-
uOS 1.32: Quick DHCP IP Renewal Option Now Available for External Interfaces
As part of the usability improvements in Zyxel’s uOS 1.32 firmware, a helpful feature has been introduced for network administrators managing external (WAN) interfaces that use dynamic IP (DHCP) assignment. New: Manual DHCP Release/Renew Button Previously, if you needed to refresh the IP address on an external interface…
-
Device HA Enhancements in uOS 1.32
High availability (HA) is a cornerstone of reliable network infrastructure, and with uOS 1.32, Zyxel introduces a comprehensive set of Device HA enhancements to improve stability, simplify troubleshooting, and increase visibility into your failover systems. What’s New in Device HA? 1. HA Status LED Indicator The PWR/SY…
-
BWM Enhancements in uOS 1.32: Smarter Bandwidth Control
The release of uOS 1.32 brings powerful new improvements to Bandwidth Management (BWM), giving administrators greater flexibility and control over how bandwidth is distributed across users and devices. These enhancements make it easier to ensure fair usage, prevent congestion, and enforce traffic policies at both the user…
-
uOS 1.32 Bridge Enhancements: Now Supporting VPN Traffic Routing
Zyxel Networks continues to refine the flexibility and capability of its firewall platform with the latest firmware update, introducing powerful enhancements to bridge interfaces in uOS 1.32. These updates now allow bridge interfaces to participate in various VPN configurations—significantly improving deployment options…
-
AP Controller in uOS 1.32
The latest uOS 1.32 firmware brings the AP Controller function in Zyxel USG FLEX H Series firewalls, making wireless access point (AP) deployment, management, and monitoring simpler, more intelligent, and more scalable for businesses of all sizes. What Is the AP Controller? Zyxel's AP Controller (APC) allows uOS firewalls…
-
uOS 1.32: External Group Users for Policy Control and Authentication
Zyxel’s latest firmware update introduces enhanced External Group User support across its uOS-based firewalls. This feature allows organizations to integrate external authentication systems such as Active Directory (AD), LDAP, or RADIUS to manage and apply user-based policies more effectively across multiple security…
-
Captive Portal in uOS 1.32
Zyxel Networks continues to improve the user authentication experience with the Captive Portal feature in firmware uOS 1.32. These updates offer better control, improved flexibility, and stronger security for managing user access to the Internet. What is Captive Portal? The Captive Portal is a web-based authentication…
-
Simplify Peer-to-Peer Networking with Tailscale VPN
Zyxel has introduced Tailscale VPN support to its uOS-powered H Series firewalls, offering a peer-to-peer VPN solution as an alternative to traditional IPsec VPNs. This integration brings greater simplicity, reduced latency, and more flexibility to VPN deployments across devices and networks. What Is Tailscale VPN?…
-
LAG Interface Now Supported in uOS 1.32
Zyxel’s uOS 1.32 introduces Link Aggregation Group (LAG) interface support for H Series firewalls, enabling administrators to combine multiple physical interfaces into a single logical link. This provides improved bandwidth, redundancy, and failover capability—ideal for demanding network environments. What is a LAG…
-
Secure WiFi License for H Series Firewalls – Scale Your AP Management
As part of the ongoing enhancements in uOS 1.32, Zyxel introduces the Secure WiFi License for H Series firewalls — a licensing option designed to expand the number of access points (APs) that can be managed directly from the firewall. What Is the Secure WiFi License? The USG FLEX H Series firewall supports functioning as a…
-
New in uOS: Route Trace Tool
Zyxel’s latest uOS 1.32 firmware introduces a valuable diagnostic utility for administrators - the Route Trace tool. This enhancement provides deep visibility into how traffic flows through your firewall, helping quickly identify routing behavior and policy impacts. What Is Route Trace? Route Trace allows administrators to…
-
uOS Security Update: Removal of DHE Key Exchange
As part of its continued commitment to stronger cybersecurity, Zyxel's latest uOS version 1.32 introduces an important change: the removal of DHE (Diffie-Hellman Ephemeral) key exchange for services such as SSL VPN, HTTPS, SSH, and FTPS. Why Remove DHE? DHE key exchange requires large key sizes (e.g., 2048-bit or 4096-bit…
-
uOS v1.32 Adds Implicit Deny for Application Patrol
With uOS version 1.32, Zyxel introduces a much-anticipated update to the Application Patrol feature - the ability to enforce implicit deny rules. This enhancement offers network administrators a more secure and controlled application filtering environment by explicitly denying all unspecified traffic when a policy is…
-
uOS v1.32 - DoH and DoT Blocking
Zyxel's uOS v1.32 brings an essential security enhancement DNS over HTTPS (DoH) and DNS over TLS (DoT) blocking. This feature strengthens your ability to inspect and control DNS queries, ensuring that encrypted DNS traffic doesn't bypass your content filters and security policies. What Are DoH and DoT? DoH (DNS over HTTPS)…
