-
How to Flush ARP Table Entries on USG FLEX H?
Question: Is there a way to flush or remove entries from the ARP table on the USG FLEX H via CLI? Answer: usgflex500h> cmd arp-table flush usgflex500h> cmd arp-table clear Note: The command is supported starting from firmware version 1.38.
-
Why is the link between the USG FLEX H and switch missing on Nebula topology?
Question: Why is the link between the USG FLEX H and switch missing on Nebula topology? Answer: If the link between your firewall and switch is missing on the Nebula topology, it could be due to an issue with the configuration or services like LLDP (Link Layer Discovery Protocol) not being enabled. Log in to the…
-
Why can't I log in to the USG FLEX H via Remote Configurator using the site settings credentials?
Question: Why can't I use 'support' credentials to access USG FLEX H via Remote Configurator? Answer: If you are unable to log in to your USG FLEX H using 'support' credentials via the Remote Configurator, it could be due to your current firmware version. The ability to use the 'support' username and site-wide password for…
-
USG FLEX H - License Behavior of the Secondary Device After HA Pairing
What happens to the secondary firewall’s license after HA pairing and how to address it? Once pairing is complete, the secondary device’s license will automatically be transferred to the primary device, and you will receive an email notification. When this happens, the secondary device is left without an active license.…
-
Silent Deployment of TheGreenBow SecuExtender VPN Client with License
Question: How can I perform a silent deployment of TheGreenBow SecuExtender VPN client (.msi) while integrating a license key, especially for automated distribution via tools like Intune or GPO? Answer: * Problem: Customers often seek to automate the deployment of the TheGreenBow SecuExtender VPN client via its .msi…
-
What is the difference between "Security Appliance Traffic Log" and "Traffic Log"?
Question: What is the difference between "Security Appliance Traffic Log" and "Traffic Log"? Answer: The terms "Security Appliance Traffic Log" and "Traffic Log" essentially describe the same functionality but are applied to different products and configurations. In Nebula, under Site-wide > Configure > Site settings >…
-
How to pre-config USG FLEX H on Nebula before it is online
Starting from firmware uOS1.35, Zyxel’s USG FLEX H series supports remote pre-configuration directly from Nebula—even before the device is powered on. To use this feature, make sure your device is running the required firmware: Newly purchased units must complete the initial setup wizard to keep the firmware up to date.…
-
SecuReporter - Device Health Anomaly Detection
What Is Device Health Anomaly Detection? SecuReporter Device Health Anomaly Detection uses AI analysis to monitor and assess the operational health of your firewall. By comparing CPU usage, memory usage, and session usage against a baseline built from the previous week's data, it can detect unusual patterns that may…
-
uOS - Policy Route with Application Criteria
Application-Based Policy Routing Policy routes in uOS have been enhanced to support Application Criteria. Instead of being limited to IP addresses or service objects (ports), administrators can now route traffic based on specific applications identified by the firewall's inspection engine. GUI and NCC Implementation In the…
-
uOS - Custom VPN Provisioning Port
Customizing the VPN Provisioning Port To provide greater flexibility and avoid management conflicts, UOS now supports changing the VPN Configuration Provisioning port. By default, this service uses port 443, which is also the standard port for web management. Configuration Steps Currently, this feature is CLI-only. * CLI…
-
uOS - Policy Based VPN with Policy Routes
Policy Based VPN with Dynamic Peers This update enables Policy Routes to work with Dynamic Peer VPN tunnels. Routing Logic and Limitations When a policy route uses a dynamic VPN tunnel as the next hop, a unique rule applies: the destination address in the policy route is ignored. Instead, the firewall automatically uses…
-
uOS - SSL VPN Certificate Visibility
Monitoring SSL VPN Certificate Expiry A new visibility enhancement in version 1.37 allows administrators to monitor the validity period of SSL VPN certificates directly. Previously, users could not easily see when the certificate packaged in the provisioning file would expire. Management and Verification The expiration…
-
uOS - IPSec VPN AES-GCM Enabled
Implementing AES-GCM for IPSec VPN UOS now supports AES-GCM (Galois/Counter Mode) for IPSec VPNs. This is an AEAD (Authenticated Encryption with Associated Data) mode that provides both encryption and authentication in a single, efficient step. IKEv2 and PRF Requirements AES-GCM is only supported when using IKEv2 because…
-
uOS - VPN Phase 2 Interface Subnet Selection
Simplified VPN Subnet Selection Zyxel has introduced fixed objects for LAN1 and LAN2 subnets in VPN Phase 2 configurations. These objects are permanent references to the GE3 and GE4 interfaces. Configuration Benefits Prior to this update, changing the IP address of a local interface required the administrator to manually…
-
uOS - Captive Portal Enhancements
Advanced Captive Portal Features Firmware version 1.37 introduces several enhancements to the Captive Portal, focusing on third-party integration and expanded user support. 1. External Portal Redirect Parameters When using third-party portals like Purple Wi-Fi, specific attribute names are often required (e.g., using…
-
uOS - BWM 802.1P
Enhancing Traffic Priority with 802.1P The 802.1P standard allows Bandwidth Management (BWM) to attach a priority value (0 to 7) to the VLAN header of traffic. This ensures that high-priority data, such as VoIP or video, receives preferential treatment as it moves through the uplink or ISP network. Configure 802.1P Network…
-
uOS - Interface Rate Limiting
Interface Rate Limiting and Bandwidth Management Zyxel has introduced Interface Rate Limiting to work alongside Bandwidth Management (BWM). While BWM sets limits per IP, it cannot set a threshold for the total bandwidth consumed by all clients on an interface. Interface Rate Limiting provides this total threshold, acting…
-
uOS - Import DHCP Reservations
Importing DHCP Reservations in uOS Zyxel Networks has transitioned from the term "static binding" used in ZLD to DHCP Reservation in the new uOS firmware. This feature is located under Network Status > DHCP Table and allows administrators to reserve specific IP addresses for clients within a subnet. Benefits and File…
-
uOS - Wireless Report
Wireless Email Reports The Email Daily Report feature has been expanded to include a dedicated section for wireless performance. This allows administrators to receive automated summaries of network health directly in their inbox. Key Metrics Included * Station Count Statistics: Reports the total number of stations…
-
uOS - Wireless Status
Wireless Status Monitoring The Wireless Status section provides administrators with an overview of all AP and wireless client activity over time. Data is collected hourly based on the system clock and stored in RAM, which means statistics are cleared upon a system reboot or firmware upgrade. Data Retention by Model The…
