-
How To Know When Nebula Has Finished Configuring My SCR50AXE?
When you save a change in Nebula Control Center (NCC), it does not take effect on the device instantly. To check the current sync status, go to Site-wide > Devices > Security Router and look at the Configuration status. If it shows "Up to date," the device has successfully received and applied the latest settings. If it…
-
How to check the latest firmware for USG LITE 60AX firewall?
At the time of writing, the latest firmware for the USG LITE 60AX is V2.30(ACIP.1)C0, released in February 2026. Since the USG LITE 60AX is a cloud-managed security router, you can also check for available updates directly in Nebula Control Center (NCC) under Site-wide > Configure > Firmware management. Zyxel typically…
-
How to solve high rate of UDP out-of-order frames on ZLD Firewall?
Symptom When testing UDP throughput using iPerf3 or running WireGuard VPN traffic through a USG FLEX 200 for example, a high rate of out-of-order frames is observed during download, with some out-of-order frames on upload as well. The issue increases significantly as throughput rises, even when CPU load remains well within…
-
Understanding SSL Certificate Errors with DNS Content Filter and HSTS on Zyxel USG FLEX
Question: How can HTTPS error pages be prevented when the Zyxel DNS Content Filter blocks or warns about HSTS-enabled websites? Answer: When a Zyxel USG FLEX 700 with an enabled DNS Content Filter attempts to block or warn about a website that uses HSTS (HTTP Strict Transport Security), users may experience an HTTPS…
-
How to configure port 13/14 to VLAN on USG FLEX 700?
Question: How to configure port 13/14 to VLAN on USG FLEX 700? Answer: P13 and P14 are individual ports, and you cannot group individual ports to together or with other non-individual ports.
-
Why I can't see passive trace-log for Device HA?
Question: Why I can't see passive trace-log for Device HA? Answer: This CLI "show device-ha2 passive trace-log" is for getting passive trace log from active device. If you input it on passive, you won't see the log.
-
Getting error "-17011 PKI certificate type is not supported" when importin PKCS#12 certificate
Question: Why I get an error "-17011 PKI certificate type is not supported" when I import PKCS#12 certificate? Answer: It could be the PKCS12 certificate contains other certificates. Please import the root CA and Intermediate Certificate into the trusted credentials list, then import the pfx file which containing only the…
-
USG110 Firewall Inability to Block Websites Due to TLS 1.3 Kyber Incompatibility
Question: USG110 Firewall is not effectively blocking certain websites (e.g., social media, YouTube, online shopping, pornography) despite correct configuration. What is the cause, and how can this be resolved? Answer: The issue where a Zyxel USG110 firewall is unable to effectively block websites, particularly those…
-
Captive Portal Session Termination on Browser Close
Question: Why does closing the captive portal's "grant access" page or tab terminate internet access, particularly affecting browsers like Microsoft Edge? Answer: This issue arises from a default device setting that interprets the closing of the captive portal's grant access browser tab as a user logout event, leading to…
-
I have a USG 310 and would like to know if I can migrate its settings to a newer device.
Question : I have a USG 310 and would like to know if I can migrate its settings to a newer device. Answer : Yes, you can use the Zyxel Config Converter tool to convert the USG310’s configuration file to be compatible with the ATP500 or USG FLEX 700, and then apply the converted configuration file to the ATP500 or USG FLEX…
-
How to import a list of blocked URLs?
In case, you need to add a large number of blocked URLs, you can accomplish this by using the CLI for bulk importing. Please refer the steps as below: 1) Type or paste the URLs into notepad ++ 2) Enter config mode and paste the list of URLs Note: At line 4, copy the URL list from Notepad++, then right-click in the command…
-
How much remote access is possible on the ATP/USG FLEX?
Question: How much remote access is possible on the ATP/USG FLEX? Answer: You can configure a Security Policy to allow access from WAN to the Firewall via HTTPS/SSH/Telnet. By default, it's only allow AH, ESP, IKE, NATT from WAN to Device. You can add HTTPS/SSH/Telnet to the sevice group named Default_Allow_WAN_to_ZyWall.…
-
Signature can't update
Question: Why my ATP/FLEX can't perform signature update. For example: App patrol, IPS etc.. Answer: 1)Please check the DNS resovled is fine on Firewall. 2)show service-inspect site all, to ensure all point to official site. If the issue is still persist, Please contact Zyxel Support.
-
Why I can't perform cloud upgrade ?
Question: Why I can't perform cloud upgrade ? Answer: Because you used ITS or Weekly firmware, Please kindly contact Zyxel Support for further assistance.
-
How do I check the Nebula connection status using the CLI on the USG Flex H model?
Question: How do I check the Nebula connection status using the CLI on the USG Flex H model? Answer : The user can use the CLI command 'show state nebula callhome-status' to check the Nebula connection status, as shown in the example below where the USG Flex 200HP connects to the Nebula normally. usgflex200hp> show state…
-
How do I check the Nebula connection status using the Network Tool on the USG Flex H model?
Question : How do I check the Nebula connection status using the Network Tool on the USG Flex H model? Answer : The user can navigate the local Web-GUI path Maintenance > Diagnostics > Network Tool > Choose Nebula Status to check it. Click 'Test' to check the Nebula status. Confirm that the Nebula Status is connected.
-
How do I download the configuration file from the Nebula for the USG Flex model?
Question : How do I download the configuration file from the Nebula for the USG Flex model? Answer : The user can navigate to Site-wide > Monitor > Devices > Firewall > Backup & Restore and click the 'Download' icon. Click 'Confirm' to download the configuration file The configuration file will be successfully downloaded.
-
How do I back up the configuration file to the Nebula for the USG Flex model?
Question : How do I back up the configuration file to the Nebula for the USG Flex model? Answer : The user can navigate to Site-wide > Monitor > Devices > Firewall > Backup & Restore and click 'Backup'. Enter the description and click 'Confirm' to back up the configuration file. The configuration file will be successfully…
-
How do I set up the scheduled backup configuration function on the Nebula for the USG Flex model?
Question : How do I set up the scheduled backup configuration function on the Nebula for the USG Flex model? Answer : The user can navigate to Site-wide > Monitor > Devices > Firewall > Backup & Restore and click 'Schedule Backup' to set it up. The user can choose the frequency to 'Monthly,' 'Weekly,' or 'Daily,' then…
-
How to update the firmware on the Nebula for the USG Flex H model?
Question : How to update the firmware on the Nebula for the USG Flex H model? Answer : Once logged into the Nebula Control Center successfully, the user can navigate to Site-wide > Configure > Firmware management > Firewall. Check if the status changes to 'Upgrade available,' then choose 'Upgrade now' and save it to update…