Other Topics - Zyxel Community

USG FLEX H Series: RADIUS Attribute Refinement
In the latest firmware enhancement, USG FLEX H Series Firewalls now offer refined RADIUS attribute support, improving compatibility and flexibility for authentication workflows - particularly when using web authentication (captive portal) with RADIUS servers. This refinement ensures more standardized and vendor - specific…
Policy-Based VPN with Policy Routes – Advanced Control for Multi-Subnet Environments
USG FLEX H Series Firewall continues to offer flexible VPN deployment options with support for Policy-Based VPN using Policy Routing. While route-based VPNs are commonly used in modern deployments, policy-based VPNs still hold value for scenarios involving specific subnet-to-subnet communication and USG FLEX/ATP firewall…
VPN Failover and Fallback – Enhanced Redundancy for Site-to-Site Tunnels
USG FLEX H Series Firewall now supports VPN Failover and Fallback - a powerful enhancement that ensures high availability in site-to-site VPN deployments. This feature enables firewalls to automatically switch to a backup VPN tunnel when the primary connection fails and revert back once the primary is restored. In this…
SSL VPN – Controlling TLS Versions for Secure VPN Connections
With increasing concerns around outdated encryption standards, Zyxel now gives administrators more control over VPN security by allowing them to enforce a minimum TLS version for SSL VPN connections. This enhancement helps protect networks from weak encryption protocols that may expose data to compromise. In this article,…
Remote Access VPN – Provision Template Enhancement
To streamline VPN deployment and improve cross-platform support, Zyxel has enhanced the Provision Template system in its latest firmware. This article outlines what has changed and how the new Nebula-integrated template system ensures faster updates and more reliable client connectivity. 1. What Is a Provision Template? A…
Remote Access VPN Support NCAS
USG FLEX H Series Firewall has expanded its cloud-managed capabilities by integrating Nebula Cloud Authentication Service (NCAS) into its Remote Access VPN solutions. This enhancement enables administrators to manage VPN user credentials directly from Nebula Control Center (NCC) without relying on local databases or…
Nebula Assigned Domain Name
To streamline secure remote access, USG FLEX H Series Firewall now supports Nebula-assigned domain names. This feature provides each Nebula-managed firewall with a unique, auto-generated FQDN, making it easier to set up and manage Remote Access VPN connections. In this article, we’ll explore what the Nebula-assigned domain…
Remote Access VPN – Cloud Integration
USG FLEX H Series Firewall continues to unify network management and VPN deployment with the integration of Remote Access VPN configuration into the Nebula Cloud platform. With this update, administrators can now manage secure remote connectivity directly from Nebula, eliminating the need for local access to firewall…
Captive Portal – External Portal
USG FLEX H Series Firewall has introduced support for External Captive Portals in its latest firmware updates, giving administrators the freedom to design and host their own custom login pages. This feature is especially valuable for businesses, hotels, schools, and public venues seeking a branded, flexible authentication…
Captive Portal – Click to Continue Method
USG FLEX H Series Firewall has added a new authentication option to its Captive Portal: the Click to Continue (CTC) method. This alternative to traditional username-password login simplifies the onboarding process, especially for guest networks or public Wi-Fi environments. 1. What is Click to Continue? Traditionally,…
Captive Portal – Auth Policy List and New Matching Criteria
As part of our continuous effort to improve user experience and network security, Zyxel Networks has introduced a USG FLEX H Series of enhancements to the Captive Portal feature. In this article, we’ll walk you through the key updates, including the newly designed Auth Policy List UI and the addition of matching criteria…
Captive Portal – Advanced Settings
In the latest firmware update for USG FLEX H Series, Captive Portal receives significant enhancements to its Advanced Settings. This article will walk you through the new advanced features, including improved redirect behavior, landing page options, HTTPS handling, and idle timeout configurations. 1. Customizable Landing…
VPN Parameter Expansion: Increased Limits for High-End Zyxel Firewalls
To meet the growing demands of large-scale network environments, Zyxel has expanded several key VPN-related parameters in its latest firmware release. This enhancement provides more flexibility for enterprise deployments, particularly for customers using high-end models like the USG FLEX 500H and USG FLEX 700H. What’s New…
USG FLEX H Series Firewall: IGMP Proxy Support
