-
Why is the "Schedule Reboot" option greyed out or unavailable in my settings?
Question: Why is the "Schedule Reboot" option greyed out or unavailable in my settings? Answer: The Schedule Reboot and Auto Firmware Upgrade features are mutually exclusive. If you have Auto Update enabled under Firmware Management, the schedule reboot option will be locked. You must disable the automatic firmware updates…
-
What happens if the passive device fails to reboot during a scheduled reboot window?
Question: What happens if the passive device fails to reboot during a scheduled reboot window? Answer: If the passive device fails to complete its reboot successfully, the active device will abort the entire process to prevent a network outage. It will reject the scheduled reboot and generate the following system log…
-
Where do I go in the web interface to configure a scheduled reboot?
Question: Where do I go in the web interface to configure a scheduled reboot? Answer: You can configure this setting by navigating to MAINTENANCE > Shutdown/Reboot in the device GUI. From there, check the Schedule Reboot option and specify your preferred frequency (Daily, Weekly, or Monthly) and time.
-
How does the schedule reboot process work when firewalls are configured in Device HA mode?
Question: How does the scheduled reboot process work when firewalls are configured in Device HA mode? Answer: To prevent network downtime, the scheduled reboot is executed sequentially rather than simultaneously: The active device initiates the process by sending a reboot request to the passive device. The passive device…
-
Why is the service status of my HA devices not updating after assigning a license?
Question: Why is the service status of my HA devices not updating after assigning a license? Answer: Make sure the correct serial number associated with your licensed device is configured in the Device HA Pro settings. Navigate to Device HA Pro page in your device's web interface. Enter the correct serial number of the…
-
Why can't newly created admin users log in?
Question: The default admin account works fine on the firewall, but newly created admin accounts were unable to log in and returned "incorrect credentials" errors. Attempting password resets and recreating users didn’t solve the issue. Answer: The problem occurred because the authentication method for non-default admin…
-
Why did WLAN stop working after upgrading to firmware version 5.41 on USG FLEX 100W and ATP100W?
Question: After upgrading to firmware version 5.41, WLAN clients in the guest network were unable to obtain an IP address, even after resetting the configuration and reconfiguring the SSIDs. Answer: The issue was identified as a bug in firmware 5.41. The bug will be fixed in the next official release 5.42. Before 5.42 is…
-
What's the Wi-Fi authentication mode support on USG FLEX 100AX?
Question: What's the Wi-Fi authentication mode support on USG FLEX 100AX? Answer: USG100AX Wi-Fi chip only supports WPA3 HnP (Hash-to-Password) and does not support H2E (Hash-to-Element).
-
Why Can't Custom Admin Users Log In to USG FLEX?
Question: When a new admin user is created on the USG FLEX, logging into the Web GUI with this account fails, showing a "login denied" message. Answer: The issue arises because the "default" profile for the WWW authentication method is configured to use only "ad" (Active Directory). Therefore, admin accounts not found in…
-
VPN series port group issue
Some of user might encounter this issue for VPN series since it reached its end-of-life status. If you change the port group setting and vice versa - for example, move P6 from Ge6 to Ge3, and move P6 back to Ge6 - the firewall could allow the traffic on a new zone (or even none) with no firewall rule to allow the traffic.…
-
How to troubleshoot high CPU usage on ATP/USG FLEX?
If you notice occasional high CPU usage on the ATP/USG FLEX, which is causing slow web page loading or management interface access delays, you can follow these steps to collect important diagnostic information: Steps to analyze high CPU usage: Log in to the device console during high CPU usage. Run the following commands…
-
Why event log keep printing "port 5060 is blocked"?
If you are trying to setup VoIP but the event log keeps printing "port 5060 is blocked", this is because of the SIP ALG function enabled, but the traffic of the VoIP is incorrect. SIP ALG supports the scenario that the SIP phone is under the firewall and the phone server is on WAN/Internet. If your scenario is the SIP…
-
Is it possible to send commands to the USG FLEX via ssh?
Yes, it is possible. Put commands in a text file. Then run plink with the CLI file. CLI file example: configure terminal hostname ABC address-object AAA 1.1.1.1 write exit exit plink -ssh -no-antispoof admin@192 .168.1.1 -pw mypassword < cli.txt CLI reference guide:…
-
Why some of Let's Encrypt CRL URL being categorized as malware?
This discussion has been moved.
-
Why can't I use the SSH Forwarding feature after updating to firmware version 5.40?
Question: After updating the firewall to firmware version 5.40, SSH Forwarding no longer works. Is it possible to re-enable it? Answer: SSH Forwarding was disabled starting from ZLD 5.40 due to a vulnerability fix. In these firmware versions, AllowTcpForwarding is set to "no" by default for security reasons. Unfortunately,…
-
ZLD 5.40 Update: Faster Station Monitoring for Better Wireless Health
To provide a more responsive and efficient wireless experience, Zyxel has improved the APC Wireless Health feature in the latest firmware release, ZLD 5.40. What’s New? The primary enhancement focuses on the monitoring interval used by the system to evaluate connected wireless stations (clients): Previous Interval: 3…
-
ZLD 5.40 Update: WiFi 7 AP Operation Mode Changes in APC
As part of Zyxel’s continuous updates to support next-generation wireless technology, ZLD firmware version 5.40 introduces important changes to the Access Point Controller (APC) interface - specifically relating to the operation modes for WiFi 7 (802.11be) Access Points. What's Changed? Removal of Mesh Mode Settings for…
-
ZLD 5.40 Update: Important Notice on Mesh Support for WiFi 7 Access Points
Zyxel Networks has updated its firmware to improve user guidance and transparency regarding mesh networking capabilities, particularly in the context of the newly introduced WiFi 7 Access Points (APs). Current Mesh Support Overview Zyxel firewalls traditionally use ZyMesh to enable mesh networking among managed APs through…
-
ZLD 5.40 Enhances APC with Support for New WiFi 7 Access Points
With the arrival of WiFi 7, Zyxel Networks continues to evolve its centralized management solutions. The latest firmware update, ZLD 5.40, brings Access Point Controller (APC) support for Zyxel’s newest generation of WiFi 7-capable access points. What's New in v5.40? Starting with firmware version 5.40, APC can now…
-
ZLD 5.40 Update: Removal of DHE for Improved Security and Performance
Zyxel Networks continues to strengthen security and streamline performance with the latest firmware release, ZLD 5.40. One of the changes in this version is the removal of Diffie-Hellman Ephemeral (DHE) as a default key exchange method in several key services. Why Remove DHE? 1. Inefficiency DHE, while historically used…