-
Initial Setup Wizard for Subnet Allocation
In Nebula 18.30, USG FLEX H series support Nebula VPN, to simplify VPN configuration and prevent subnet conflicts, NCC automatically assigns subnets for the local network when setting up centralized firewalls. How Subnet Allocation Works: USG FLEX / ATP Firewalls → VPN subnet starts from 192.168.1.0/24 USG FLEX H Series…
-
Recovery Manager – Simplifying the RMA Process
The Recovery Manager is designed to streamline the RMA process by providing a simple one-button backup and restore solution. How to Use Recovery Manager? 1. Creating a Backup Path: MAINTENANCE > Firmware/File Manager > Configuration File Click the “Backup” button. Set an encryption password before generating the backup…
-
USB Storage – Full Warning in USG Flex H Series
Disk Full Warning Overview This feature provides event logs and automated actions when the remaining space on a connected USB Flash Drive falls below a user-defined threshold. Key Behavior: Threshold criteria: Based on remaining space (not total capacity). Additional option can be applied that automatically removes the…
-
Unlocking Lockout Users in USG FLEX H Series (v1.31 Update)
What are Lockout Users? The firewall automatically blocks source IP addresses that attempt to brute-force device login by exceeding the fail threshold. [New in v1.31] Lockout IP Management Page Provides administrators with a dedicated page to view and manage locked-out IP addresses.Allows manual unlocking of locked-out…
-
uOS – Configuration Migration Tool
Seamlessly Upgrade Your Firewall Configuration Zyxel has introduced a Configuration Migration Tool to help users migrate settings from older Zyxel firewalls (USG, ATP, VPN, FLEX) to USG FLEX H-Series firewall. This tool automates the process, reducing the need for manual reconfiguration when upgrading to USG FLEX H-Series…
-
uOS 1.31 – Email Certificate Feature
New Feature: Email Certificates Directly from Your Firewall In uOS 1.31, Zyxel firewalls now allow administrators to email SSL certificates directly from the firewall's interface. Instead of manually downloading and sharing certificates, you can now send them as email attachments to recipients. How to Configure It Go to:…
-
uOS 1.31 – Notification Alert Enhancements
In uOS 1.31, Zyxel firewalls now support event-based email notifications for system alerts. This enhances the existing log alerts by allowing admins to receive real-time email notifications when important events occur. How to Enable Event Notifications Step 1: Configure Email Server Before enabling notifications, set up a…
-
uOS - Download Standby Partition Files (v1.31 Update)
The Download Standby Partition Files feature in uOS 1.31 allows users to view and download standby partition files, including: Configuration files Debug logs Viewing Standby Partition Files The web GUI only displays files from the running partition, the standby partition is hidden Users can view standby partition by…
-
Device HA (High Availability) in uOS 1.31
Device HA ensures uninterrupted network connectivity by deploying two firewalls in an active-passive setup. If the active device fails or loses connectivity, the passive device takes over automatically to maintain network stability. 1. Requirements of Device HA Requires Same Model & Firmware: Both firewalls must be the…
-
NAT Over IPSec VPN in uOS 1.31
The NAT Over IPSec VPN feature in uOS 1.31 allows network administrators to use Network Address Translation (NAT) inside an IPSec VPN tunnel. This is crucial for: This feature is now available for policy-based VPNs, while route-based VPNs have already supported NAT in previous versions. 1. Type of Types of NAT Over IPSec…
-
Bridge Interface Enhancements in uOS 1.31: Improved Configuration & Restrictions
With uOS 1.31, Zyxel has enhanced bridge interface management to eliminate configuration conflicts and improve usability. 1. Why Were These Changes Made? Previously, users could add any physical or VLAN interface to a bridge without restriction. However, this caused confusion because: Some interface settings stopped…
-
Secondary IP in uOS: Expanding Network Flexibility
The Secondary IP feature in uOS 1.31 allows administrators to assign multiple IP addresses to a single network interface. This capability is useful for expanding network addressing, managing multiple services, and ensuring better network segmentation—all without requiring additional hardware. 1. What is a Secondary IP? A…
-
WAN Connection Auto Rollback in uOS 1.31
