-
How to pre-config USG FLEX H on Nebula before it is online
Starting from firmware uOS1.35, Zyxel’s USG FLEX H series supports remote pre-configuration directly from Nebula—even before the device is powered on. To use this feature, make sure your device is running the required firmware: Newly purchased units must complete the initial setup wizard to keep the firmware up to date.…
-
SecuReporter - Device Health Anomaly Detection
What Is Device Health Anomaly Detection? SecuReporter Device Health Anomaly Detection uses AI analysis to monitor and assess the operational health of your firewall. By comparing CPU usage, memory usage, and session usage against a baseline built from the previous week's data, it can detect unusual patterns that may…
-
uOS - Policy Route with Application Criteria
Application-Based Policy Routing Policy routes in uOS have been enhanced to support Application Criteria. Instead of being limited to IP addresses or service objects (ports), administrators can now route traffic based on specific applications identified by the firewall's inspection engine. GUI and NCC Implementation In the…
-
uOS - Custom VPN Provisioning Port
Customizing the VPN Provisioning Port To provide greater flexibility and avoid management conflicts, UOS now supports changing the VPN Configuration Provisioning port. By default, this service uses port 443, which is also the standard port for web management. Configuration Steps Currently, this feature is CLI-only. * CLI…
-
uOS - Policy Based VPN with Policy Routes
Policy Based VPN with Dynamic Peers This update enables Policy Routes to work with Dynamic Peer VPN tunnels. Routing Logic and Limitations When a policy route uses a dynamic VPN tunnel as the next hop, a unique rule applies: the destination address in the policy route is ignored. Instead, the firewall automatically uses…
-
uOS - SSL VPN Certificate Visibility
Monitoring SSL VPN Certificate Expiry A new visibility enhancement in version 1.37 allows administrators to monitor the validity period of SSL VPN certificates directly. Previously, users could not easily see when the certificate packaged in the provisioning file would expire. Management and Verification The expiration…
-
uOS - IPSec VPN AES-GCM Enabled
Implementing AES-GCM for IPSec VPN UOS now supports AES-GCM (Galois/Counter Mode) for IPSec VPNs. This is an AEAD (Authenticated Encryption with Associated Data) mode that provides both encryption and authentication in a single, efficient step. IKEv2 and PRF Requirements AES-GCM is only supported when using IKEv2 because…
-
uOS - VPN Phase 2 Interface Subnet Selection
Simplified VPN Subnet Selection Zyxel has introduced fixed objects for LAN1 and LAN2 subnets in VPN Phase 2 configurations. These objects are permanent references to the GE3 and GE4 interfaces. Configuration Benefits Prior to this update, changing the IP address of a local interface required the administrator to manually…
-
uOS - Captive Portal Enhancements
Advanced Captive Portal Features Firmware version 1.37 introduces several enhancements to the Captive Portal, focusing on third-party integration and expanded user support. 1. External Portal Redirect Parameters When using third-party portals like Purple Wi-Fi, specific attribute names are often required (e.g., using…
-
uOS - BWM 802.1P
Enhancing Traffic Priority with 802.1P The 802.1P standard allows Bandwidth Management (BWM) to attach a priority value (0 to 7) to the VLAN header of traffic. This ensures that high-priority data, such as VoIP or video, receives preferential treatment as it moves through the uplink or ISP network. Configure 802.1P Network…
-
uOS - Interface Rate Limiting
Interface Rate Limiting and Bandwidth Management Zyxel has introduced Interface Rate Limiting to work alongside Bandwidth Management (BWM). While BWM sets limits per IP, it cannot set a threshold for the total bandwidth consumed by all clients on an interface. Interface Rate Limiting provides this total threshold, acting…
-
uOS - Import DHCP Reservations
Importing DHCP Reservations in uOS Zyxel Networks has transitioned from the term "static binding" used in ZLD to DHCP Reservation in the new uOS firmware. This feature is located under Network Status > DHCP Table and allows administrators to reserve specific IP addresses for clients within a subnet. Benefits and File…
-
uOS - Wireless Report
Wireless Email Reports The Email Daily Report feature has been expanded to include a dedicated section for wireless performance. This allows administrators to receive automated summaries of network health directly in their inbox. Key Metrics Included * Station Count Statistics: Reports the total number of stations…
-
uOS - Wireless Status
Wireless Status Monitoring The Wireless Status section provides administrators with an overview of all AP and wireless client activity over time. Data is collected hourly based on the system clock and stored in RAM, which means statistics are cleared upon a system reboot or firmware upgrade. Data Retention by Model The…
-
uOS - APC Enhancements - MAC Filtering Wildcard
MAC Filtering with Wildcard Support Client policies now support MAC address wildcards, allowing administrators to create broad rules for groups of devices based on their Organization Unique Identifier (OUI). Implementing Wildcard Masks Using a mask where "F" represents a matching value and "0" allows any value,…
-
uOS - APC Enhancements - AP Diagnostics
Advanced AP Diagnostics A new AP Diagnostics section has been added to the management menu, offering three primary tools to assist HQ support teams in troubleshooting managed access points. AP Diagnostic Tools * Diagnostics Tab: Collects and downloads system diagnostics from specific APs to either onboard storage or a USB…
-
uOS - APC Enhancements - SNMP Redesign
SNMP Configuration Redesign In firmware version 1.37 and AP version 7.30, the AP controller now provisions SNMP settings directly to all managed access points. Previously, the controller would automatically disable SNMP on APs once they were under management. CLI Structure Alignment The CLI structure for access points has…
-
uOS - APC Enhancements - SSID Info
SSID Information Dashboard The SSID Info page provides a comprehensive breakdown of every SSID and its associated radio activity across all managed access points. It displays station counts categorized by frequency bands: 2.4 GHz, 5 GHz, and 6 GHz. Integrated Client Filtering The dashboard includes interactive elements…
-
uOS - APC Enhancements - Bulk Per-Radio Setup
Bulk Per-Radio Setup To improve management efficiency, version 1.37 allows for the bulk configuration of radio settings for multiple APs simultaneously within AP groups. Instead of manually editing each unit, administrators can select multiple APs and update their channel and width settings in a single window. Handling…
-
APC Enhancements - Certificate Selection
Certificate Selection for AP Management Administrators now have the ability to manually select the Server Certificate for the internal authentication server within the AP Management service. This feature allows for the use of custom certificates for wireless clients using WPA Enterprise, specifically when EAP Proxy is…
