Other Topics - Zyxel Community

uOS - APC Enhancements - List Refresh Button
List Refresh Button Enhancements Firmware version 1.37 introduces Refresh buttons across several management pages to allow administrators to check for real-time status changes without refreshing the entire browser page. Supported Management Pages * Managed AP List: Admins can quickly check if an AP has transitioned between…
APC Enhancements - Proxy by Controller Directly
Proxy by Controller Directly (EAP Proxy) Zyxel Networks has introduced the Proxy by Controller Directly feature, also known as EAP Proxy or EAP Passthrough. This feature instructs managed APs to encapsulate EAP messages within RADIUS messages. RADIUS requests consist of two layers: an outer layer (such as PEAP or EAP-TLS)…
uOS - Device HA - Gratuitous ARP Enhancement
Device HA - Gratuitous ARP (GARP) Enhancement Device High Availability (HA) functionality has been enhanced to improve traffic routing during failover events. In a standard Device HA setup, firewalls use a virtual MAC address to ensure consistency between the primary and secondary units. Support for NAT and Virtual IPs In…
uOS - Memory Usage Enhancement
Memory Usage Enhancement Zyxel has refined how memory usage alerts are triggered in firmware version 1.37. Previously, the system alert for memory usage exceeding 90% for 10 minutes was difficult to trigger because it included Fastpath reserved memory in the total calculation. System Memory vs. Fastpath Fastpath memory…
uOS - Diagnostics Configuration File Inclusion
Diagnostics Include Config Option A new diagnostic feature has been added to provide better troubleshooting capabilities while maintaining user privacy. Previously, Zyxel firewalls did not include configuration files in diagnostic reports to prevent sensitive data from being sent unknowingly. New Inclusion Option In…
uOS - Anti-Malware SHA256 Malware Signature Support
Anti-Malware - SHA256 Support To align with modern security standards, Zyxel Networks has added SHA256 hash support for malware signatures in version 1.37. SHA256 is now the primary hash function used by most security vendors, replacing the older MD5 standard. Processing Efficiency The firewall's behavior changes depending…
uOS - External Block List Comment Support Enhancement
External Block List Enhancement Firmware version 1.37 introduces a critical improvement for importing external block lists. Previously, users encountered parsing errors when attempting to import lists containing comment symbols, such as the number sign (#) or the semicolon (;). The firewall would fail to recognize these as…
uOS - DoS Prevention - Protocol Anomaly Detection
DoS Prevention - Protocol Anomaly Detection Zyxel Networks has introduced Protocol Anomaly detection as a security enhancement in firmware version 1.37. While previous versions focused on traffic anomalies, this new feature identifies traffic that violates protocol specifications or relevant standards. It serves as an…
uOS - Remote Access VPN with OIDC
Remote Access VPN with OIDC The H Series supports OpenID Connect for remote access VPNs, specifically for SSL VPN deployments. Compatibility Scope * Supported: SSL VPN using the OpenVPN Connect application. * Unsupported: IKEv2/IPsec and the Zyxel SecuExtender client are not supported as they lack a built-in browser to…
uOS - Captive Portal with OIDC
Captive Portal with OIDC OIDC can now be used as a sign-in method for Captive Portal, enabling users to authenticate with Microsoft Entra or Google. Walled Garden Templates Since OIDC requires external cloud connectivity, administrators must enable the Walled Garden. Zyxel provides OIDC Provider templates that…
uOS - AAA OpenID Connect
AAA OpenID Connect (OIDC) OpenID Connect (OIDC) is a modern identity layer built on top of the OAuth 2.0 protocol. While OAuth 2.0 is primarily concerned with authorization (granting permission), OIDC introduces standardized authentication, allowing the firewall to verify the specific identity of a user through user…
uOS - mDNS Proxy
mDNS Proxy UOS version 1.37 introduces mDNS Proxy, allowing service discovery across different subnets. How it Works Multicast DNS (mDNS) packets are normally confined to a single subnet. The mDNS Proxy intercepts these packets and generates copies to flood across all interfaces on the proxy list. This enables devices like…
uOS - GUI Enhancement
GUI Enhancement Zyxel has introduced several User Interface (UI) and monitoring enhancements for the H Series (uOS) firewalls with firmware version 1.37. Packet Flow Explorer * User Identity: Tooltips now display detailed user information (username, IP, login status) for traffic hitting specific policy routes. * Group…
How do I enable SecuReporter on the USG Flex H?
Question : How do I enable SecuReporter on the USG Flex H? Answer : Please navigate to the GUI path : Log & Report >SecuReporter > General Settings > to enable this option. Please also enable the Security and Network categories log and the device will report the SecuReporter to collect those corresponding logs. Once…
How do I forcibly log out a user on the USG Flex H via the GUI?
Question : How do I forcibly log out a user on the USG Flex H via the GUI? Answer : Please navigate to Network Status > Login Users > Login Users, select the user, and then click "Force Log Out".
Captive Portal authentication with Google
This article describes how to configure Captive Portal authentication on the USG FLEX H series using Google (OIDC). It covers application registration in Google Workspace/Cloud and the required firewall settings to enable OIDC-based authentication, allowing users to sign in with their existing Google accounts instead of…
Captive Portal authentication with Microsoft Entra ID
This article describes how to configure Captive Portal authentication on the USG FLEX H series using Microsoft Entra ID (OIDC). It covers application registration in Microsoft Entra ID and the required firewall settings to enable OIDC-based authentication, allowing users to sign in with their existing Microsoft accounts…
Why I see clients without IP in Nebula Client Page?
Question: Why I see clients without IP in Nebula Client Page? Answer: The clients are learned from the Switch. And the Switch does not support LLDP, so switch does not have the information of the IP address.When the clients are learned from the firewall, it must have traffic. If no traffic, the client won't be displayed.…
Why Is There No Link When Connecting a GS1920 Switch and a FLEX 700H via SFP?
Question: A GS1920 switch and a FLEX 700H fail to establish a connection when using SFP modules. The devices do not recognize the modules, and no link is formed. What are the possible causes, and how can this issue be resolved? Answer: Link failures between the GS1920 switch and the FLEX 700H when using SFP modules are…
What happens when using Cross-Org-Site-Clone to move devices in Nebula?
Question: What happens when using Cross-Org-Site-Clone to move devices in Nebula? Answer: If you use the MSP Cross-Org-Site-Clone feature with device movement for a Nebula-configured firewall (e.g., ATP200), the system clones all linked devices and their settings to the new organization. This means you won’t need to…

Welcome!

It looks like you're new here. Sign in or register to get started.