements
In uOS 1.31, Zyxel firewalls now support event-based email notifications for system alerts. This enhances the existing log alerts by allowing admins to receive real-time email notifications when important events occur. How to Enable Event Notifications Step 1: Configure Email Server Before enabling notifications, set up a…
uOS - Download Standby Partition Files (v1.31 Update)
The Download Standby Partition Files feature in uOS 1.31 allows users to view and download standby partition files, including: Configuration files Debug logs Viewing Standby Partition Files The web GUI only displays files from the running partition, the standby partition is hidden Users can view standby partition by…
Device HA (High Availability) in uOS 1.31
Device HA ensures uninterrupted network connectivity by deploying two firewalls in an active-passive setup. If the active device fails or loses connectivity, the passive device takes over automatically to maintain network stability. 1. Requirements of Device HA Requires Same Model & Firmware: Both firewalls must be the…
NAT Over IPSec VPN in uOS 1.31
The NAT Over IPSec VPN feature in uOS 1.31 allows network administrators to use Network Address Translation (NAT) inside an IPSec VPN tunnel. This is crucial for: This feature is now available for policy-based VPNs, while route-based VPNs have already supported NAT in previous versions. 1. Type of Types of NAT Over IPSec…
Bridge Interface Enhancements in uOS 1.31: Improved Configuration & Restrictions
With uOS 1.31, Zyxel has enhanced bridge interface management to eliminate configuration conflicts and improve usability. 1. Why Were These Changes Made? Previously, users could add any physical or VLAN interface to a bridge without restriction. However, this caused confusion because: Some interface settings stopped…
Secondary IP in uOS: Expanding Network Flexibility
The Secondary IP feature in uOS 1.31 allows administrators to assign multiple IP addresses to a single network interface. This capability is useful for expanding network addressing, managing multiple services, and ensuring better network segmentation—all without requiring additional hardware. 1. What is a Secondary IP? A…
WAN Connection Auto Rollback in uOS 1.31
The WAN Connection Auto Rollback feature in uOS 1.31 ensures that a firewall does not lose its Internet connection due to misconfigured WAN settings. 1. What is WAN Connection Auto Rollback? Purpose: Prevents network downtime by automatically reverting to the previous working WAN configuration if a new setting disconnects…
uOS – Packet Flow Explorer
1. What is Packet Flow Explorer? The Packet Flow Explorer is a powerful troubleshooting tool in uOS firewalls that helps administrators analyze how traffic is processed. It shows how the firewall makes decisions based on routing, NAT, and policy rules. This tool is essential when multiple firewall rules overlap or…
SIP ALG in uOS: Understanding and Configuring VoIP Traffic Handling
SIP ALG (Session Initiation Protocol - Application Layer Gateway) is a firewall feature that helps manage SIP-based VoIP traffic across NAT (Network Address Translation) devices. The uOS firewall implementation of SIP ALG focuses on SIP and RTP pinholes, while SIP transformation is not supported due to its potential to…
Nebula Status Dashboard in uOS: Understanding Firewall Connectivity States
The Nebula Status Dashboard in uOS provides real-time visibility into a firewall’s connectivity with NCC. This feature, while introduced earlier, has some unique behaviors and quirks that administrators should be aware of. 1. Where to Find the Nebula Status Indicator Dashboard → Nebula Status Hovering over the status…
Nebula Status Network Tool in uOS: Troubleshoot Cloud Connectivity
The Nebula Status tool is an essential network diagnostic feature introduced in uOS 1.30. This tool helps administrators quickly diagnose connectivity issues between their firewall and NCC. Where to Find the Nebula Status Tool Navigate to: Maintenance → Diagnostics → Network Tool → Nebula Status When testing Nebula status,…
Object Member List Enhancements in uOS 1.31
With the uOS 1.31 update, Zyxel has introduced two key enhancements to the Object Member List in firewalls, making it faster and more user-friendly to manage Address Groups, Service Groups, and User Groups. 1. Direct "Add Object" Button from Member List Now, you can create new objects directly while editing a group!When…
