Maintenance - Zyxel Community

How to configure port 13/14 to VLAN on USG FLEX 700?
Question: How to configure port 13/14 to VLAN on USG FLEX 700? Answer: P13 and P14 are individual ports, and you cannot group individual ports to together or with other non-individual ports.
Why I can't see passive trace-log for Device HA?
Question: Why I can't see passive trace-log for Device HA? Answer: This CLI "show device-ha2 passive trace-log" is for getting passive trace log from active device. If you input it on passive, you won't see the log.
Getting error "-17011 PKI certificate type is not supported" when importin PKCS#12 certificate
Question: Why I get an error "-17011 PKI certificate type is not supported" when I import PKCS#12 certificate? Answer: It could be the PKCS12 certificate contains other certificates. Please import the root CA and Intermediate Certificate into the trusted credentials list, then import the pfx file which containing only the…
USG110 Firewall Inability to Block Websites Due to TLS 1.3 Kyber Incompatibility
Question: USG110 Firewall is not effectively blocking certain websites (e.g., social media, YouTube, online shopping, pornography) despite correct configuration. What is the cause, and how can this be resolved? Answer: The issue where a Zyxel USG110 firewall is unable to effectively block websites, particularly those…
Captive Portal Session Termination on Browser Close
Question: Why does closing the captive portal's "grant access" page or tab terminate internet access, particularly affecting browsers like Microsoft Edge? Answer: This issue arises from a default device setting that interprets the closing of the captive portal's grant access browser tab as a user logout event, leading to…
I have a USG 310 and would like to know if I can migrate its settings to a newer device.
Question : I have a USG 310 and would like to know if I can migrate its settings to a newer device. Answer : Yes, you can use the Zyxel Config Converter tool to convert the USG310’s configuration file to be compatible with the ATP500 or USG FLEX 700, and then apply the converted configuration file to the ATP500 or USG FLEX…
How to import a list of blocked URLs?
In case, you need to add a large number of blocked URLs, you can accomplish this by using the CLI for bulk importing. Please refer the steps as below: 1) Type or paste the URLs into notepad ++ 2) Enter config mode and paste the list of URLs Note: At line 4, copy the URL list from Notepad++, then right-click in the command…
How much remote access is possible on the ATP/USG FLEX?
Question: How much remote access is possible on the ATP/USG FLEX? Answer: You can configure a Security Policy to allow access from WAN to the Firewall via HTTPS/SSH/Telnet. By default, it's only allow AH, ESP, IKE, NATT from WAN to Device. You can add HTTPS/SSH/Telnet to the sevice group named Default_Allow_WAN_to_ZyWall.…
Signature can't update
Question: Why my ATP/FLEX can't perform signature update. For example: App patrol, IPS etc.. Answer: 1)Please check the DNS resovled is fine on Firewall. 2)show service-inspect site all, to ensure all point to official site. If the issue is still persist, Please contact Zyxel Support.
Why I can't perform cloud upgrade ?
Question: Why I can't perform cloud upgrade ? Answer: Because you used ITS or Weekly firmware, Please kindly contact Zyxel Support for further assistance.
How do I check the Nebula connection status using the CLI on the USG Flex H model?
Question: How do I check the Nebula connection status using the CLI on the USG Flex H model? Answer : The user can use the CLI command 'show state nebula callhome-status' to check the Nebula connection status, as shown in the example below where the USG Flex 200HP connects to the Nebula normally. usgflex200hp> show state…
How do I check the Nebula connection status using the Network Tool on the USG Flex H model?
Question : How do I check the Nebula connection status using the Network Tool on the USG Flex H model? Answer : The user can navigate the local Web-GUI path Maintenance > Diagnostics > Network Tool > Choose Nebula Status to check it. Click 'Test' to check the Nebula status. Confirm that the Nebula Status is connected.
How do I download the configuration file from the Nebula for the USG Flex model?
Question : How do I download the configuration file from the Nebula for the USG Flex model? Answer : The user can navigate to Site-wide > Monitor > Devices > Firewall > Backup & Restore and click the 'Download' icon. Click 'Confirm' to download the configuration file The configuration file will be successfully downloaded.
How do I back up the configuration file to the Nebula for the USG Flex model?
Question : How do I back up the configuration file to the Nebula for the USG Flex model? Answer : The user can navigate to Site-wide > Monitor > Devices > Firewall > Backup & Restore and click 'Backup'. Enter the description and click 'Confirm' to back up the configuration file. The configuration file will be successfully…
How do I set up the scheduled backup configuration function on the Nebula for the USG Flex model?
Question : How do I set up the scheduled backup configuration function on the Nebula for the USG Flex model? Answer : The user can navigate to Site-wide > Monitor > Devices > Firewall > Backup & Restore and click 'Schedule Backup' to set it up. The user can choose the frequency to 'Monthly,' 'Weekly,' or 'Daily,' then…
How to update the firmware on the Nebula for the USG Flex H model?
Question : How to update the firmware on the Nebula for the USG Flex H model? Answer : Once logged into the Nebula Control Center successfully, the user can navigate to Site-wide > Configure > Firmware management > Firewall. Check if the status changes to 'Upgrade available,' then choose 'Upgrade now' and save it to update…
How do I edit the configuration file to disable two-factor authentication for admin access?
Question : How do I edit the configuration file to disable two-factor authentication for admin access on USG Flex/ATP firewalls? Answer : If you have already enabled 2FA authentication for the admin account and would like to bypass it during the recovery procedure, please disable 2FA authentication by removing…
How do I disable abnormal_tcp_flag_detect using the CLI?
Question: The user may encounter a Monitor log message stating, 'abnormal TCP flag attack detected, DROP' However, this does not impact any services on the user's network. The user can ignore this log message or deactivate this function using the CLI. This article will guide the user on how to deactivate the function via…
How do I configure Zyxel firewall to send logs to a Syslog server?
Question : How do I configure my Zyxel AP to send logs to a Syslog server? Answer : Please navigate to the GUI path Log & Report > Log Settings > Remote Server 1, activate the Syslog feature, set the Syslog server address, and select the Log Categories you want to enable. Test result: For instance, we used Visual Syslog…
How to encrypt your configuration File
Question: How to encrypt your configuration File Answer: We recommend encrypting your configuration file to protect the privacy

Welcome!

It looks like you're new here. Sign in or register to get started.