Multicast traffic, especially for IPTV or live video streaming, requires efficient handling across networks. To support this, USG FLEX H Series firewalls now include IGMP Proxy functionality - allowing multicast traffic to flow seamlessly between your internal clients and external multicast servers. What Is IGMP Proxy?…
Enhanced DoS Prevention for Port Scanning
USG FLEX H Series Firewall has enhanced the DoS (Denial of Service) Prevention feature in its latest firmware, specifically improving the way the firewall handles port scanning attacks. These adjustments help reduce CPU load. What Is DoS Port Scanning Protection? Port scanning is a technique often used by attackers to…
Custom Source IP for Connectivity Checks
In our latest firmware update, USG FLEX H Series Firewalls has an important enhancement for connectivity and route monitoring - the ability to set a custom source IP address for connectivity checks. The Challenge Some ISPs assign: Private IP addresses for PPPoE interface negotiation Public IP addresses for actual traffic…
USG FLEX H Series Firewall: Bandwidth Management for TikTok Traffic
USG FLE X H Series latest firmware introduces a powerful enhancement to Bandwidth Management (BWM): direct control over TikTok traffic. This is especially useful for schools, businesses, and home users who want to optimize or limit TikTok usage on their networks. What’s New? A new application signature for TikTok is added…
New Security Enhancement: Anti-Malware Scanning for HTTP File Uploads
USG FLEX H Series latest firmware update brings an important upgrade to its Anti-Malware engine: real-time scanning of HTTP uploads, including HTTP POST requests. This enhancement ensures malware is intercepted not just during downloads, but also during file uploads services. What’s Implemented? Traditionally, Zyxel…
Device HA Config Apply Behavior
In the latest firmware update, Zyxel has introduced a enhancement to Device HA (High Availability) to address a situation when importing configurations with Device HA enabled to another device. Background Previously, when restoring a backup configuration from a customer site or another device that had Device HA enabled,…
Device HA: Enhanced Debug Logging Support
With the latest firmware, Device HA on Zyxel firewalls receives a significant enhancement around debug log collection - making troubleshooting HA pairs far more effective and easier to manage. What’s New 1. Persistent Debug Logs When you enable debug logging for DeviceHA, the firewall now writes logs to its flash storage,…
Why I see clients without IP in Nebula Client Page?
Question: Why I see clients without IP in Nebula Client Page? Answer: The clients are learned from the Switch. And the Switch does not support LLDP, so switch does not have the information of the IP address.When the clients are learned from the firewall, it must have traffic. If no traffic, the client won't be displayed.…
Why Is There No Link When Connecting a GS1920 Switch and a FLEX 700H via SFP?
Question: A GS1920 switch and a FLEX 700H fail to establish a connection when using SFP modules. The devices do not recognize the modules, and no link is formed. What are the possible causes, and how can this issue be resolved? Answer: Link failures between the GS1920 switch and the FLEX 700H when using SFP modules are…
What happens when using Cross-Org-Site-Clone to move devices in Nebula?
Question: What happens when using Cross-Org-Site-Clone to move devices in Nebula? Answer: If you use the MSP Cross-Org-Site-Clone feature with device movement for a Nebula-configured firewall (e.g., ATP200), the system clones all linked devices and their settings to the new organization. This means you won’t need to…
How can I restrict IP address logins to my organization from Nebula server?
Question: How can I restrict IP address logins to my organization from the Nebula server? Answer: You can go to Organization-wide > Organization-wide Manage > Organization Settings, then enable the Login IP Range feature. After that, add the allowed public IP addresses in the provided field.
What will happen if I move the USG FLEX H to other organization?
The USG FLEX H will reset to default and reboot. You will need to select the onboarding method if you want to start by device's web GUI/upload the previous configuration file. Additionally, the WAN interface setting can be kept by selecting "Keep device interface setting when moving the other org"
How to check if the USG FLEX H is registered on Nebula?
Question: How to check if the USG FLEX H is registered on Nebula? Answer: You can verify the registration status are "official" using the command from SSH or console. usgflex500h> show service-inspect If the status is not official, use the command to switch the registration status back to official. usgflex500h> cmd…
How to Enable Layer 2 isolation on USG FLEX H?
Question: How to Enable Layer 2 isolation on USG FLEX H? Answer: To enable Layer 2 isolation on the USG FLEX H series, follow these steps: Go to Wireless > WLAN Settings > SSID Settings. Edit the SSID where isolation is needed. Under Advanced Settings, enable Layer 2 Isolation. This will help restrict communication between…
How to Enable Automatic Logout for Admins?