The WAN Connection Auto Rollback feature in uOS 1.31 ensures that a firewall does not lose its Internet connection due to misconfigured WAN settings. 1. What is WAN Connection Auto Rollback? Purpose: Prevents network downtime by automatically reverting to the previous working WAN configuration if a new setting disconnects…
-
uOS – Packet Flow Explorer
1. What is Packet Flow Explorer? The Packet Flow Explorer is a powerful troubleshooting tool in uOS firewalls that helps administrators analyze how traffic is processed. It shows how the firewall makes decisions based on routing, NAT, and policy rules. This tool is essential when multiple firewall rules overlap or…
-
SIP ALG in uOS: Understanding and Configuring VoIP Traffic Handling
SIP ALG (Session Initiation Protocol - Application Layer Gateway) is a firewall feature that helps manage SIP-based VoIP traffic across NAT (Network Address Translation) devices. The uOS firewall implementation of SIP ALG focuses on SIP and RTP pinholes, while SIP transformation is not supported due to its potential to…
-
Nebula Status Dashboard in uOS: Understanding Firewall Connectivity States
The Nebula Status Dashboard in uOS provides real-time visibility into a firewall’s connectivity with NCC. This feature, while introduced earlier, has some unique behaviors and quirks that administrators should be aware of. 1. Where to Find the Nebula Status Indicator Dashboard → Nebula Status Hovering over the status…
-
Nebula Status Network Tool in uOS: Troubleshoot Cloud Connectivity
The Nebula Status tool is an essential network diagnostic feature introduced in uOS 1.30. This tool helps administrators quickly diagnose connectivity issues between their firewall and NCC. Where to Find the Nebula Status Tool Navigate to: Maintenance → Diagnostics → Network Tool → Nebula Status When testing Nebula status,…
-
Object Member List Enhancements in uOS 1.31
With the uOS 1.31 update, Zyxel has introduced two key enhancements to the Object Member List in firewalls, making it faster and more user-friendly to manage Address Groups, Service Groups, and User Groups. 1. Direct "Add Object" Button from Member List Now, you can create new objects directly while editing a group!When…
-
Introducing the USG FLEX 50H/50HP: The Next-Generation Small Business Firewall
Zyxel is launching the USG FLEX 50H and USG FLEX 50HP, the latest additions to the H-Series firewall lineup. Set to release in Q1 2025, these models replace the USG FLEX 50 and bring enhanced security, performance, and cloud integration for small businesses. 1. Key Features & Hardware Overview The USG FLEX 50H/50HP offers…
-
Managing Security Services for USG FLEX H Series on NCC
With Nebula 18.30, users can now configure various security services for USG FLEX H Series firewalls directly on NCC. Security Services Now Configurable on NCC Path: Site-wide > Configure > Firewall > Security Services Users can now manage the following security services: Content Filter Application Patrol IP Exception DNS…
-
Understanding Nebula status of uOS firewall on local GUI
The Nebula Status Dashboard in uOS firewall provides real-time visibility into a firewall’s connectivity with NCC. The path: Dashboard > Nebula Status Hovering over the status provides a tooltip with additional details. Clicking the status opens the Nebula Status Network Tool (for troubleshooting connectivity issues) Your…
-
How to check the Nebula status of uOS firewall on local GUI?
The Nebula Status tool helps administrators quickly diagnose connectivity issues between their firewall and NCC. The method: Navigate to: Maintenance > Diagnostics > Network Tool > Nebula Status Click Test button When testing Nebula status, the results will indicate whether your firewall can successfully communicate with…
-
The AP Control Capabilities of uOS 1.32 Firewall
The uOS 1.32 firewall can function as a controller to manage and configure connected access points, handling SSID creation, security settings, and firmware updates. Key features include: Support for all USG FLEX H Series models New Nebula-inspired AP controller interface for improved usability Deployment Selection feature…
-
Which AP models are managed by uOS 1.32 APC?
The uOS 1.32 APC can manage AP models as below: WiFi 7: WBE660S, WBE530, WBE510D, WBE630S WiFi 6E: WAX620D-6E, WAX640S-6E WiFi 6: WAX510D, WAX610D, WAX630S, WAX650S, WAX655E, WAX300H WiFi 5: WAC500H
-
SYS LED Status for Device HA
Question: What is SYS LED status on active device and passive device? Answer:
-
How to Pause Device HA?
