-
How to enable IPv6 settings on firewall (USG FLEX/ATP)
Background IPv6 (Internet Protocol version 6) is the latest version of the Internet Protocol, designed to address the limitations of IPv4, including the exhaustion of available IP addresses. Enabling IPv6 on your Zyxel firewall ensures compatibility with modern networks and allows for improved connectivity and scalability.…
-
How to assign the same VLAN to different ports on USG FLEX 700?
Question: How do I configure the same VLAN (VLAN1) on port 6 and port 12 on USG FLEX 700? The port P6 and P12 are free and we want to assign the same IP address (VLAN). Answer: In Network > Interface > Port > Port Group, move P12 to ge6. In this way, P6 and P12 belong to the same "interface ge6". Go to Network > Interface…
-
How to Re-enable a Disabled LAN Interface on Zyxel firewall using CLI
This FAQ guide explains how to re-enable a LAN interface on a Zyxel firewall that was accidentally disabled through the graphical user interface (GUI). This guide assumes you do not have SSH web access enabled and need to use the Command Line Interface (CLI) through a console connection. # Scenario You have accidentally…
-
How to determine what MTU size from your networking
First of all you may know ICMP header is 28 bytes. Then using ICMP with Don't Fragmented parameter to find your network MTU. Here is example for Macbook command: The icmp request can not be sent while length exceed 1473 byte, the message said "Message too long" Which means the exact MTU size is 1472+28(icmp header) = 1500
-
Why the exclude list of SSL Inspection does not work
Question: I would like to exclude the IP address of website to bypass ssl inspect. (For example: www.test.com resovle to 1.1.1.1) but it doesn't work. Answer: The IP address in exclude list is SAN(Subject Alternative Name) of certficate extension. We recommend use the SNI or Domain CN as exclude list.
-
How to show sys_mgmt log on H series?
"sys_mgmt.log" contains boot time and detailed timestamps as well as service loaded status. You can use the following CLI to see the sys_mgmt.log usgflex200h> cmd debug show sys-mgnt-log [2024-04-23 11:52:10][1][1.20(ABWV.0)] Booting time: 210 seconds (69 services loaded) [2024-04-23 12:01:15][1][1.20(ABWV.0)] Booting…
-
How to check the DHCP server process?
Symptom: Clients cannot obtain IP address from DHCP server, And you have check clients sent DHCP discover but no reply. To Check: 1)Check the process is up by CLI, It will look like this with Interface name after -q paremeter. 2)Disable/Enable DHCP settings again to force process restart And contact zyxel support to find…
-
[FLEX/ATP] Why I cannot use VoWiFi?
Please check: Do you block these service ports in the security policy? UDP 500, UDP 4500, and UDP 16384 - 49327. If yes, please allow these ports and check if VoWiFi is available. Do you enable ALG service? If yes, please disable it and check if VoWiFi is available. Is there any blocking log? If you still have a problem,…
-
[FLEX/ATP] Which service ports should I open for VoWiFi?
Please allow UDP 500, and UDP 4500 for Wi-Fi calling/VoWiFi. If you are using iPhone, please also allow UDP 16384 - 49327 for RTP.
-
How to allow HTTPS Web GUI Access from WAN? (USG/USG FLEX/ATP/VPN)
Introduction: This article provides a step-by-step guide on how to securely access the Management Web GUI of your Zyxel Security Device (USG/USG FLEX/ATP/VPN) over the WAN using HTTPS. Baseline Setup: Before we begin, ensure you can connect to your device's Web GUI using its IP address and admin credentials. Security…
-
What is the DGMT Parameter for dynamic guest account?
Question: What is the DGMT Parameter for dynamic guest account? Answer: The DGMT parameter stands for "Daylight Saving Time Management." When enabled, it adjusts the system time according to daylight saving time changes.
-
ZyWALL USG Series Firmware Upgrade Service Q&A
Started from the ZLD 4.20 firmware version, the firmware upgrade service was introduced to help customers to easily and safely keep the firmware of their Zyxel devices up-to-date. In this document, you will learn about the firmware upgrade service and how you would benefit from it. You will see how Zyxel keeps ZLD 4.20 and…
-
Install Elite pack but cannot view the nebula pro function, what could be the issue?
Nebula Pro Pack function requires each device in your organization to have Pro Pack. If you want to activate Pro pack organization, you can purchase one more license and assign it to that device. If you need the Nebula licenses, you can purchase them from the NCC Portal.
-
What is the difference on Nebula pro pack and Elite pack?
The Elite Pack license unlocks premium security services, including: Content/Web Filtering Premium Ransomware Prevention Nebula Professional Pack By purchasing the Elite Pack, users no longer need to buy the Nebula Pro or Nebula Plus Pack licenses separately. For more details function about Nebula, please refer to the…
-
Where to configure DNS Address Record for USG lite 60AX?
Navigate to Site-Wide > Configure >Security router > Router settings You can add the address record under DNS settings.
-
How to config WAN settings for USG LITE 60AX
Navigate to Site-wide > Configure >Security router > Interface Click the edit icon on the right You can select the WAN type under the Interface properties
-
Why the virtual server rule does not take affect?
Question: I have a USG FLEX with virtual server, but the NAT rule does not take affect even disable all security policy. Answer: 1)Make sure the port are listened on internal server. 2)Please check your WAN interface have correct zone settings, Otherwise, it will not match on the proper NAT rule
-
What OpenSSL version is on firmware 5.38?
Question: What OpenSSL version is on firmware 5.38? Answer: The OpenSSH version on firmware 5.38 is 8.8p1.
-
Troubleshooting SFP Connectivity Issues Between Zyxel XGS1930 Switch and USG FLEX 700 Firewall
This FAQ addresses a specific connectivity issue encountered when connecting a Zyxel XGS1930 switch to a Zyxel USG FLEX 700 firewall using SFP ports. Scenario You are trying to connect a Zyxel XGS1930 switch and a Zyxel USG FLEX 700 firewall using SFP ports and SFP+ modules. While a direct SFP connection between two…
-
Why can't create a excepational cases on the Secureporter For Nebula organization
Question: Why can't create a excepational cases on the Secureporter For Nebula organization? It can't select Nebaul organization Answer: To adjust this for Nebula, please go to the Nebula page to make the changes. This setting is only applicable to on-premise environments.