Question: How to Enable Automatic Logout for Admins? Answer: You can configure an automatic logout time for admin and user accounts to enhance security: Login to the USG FLEX web GUI. Go to User & Authentication > User/Group > Setting. Modify the Reauthentication Time for the desired user type. This will ensure accounts…
Why is my device not connected to SecuReporter?
Question: Why is my device not connected to SecuReporter even if the feature is enabled on Nebula? Answer: If you see the message "Device Disconnected" on SecuReporter for your USG FLEX H, it might indicate that the SecuReporter service on the device is disabled. For the device logs to be sent to SecuReporter, the service…
AP Controller Enhancement (2)- Access Control & Client Management Enhancement
1. What are the updates to MAC Filtering and Client Policy? The client-policy options have been expanded and renamed: Previous Policy New Name Behavior Normal No Policy Default – client allowed Block Block Client denied —(new) Allow Client explicitly permitted MAC Filtering Modes: Mode Description Disabled (Default) All…
AP Controller Enhancement (1) – Smart Mesh, Radio Management, SSID settings Enhancement
Overview In this firmware release, Zyxel firewalls acting as AP Controllers (APC) introduce a series of major enhancements, extending management capabilities for Wi-Fi 6 and Wi-Fi 7 access points. These updates improve Smart Mesh control, radio configuration, SSID flexibility, and client access control, ensuring unified…
uOS -Default Trunk Algorithm
Overview In the latest firmware release, Zyxel firewalls introduce an important change to the default WAN trunk configuration. The default trunk algorithm has been updated to Least Load First, replacing the previous default of Weighted Round Robin. This change improves load distribution efficiency and ensures consistent…
uOS - WAN Trunk Link Sticking
Overview The WAN Trunk Link Sticking feature is designed to maintain session consistency by ensuring that traffic from the same source IP to the same destination continues to use the same WAN interface. This function enhances connection stability for applications or services that are sensitive to IP address changes — such…
uOS Section – GUI and Feature Enhancements Overview
Overview This section introduces a collection of graphical user interface (GUI) and functionality enhancements made to the Zyxel USG FLEX H Series Firewalls in the latest firmware release. The improvements aim to simplify configuration, improve clarity, and prevent common misconfigurations across trunk interfaces, routing,…
What is the maximum number of VLAN interface supported on each operation mode of USG FLEX H?
Question: What is the maximum number of VLAN interface supported on each operation mode of USG FLEX H? Answer: Nebula mode On-premises mode USG FLEX 50H 8 8 USG FLEX 50HP 8 8 USG FLEX 100H 16 16 USG FLEX 100HP 16 16 USG FLEX 200H 32 32 USG FLEX 200HP 32 32 USG FLEX 500H 64 64 USG FLEX 700H 128 128
Why can't I initiate 'Request to Download' from the SecuReporter to download the History Data?
Question : Why can't I initiate 'Request to Download' from the SecuReporter to download the History Data? Answer : The reason the user cannot initiate 'Request to Download' from the SecuReporter to download the History Data is that only the organization owner has permission to do so. As shown below, only the org owner,…
How to troubleshoot high CPU usage on USG FLEX H?
Question: How to troubleshoot high CPU usage on USG FLEX H? Answer: If the CPU usage rises again, use the following debug commands, one at a time. Share the output with support for further assistance. show clock date show clock time show cpu ps | no-pager show cpu status | no-pager show mem ps | no-pager show mem status…
Why is USG FLEX H Series Traffic Usage Not Displayed in SecuReporter?
Question: The "Traffic Usage" ranking section in SecuReporter is not displaying any data for the USG FLEX H Series devices. Even though traffic logs are properly generated and visible under SecuReporter > Search Log > Traffic Log, the dashboard shows no data. Why is USG FLEX H series traffic usage not displayed in…
How to set an automatic logout timing on USG FLEX H?
Question: How can I configure automatic logout for users? Answer: You can configure an automatic logout time via the web GUI. Log in to the web interface of the USG FLEX H. Navigate to User & Authentication > User/Group > Setting. Adjust the "Reauthentication Time" for each user type account as needed. This will enforce a…
Why is admin logged in on 127.0.0.1?
Question: Why does the admin appear logged in at "127.0.0.1"? Answer: The "127.0.0.1" login address originates from the Nebula Live Tool when a remote configuration connection is established. Verify if the remote configurator has been used to establish a remote session to your device.

Welcome!

It looks like you're new here. Sign in or register to get started.