Introducing the USG FLEX 50H/50HP: The Next-Generation Small Business Firewall
Zyxel is launching the USG FLEX 50H and USG FLEX 50HP, the latest additions to the H-Series firewall lineup. Set to release in Q1 2025, these models replace the USG FLEX 50 and bring enhanced security, performance, and cloud integration for small businesses. 1. Key Features & Hardware Overview The USG FLEX 50H/50HP offers…
Managing Security Services for USG FLEX H Series on NCC
With Nebula 18.30, users can now configure various security services for USG FLEX H Series firewalls directly on NCC. Security Services Now Configurable on NCC Path: Site-wide > Configure > Firewall > Security Services Users can now manage the following security services: Content Filter Application Patrol IP Exception DNS…
Managing USG FLEX H Series Objects on NCC
With Nebula 18.30, users can now create, edit, and manage objects for USG FLEX H Series firewalls directly on Nebula Control Center (NCC). What is an “Object”? In networking, an object refers to predefined network elements that can be referenced by multiple services for consistent and efficient configuration. New in Nebula…
Managing USG FLEX H Series Ports and Interfaces on NCC
With the Nebula 18.30 update, users can now configure ports and interfaces for USG FLEX H Series firewalls directly on Nebula Control Center (NCC). New Enhancements in Nebula 18.30: Users can create, edit, and manage interfaces from NCC. Supported Interface Roles: External – Typically used for WAN connections. Internal –…
What is the maximum number of VLAN interface supported on each operation mode of USG FLEX H?
Question: What is the maximum number of VLAN interface supported on each operation mode of USG FLEX H? Answer: Nebula mode On-premises mode USG FLEX 50H 8 8 USG FLEX 50HP 8 8 USG FLEX 100H 16 16 USG FLEX 100HP 16 16 USG FLEX 200H 32 32 USG FLEX 200HP 32 32 USG FLEX 500H 64 64 USG FLEX 700H 128 128
Why can't I initiate 'Request to Download' from the SecuReporter to download the History Data?
Question : Why can't I initiate 'Request to Download' from the SecuReporter to download the History Data? Answer : The reason the user cannot initiate 'Request to Download' from the SecuReporter to download the History Data is that only the organization owner has permission to do so. As shown below, only the org owner,…
How to troubleshoot high CPU usage on USG FLEX H?
Question: How to troubleshoot high CPU usage on USG FLEX H? Answer: If the CPU usage rises again, use the following debug commands, one at a time. Share the output with support for further assistance. show clock date show clock time show cpu ps | no-pager show cpu status | no-pager show mem ps | no-pager show mem status…
Why is USG FLEX H Series Traffic Usage Not Displayed in SecuReporter?
Question: The "Traffic Usage" ranking section in SecuReporter is not displaying any data for the USG FLEX H Series devices. Even though traffic logs are properly generated and visible under SecuReporter > Search Log > Traffic Log, the dashboard shows no data. Why is USG FLEX H series traffic usage not displayed in…
How to set an automatic logout timing on USG FLEX H?
Question: How can I configure automatic logout for users? Answer: You can configure an automatic logout time via the web GUI. Log in to the web interface of the USG FLEX H. Navigate to User & Authentication > User/Group > Setting. Adjust the "Reauthentication Time" for each user type account as needed. This will enforce a…
Why is admin logged in on 127.0.0.1?
Question: Why does the admin appear logged in at "127.0.0.1"? Answer: The "127.0.0.1" login address originates from the Nebula Live Tool when a remote configuration connection is established. Verify if the remote configurator has been used to establish a remote session to your device.
Why can't security policy names be renamed in Nebula?
Question: Why can't security policy names be renamed in Nebula? Answer: In the current uOS system architecture, the security policy name is used as a unique key for system identification and processing. As a result, it is not possible to rename security policy names without significantly changing the underlying system…
How to Deploy Device HA on USG FLEX H?