-
H Series Firewalls: Application Usage Monitoring Now Available in Nebula
With the release of Nebula 19.00, H Series firewalls now support application usage visibility directly from the Nebula Control Center (NCC) dashboard. This enhancement gives network administrators real-time insights into what applications are consuming network bandwidth and which clients are generating the most traffic.…
-
H Series Firewalls: Site-to-Site VPN in Nebula vs. Local GUI
Zyxel’s Nebula Control Center (NCC) now offers comprehensive VPN management for H Series firewalls, including both SD-VPN (Software-Defined VPN) and manual link VPN options. This guide outlines key details and differences between cloud and local configuration, how to monitor VPN tunnels, and important tips for managing…
-
H Series Firewalls: Routing Configuration in Nebula vs. Local GUI
As cloud-based management becomes increasingly popular, Zyxel continues to align its local and Nebula experiences for the H Series firewalls. However, there are still a few differences when configuring routing policies. Policy Route: Trunk Configuration Difference What Is a Policy Route? Policy routing lets administrators…
-
H Series Firewalls: Understanding Ports & Interfaces in Nebula vs. Local GUI
With the H Series firewalls now fully integrated into Zyxel's Nebula Cloud Management, understanding the differences between cloud-based and local configurations when managing ports and interfaces. What’s the Same? Both local and cloud interfaces display: Port status Link speed Interface names Role designations (e.g., WAN,…
-
Nebula VPN Enhancements: Renaming & Interface Logic Updates
Zyxel Networks has implemented several updates to its VPN services for all cloud-managed security appliances (USG FLEX, ATP, Security Routers, and H Series). These enhancements affect not only the naming conventions but also the underlying VPN interface behavior, especially in environments with multiple WAN connections.…
-
Initial Setup Wizard for Subnet Allocation
In Nebula 18.30, USG FLEX H series support Nebula VPN, to simplify VPN configuration and prevent subnet conflicts, NCC automatically assigns subnets for the local network when setting up centralized firewalls. How Subnet Allocation Works: USG FLEX / ATP Firewalls → VPN subnet starts from 192.168.1.0/24 USG FLEX H Series…
-
How to Deploy Device HA on USG FLEX H?
The Device HA feature acts as a failover when one of the devices in the network fails or can’t access the Internet. Device HA uses a dedicated heartbeat link between an active device and a passive device for status syncing and backup to the passive device. On the passive device, all ports are disabled except for the port…
-
Secure Reporter Performance and SecurePilot Enhancements in Firmware 1.35
Alongside role-mapping improvements and Pay-As-You-Go license support, the latest updates to Secure Reporter focus on improving performance, log handling, and AI-driven insights. Log Throttling for Better Performance One of the challenges in Secure Reporter is handling large volumes of event logs efficiently. With firmware…
-
Admin 3.0 and Secure Reporter: Role Mapping and Privilege Updates
With the release of Admin 3.0, Zyxel introduces a revamped role and privilege structure designed to align more closely with Secure Reporter and Nebula Control Center (NCC). This alignment ensures a more consistent administrator experience across platforms and improves security management across multi-device and MSP…
-
Secure Reporter Update: Pay-As-You-Go Subscription Model Now Supported
Zyxel’s Secure Reporter now supports the Pay-As-You-Go (PAYG) subscription model, offering customers greater flexibility in managing their security service licenses. What’s New? Previously, Secure Reporter only displayed information for license-based subscriptions (fixed-term licenses with expiration dates). With firmware…
-
Firmware 1.35 Update: SSID Names Now Support UTF-8 Characters
Zyxel firewalls continue to align with modern wireless standards and Nebula features. With firmware version 1.35, SSID names configured on the firewall now support the UTF-8 character set. What Does This Mean? Previously, SSID names were restricted to basic alphanumeric characters and a limited set of symbols. With UTF-8…
-
Firmware 1.35 Update: Mesh Wireless Bridge Configuration Now Available via Firewall
Mesh Wireless Bridge isn't a new feature for Zyxel access points—but with firmware version 1.35, you can now configure and manage wireless bridge settings directly from the firewall’s AP Controller interface, making it easier to deploy wireless bridging without needing separate tools or platforms. What Is Mesh Wireless…
-
New in Firmware 1.35: Group-Level LED Suppression for Managed APs
Zyxel continues to enhance the usability of its AP Controller (APC) feature with the introduction of AP Group LED Suppression Settings in firmware version 1.35. This small but meaningful update gives administrators better control over the visual behavior of their access points (APs)—especially in environments where…
-