Question: How to Pause Device HA? Answer: For troubleshooting purpose, you can stop Device HA temporarily without unpairing the active and passive devices to troubleshoot the active device. Follow the steps below. Turn off the passive device or unplug all Ethernet cables except heartbeat port from the passive device. On…
-
Where to add the Static DHCP Table on USG FLEX H?
Static DHCP Table: Configure a list of static IP addresses the firewall assigns to computers/ clients connected to the interface. On Nebula: Creating static DHCP clients directly from the interface page. The path: Site-wide > Configure > Firewall > Port & Interface On Local GUI: Creating static DHCP clients from the DHCP…
-
How to Configure External Group Users on H series ?
If you are facing issues with configuring external group users (ext-group-user) via LDAP on the latest firmware version 1.32, here's a guide to resolve the problem: The root cause is your LDAP/AD server does not support attribute which we query. This may be common in non-Windows AD server Workaround: 1)Log in Firewall by…
-
How to Configure Custom DDNS on USG FLEX H firewall?
Question: How can I set up the DDNS service using Custom DDNS on USG FLEX H firewall? Answer: In this example, we use ipv64.net as DDNS service. To configure the DDNS service from ipv64.net using the Custom DDNS, please follow these steps: Log in to your ipv64.net account and navigate to the domain you have created. Find…
-
How to register two USG FLEX H firewalls in Nebula for Device HA configuration?
Question: How can we register two USG FLEX H firewalls in Nebula for Device HA configuration? Answer: To register two USG FLEX H firewalls in Nebula for Device HA, you need to register each firewall to a different site within the same organization. Create two sites within the same organization in Nebula. Assign the primary…
-
How to check synchronization state of Device HA on USG FLEX H?
Question: How to check synchronization state of Device HA on USG FLEX H? Answer: usgflex200h> show state vrf main device-ha _debug sync-info
-
How to force a full synchronization of Device HA on USG FLEX H?
Question: How to force a full synchronization of Device HA on USG FLEX H? Answer: usgflex200h> cmd device-ha force-sync full OKusgflex200h>
-
USG FLEX H Series [Firewall] - Initial Setup Wizard
This article provides step-by-step instructions for initial wizard to configuring the USG FLEX H Series Firewall. It will guide you through the process of first start and connecting the appliance to the internet and registering it. Initial Setup Before starting initial wizard, please ensure the following has been…
-
How to change the certificate on USG FLEX H Auth. Server page?
Question: How to change the certificate on USG FLEX H Auth. Server page? In the ATP/USG FLEX and ZyWALL 310 there was a "Auth. Server" page in the configuration menu for setting the certificate. I cannot find the same setting on USG FLEX H. Answer: USG FLEX H doesn't have Auth. Server page because it doesn't support to…
-
SecuReporter - Nebula Mobile App Push Notifications for Alerts
In the latest release, SecuReporter introduces a new feature for enhanced alert management: Push Notifications via the Nebula Mobile App. This feature enables administrators to receive instant notifications on their mobile devices for critical security alerts, helping them stay informed and respond quickly to network…
-
SecuReporter - Allow List
The Allow List feature in SecuReporter enhances security management by enabling administrators to specify trusted IP addresses that should not be flagged as threats. This is particularly useful for situations where legitimate services or applications are mistakenly flagged by the firewall’s reputation-based filtering. By…
-
SecuReporter - One-Click Log Download
The One-Click Log Download feature in SecuReporter simplifies the process of downloading historical log data. Previously, users had to download logs day-by-day, which was especially challenging for organizations required to maintain log retention for extensive periods, such as one year. This feature addresses those needs,…
-
SecuReporter - Open API for Custom Integration
The latest update to SecuReporter introduces Open API support, allowing users to integrate SecuReporter data with third-party software solutions. This feature provides greater flexibility in reporting and analysis, enabling customers to build custom reports and dashboards that suit their specific needs. Key Features of the…
-
USG FLEX H Series - Web Console Access
With the latest uOS firmware, a Web Console feature has been introduced, allowing administrators to access the console directly through the web interface. This enhancement provides a more convenient way to manage devices remotely without needing to connect a physical console cable. Key Features of the Web Console Easy…
-
USG FLEX H Series - Configuration Rollback on Firmware Upgrade Failure
The uOS firmware version 1.30 introduces a critical enhancement designed to ensure reliability during firmware upgrades by automatically rolling back to the previous configuration if the new configuration fails to apply. This update prevents situations where a failed upgrade could leave the device in a default or…