The Device HA feature acts as a failover when one of the devices in the network fails or can’t access the Internet. Device HA uses a dedicated heartbeat link between an active device and a passive device for status syncing and backup to the passive device. On the passive device, all ports are disabled except for the port…
Secure Reporter Performance and SecurePilot Enhancements in Firmware 1.35
Alongside role-mapping improvements and Pay-As-You-Go license support, the latest updates to Secure Reporter focus on improving performance, log handling, and AI-driven insights. Log Throttling for Better Performance One of the challenges in Secure Reporter is handling large volumes of event logs efficiently. With firmware…
Admin 3.0 and Secure Reporter: Role Mapping and Privilege Updates
With the release of Admin 3.0, Zyxel introduces a revamped role and privilege structure designed to align more closely with Secure Reporter and Nebula Control Center (NCC). This alignment ensures a more consistent administrator experience across platforms and improves security management across multi-device and MSP…
Secure Reporter Update: Pay-As-You-Go Subscription Model Now Supported
Zyxel’s Secure Reporter now supports the Pay-As-You-Go (PAYG) subscription model, offering customers greater flexibility in managing their security service licenses. What’s New? Previously, Secure Reporter only displayed information for license-based subscriptions (fixed-term licenses with expiration dates). With firmware…
Firmware 1.35 Update: SSID Names Now Support UTF-8 Characters
Zyxel firewalls continue to align with modern wireless standards and Nebula features. With firmware version 1.35, SSID names configured on the firewall now support the UTF-8 character set. What Does This Mean? Previously, SSID names were restricted to basic alphanumeric characters and a limited set of symbols. With UTF-8…
Firmware 1.35 Update: Mesh Wireless Bridge Configuration Now Available via Firewall
Mesh Wireless Bridge isn't a new feature for Zyxel access points—but with firmware version 1.35, you can now configure and manage wireless bridge settings directly from the firewall’s AP Controller interface, making it easier to deploy wireless bridging without needing separate tools or platforms. What Is Mesh Wireless…
New in Firmware 1.35: Group-Level LED Suppression for Managed APs
Zyxel continues to enhance the usability of its AP Controller (APC) feature with the introduction of AP Group LED Suppression Settings in firmware version 1.35. This small but meaningful update gives administrators better control over the visual behavior of their access points (APs)—especially in environments where…
New in Firmware 1.35: Local MAC Authentication for Wireless Clients via AP Controller
With firmware version 1.35, Zyxel firewalls gain a valuable enhancement for wireless security: local MAC authentication for wireless clients managed via the built-in AP Controller (APC). What’s New? Previously, Zyxel firewalls supported MAC address-based authentication only through external RADIUS servers. With this…
Configuration Backup Rotation: Smarter Auto-Backup Management in Firmware 1.35
Zyxel firewalls have long supported configuration file management through both manual and scheduled (auto) backups. However, with limited internal storage, managing file capacity effectively is critical. Firmware version 1.35 introduces a new feature—Configuration Backup Rotation—to help automate this process intelligently…
Device HA Enhancements in Firmware 1.35: Improved Synchronization, Port Management, Failover Control
Firmware 1.35 brings a powerful set of enhancements to Device HA Pro, designed to improve system resilience, simplify upgrade scenarios, and refine synchronization behavior across firewall pairs. Below are the five key enhancements you need to know. Enhancement 1: Expanded Full Synchronization Triggers Previously, full…
Enforcing Online Safety with DNS Safe Search on Zyxel Firewalls
While DNS Safe Search isn't a new feature for Zyxel firewalls—having already been available in Nebula-managed ZLD models—firmware updates have refined and expanded its usability. This feature is especially beneficial for households, schools, and any environment where stricter content control is needed. What IS DNS Safe…
IP Reputation System Protect Enhancement in Firmware 1.35: Improved VPN Compatibility
In Zyxel firmware version 1.35, we've introduced a crucial update to the IP Reputation System Protect feature to resolve a long-standing challenge affecting VPN tunnel establishment—especially when dealing with public IPs flagged as malicious. The Problem: VPN Tunnel Fails Due to IP Reputation Blocking Some users…
Zyxel x Avast: Introducing Endpoint Protection Monitoring in Firmware 1.35
As part of Zyxel’s ongoing evolution in cybersecurity solutions, firmware version 1.35 introduces the first phase of integration with Avast, a globally recognized leader in SMB endpoint security. While this development is still in its early stages, it lays the groundwork for deeper, more impactful collaboration in the…

Welcome!

It looks like you're new here. Sign in or register to get started.