New in Firmware 1.35: Local MAC Authentication for Wireless Clients via AP Controller
With firmware version 1.35, Zyxel firewalls gain a valuable enhancement for wireless security: local MAC authentication for wireless clients managed via the built-in AP Controller (APC). What’s New? Previously, Zyxel firewalls supported MAC address-based authentication only through external RADIUS servers. With this…
-
Configuration Backup Rotation: Smarter Auto-Backup Management in Firmware 1.35
Zyxel firewalls have long supported configuration file management through both manual and scheduled (auto) backups. However, with limited internal storage, managing file capacity effectively is critical. Firmware version 1.35 introduces a new feature—Configuration Backup Rotation—to help automate this process intelligently…
-
Device HA Enhancements in Firmware 1.35: Improved Synchronization, Port Management, Failover Control
Firmware 1.35 brings a powerful set of enhancements to Device HA Pro, designed to improve system resilience, simplify upgrade scenarios, and refine synchronization behavior across firewall pairs. Below are the five key enhancements you need to know. Enhancement 1: Expanded Full Synchronization Triggers Previously, full…
-
Enforcing Online Safety with DNS Safe Search on Zyxel Firewalls
While DNS Safe Search isn't a new feature for Zyxel firewalls—having already been available in Nebula-managed ZLD models—firmware updates have refined and expanded its usability. This feature is especially beneficial for households, schools, and any environment where stricter content control is needed. What IS DNS Safe…
-
IP Reputation System Protect Enhancement in Firmware 1.35: Improved VPN Compatibility
In Zyxel firmware version 1.35, we've introduced a crucial update to the IP Reputation System Protect feature to resolve a long-standing challenge affecting VPN tunnel establishment—especially when dealing with public IPs flagged as malicious. The Problem: VPN Tunnel Fails Due to IP Reputation Blocking Some users…
-
Zyxel x Avast: Introducing Endpoint Protection Monitoring in Firmware 1.35
As part of Zyxel’s ongoing evolution in cybersecurity solutions, firmware version 1.35 introduces the first phase of integration with Avast, a globally recognized leader in SMB endpoint security. While this development is still in its early stages, it lays the groundwork for deeper, more impactful collaboration in the…
-
Tailscale VPN Enhancements in Zyxel Firmware 1.35: Improved UI Clarity and Routing Flow Integration
Firmware version 1.35 brings small but meaningful improvements to the Tailscale VPN integration in Zyxel firewalls, focusing on better user clarity and network routing transparency. Improved Labeling for Better Understanding Previously, in the Tailscale VPN interface, the button used to disable the service and remove…
-
New Feature Spotlight: VPN Connectivity Check Tool for Easier Tunnel Testing
With the release of firmware version 1.35, Zyxel firewalls now include a VPN Connectivity Check tool—an essential enhancement that streamlines VPN troubleshooting for administrators. Here’s everything you need to know about this powerful new feature. What Is VPN Connectivity Check? Traditionally, validating VPN tunnel…
-
Zyxel uOS Firmware Update 1.35: Unified Simultaneous Admin Login Policy Across All H-Series Models
In our continued effort to streamline system management and enforce better security practices, uOS firmware version 1.35 introduces a key change to how simultaneous admin logins are handled across all H-Series models. Previous Behavior: Login Limits Varied by Model Previously, the maximum number of simultaneous admin user…
-
uOS 1.35 – Active Directory (AD) Server Enhancement: Bind DN Base Support
When integrating a Zyxel firewall with an Active Directory (AD) server for external user authentication, two important parameters define how the firewall communicates with AD: Search Base DN – specifies where the firewall should begin searching for user accounts. Bind DN Base – specifies where the administrator (bind)…
-
uOS 1.35 – External Group Users Now Supported in Remote Access VPN
Previously, external group user objects in Zyxel firewalls were limited in scope. They could be referenced in security policies, policy routes, session control, and VMW settings, but not in VPN authentication. With uOS 1.35, external group users can now also be used in Remote Access VPN profiles. This provides more…
-
uOS 1.35 – VLAN Support over LAG Interfaces
With uOS 1.35, Zyxel firewalls now support VLAN interfaces bound to Link Aggregation Groups (LAGs). This enhancement greatly improves flexibility for environments using aggregated uplinks to switches. Previous Limitation Prior to firmware 1.35, VLAN interfaces could only be created on individual physical ports (GE1, GE2,…
-
uOS 1.35 – Single Passive Interface Rule Allowed in Trunk
In addition to failover improvements and duplicate interface checks, uOS 1.35 introduces a correction to how passive WAN interfaces are handled in trunk profiles. Previous Behavior (Before 1.35) The GUI allowed administrators to configure multiple passive interfaces in a single trunk profile. However, in reality, the…