-
What happens when using Cross-Org-Site-Clone to move devices in Nebula?
Question: What happens when using Cross-Org-Site-Clone to move devices in Nebula? Answer: If you use the MSP Cross-Org-Site-Clone feature with device movement for a Nebula-configured firewall (e.g., ATP200), the system clones all linked devices and their settings to the new organization. This means you won’t need to…
-
How can I restrict IP address logins to my organization from Nebula server?
Question: How can I restrict IP address logins to my organization from the Nebula server? Answer: You can go to Organization-wide > Organization-wide Manage > Organization Settings, then enable the Login IP Range feature. After that, add the allowed public IP addresses in the provided field.
-
What will happen if I move the USG FLEX H to other organization?
The USG FLEX H will reset to default and reboot. You will need to select the onboarding method if you want to start by device's web GUI/upload the previous configuration file. Additionally, the WAN interface setting can be kept by selecting "Keep device interface setting when moving the other org"
-
How to check if the USG FLEX H is registered on Nebula?
Question: How to check if the USG FLEX H is registered on Nebula? Answer: You can verify the registration status are "official" using the command from SSH or console. usgflex500h> show service-inspect If the status is not official, use the command to switch the registration status back to official. usgflex500h> cmd…
-
How to Enable Layer 2 isolation on USG FLEX H?
Question: How to Enable Layer 2 isolation on USG FLEX H? Answer: To enable Layer 2 isolation on the USG FLEX H series, follow these steps: Go to Wireless > WLAN Settings > SSID Settings. Edit the SSID where isolation is needed. Under Advanced Settings, enable Layer 2 Isolation. This will help restrict communication between…
-
How to Enable Automatic Logout for Admins?
Question: How to Enable Automatic Logout for Admins? Answer: You can configure an automatic logout time for admin and user accounts to enhance security: Login to the USG FLEX web GUI. Go to User & Authentication > User/Group > Setting. Modify the Reauthentication Time for the desired user type. This will ensure accounts…
-
Why is my device not connected to SecuReporter?
Question: Why is my device not connected to SecuReporter even if the feature is enabled on Nebula? Answer: If you see the message "Device Disconnected" on SecuReporter for your USG FLEX H, it might indicate that the SecuReporter service on the device is disabled. For the device logs to be sent to SecuReporter, the service…
-
AP Controller Enhancement (2)- Access Control & Client Management Enhancement
1. What are the updates to MAC Filtering and Client Policy? The client-policy options have been expanded and renamed: Previous Policy New Name Behavior Normal No Policy Default – client allowed Block Block Client denied —(new) Allow Client explicitly permitted MAC Filtering Modes: Mode Description Disabled (Default) All…
-
USG FLEX H Series: RADIUS Attribute Refinement
In the latest firmware enhancement, USG FLEX H Series Firewalls now offer refined RADIUS attribute support, improving compatibility and flexibility for authentication workflows - particularly when using web authentication (captive portal) with RADIUS servers. This refinement ensures more standardized and vendor - specific…
-
Policy-Based VPN with Policy Routes – Advanced Control for Multi-Subnet Environments
USG FLEX H Series Firewall continues to offer flexible VPN deployment options with support for Policy-Based VPN using Policy Routing. While route-based VPNs are commonly used in modern deployments, policy-based VPNs still hold value for scenarios involving specific subnet-to-subnet communication and USG FLEX/ATP firewall…
-
VPN Failover and Fallback – Enhanced Redundancy for Site-to-Site Tunnels
USG FLEX H Series Firewall now supports VPN Failover and Fallback - a powerful enhancement that ensures high availability in site-to-site VPN deployments. This feature enables firewalls to automatically switch to a backup VPN tunnel when the primary connection fails and revert back once the primary is restored. In this…
-
AP Controller Enhancement (1) – Smart Mesh, Radio Management, SSID settings Enhancement
Overview In this firmware release, Zyxel firewalls acting as AP Controllers (APC) introduce a series of major enhancements, extending management capabilities for Wi-Fi 6 and Wi-Fi 7 access points. These updates improve Smart Mesh control, radio configuration, SSID flexibility, and client access control, ensuring unified…
-
SSL VPN – Controlling TLS Versions for Secure VPN Connections
With increasing concerns around outdated encryption standards, Zyxel now gives administrators more control over VPN security by allowing them to enforce a minimum TLS version for SSL VPN connections. This enhancement helps protect networks from weak encryption protocols that may expose data to compromise. In this article,…
-
Remote Access VPN – Provision Template Enhancement
To streamline VPN deployment and improve cross-platform support, Zyxel has enhanced the Provision Template system in its latest firmware. This article outlines what has changed and how the new Nebula-integrated template system ensures faster updates and more reliable client connectivity. 1. What Is a Provision Template? A…
-
Remote Access VPN Support NCAS
USG FLEX H Series Firewall has expanded its cloud-managed capabilities by integrating Nebula Cloud Authentication Service (NCAS) into its Remote Access VPN solutions. This enhancement enables administrators to manage VPN user credentials directly from Nebula Control Center (NCC) without relying on local databases or…
-
Nebula Assigned Domain Name
To streamline secure remote access, USG FLEX H Series Firewall now supports Nebula-assigned domain names. This feature provides each Nebula-managed firewall with a unique, auto-generated FQDN, making it easier to set up and manage Remote Access VPN connections. In this article, we’ll explore what the Nebula-assigned domain…
-
Remote Access VPN – Cloud Integration
USG FLEX H Series Firewall continues to unify network management and VPN deployment with the integration of Remote Access VPN configuration into the Nebula Cloud platform. With this update, administrators can now manage secure remote connectivity directly from Nebula, eliminating the need for local access to firewall…
-
Captive Portal – External Portal
USG FLEX H Series Firewall has introduced support for External Captive Portals in its latest firmware updates, giving administrators the freedom to design and host their own custom login pages. This feature is especially valuable for businesses, hotels, schools, and public venues seeking a branded, flexible authentication…
-
Captive Portal – Click to Continue Method
USG FLEX H Series Firewall has added a new authentication option to its Captive Portal: the Click to Continue (CTC) method. This alternative to traditional username-password login simplifies the onboarding process, especially for guest networks or public Wi-Fi environments. 1. What is Click to Continue? Traditionally,…
-
Captive Portal – Auth Policy List and New Matching Criteria
As part of our continuous effort to improve user experience and network security, Zyxel Networks has introduced a USG FLEX H Series of enhancements to the Captive Portal feature. In this article, we’ll walk you through the key updates, including the newly designed Auth Policy List UI and the addition of matching criteria…
