-
ZLD 5.40 Update: Faster Station Monitoring for Better Wireless Health
To provide a more responsive and efficient wireless experience, Zyxel has improved the APC Wireless Health feature in the latest firmware release, ZLD 5.40. What’s New? The primary enhancement focuses on the monitoring interval used by the system to evaluate connected wireless stations (clients): Previous Interval: 3…
-
ZLD 5.40 Update: WiFi 7 AP Operation Mode Changes in APC
As part of Zyxel’s continuous updates to support next-generation wireless technology, ZLD firmware version 5.40 introduces important changes to the Access Point Controller (APC) interface - specifically relating to the operation modes for WiFi 7 (802.11be) Access Points. What's Changed? Removal of Mesh Mode Settings for…
-
ZLD 5.40 Update: Important Notice on Mesh Support for WiFi 7 Access Points
Zyxel Networks has updated its firmware to improve user guidance and transparency regarding mesh networking capabilities, particularly in the context of the newly introduced WiFi 7 Access Points (APs). Current Mesh Support Overview Zyxel firewalls traditionally use ZyMesh to enable mesh networking among managed APs through…
-
ZLD 5.40 Enhances APC with Support for New WiFi 7 Access Points
With the arrival of WiFi 7, Zyxel Networks continues to evolve its centralized management solutions. The latest firmware update, ZLD 5.40, brings Access Point Controller (APC) support for Zyxel’s newest generation of WiFi 7-capable access points. What's New in v5.40? Starting with firmware version 5.40, APC can now…
-
ZLD 5.40 Update: Removal of DHE for Improved Security and Performance
Zyxel Networks continues to strengthen security and streamline performance with the latest firmware release, ZLD 5.40. One of the changes in this version is the removal of Diffie-Hellman Ephemeral (DHE) as a default key exchange method in several key services. Why Remove DHE? 1. Inefficiency DHE, while historically used…
-
ZLD 5.40 Update: Abnormal TCP/UDP Traffic Detection Logs Now Set to Debug Level
New in ZLD firmware version 5.40, this enhancement improves log management and provides clearer information for diagnosing abnormal traffic behaviors. Overview Firewalls are designed to detect and drop suspicious traffic that may indicate potential threats. One such behavior is TCP or UDP traffic with a source or…
-
ZLD 5.40 Update: Security Best Practices
With the release of version 5.40, Zyxel Networks is excited to introduce a new feature designed to streamline and enhance your firewall configuration experience: Security Best Practices. This enhancement addresses user feedback about multiple pop-up reminders and brings a more efficient, user-friendly solution to ensure…
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
This discussion has been moved.
-
The maximum concurrent SSL VPN connections for each USG FLEX model
The maximum concurrent SSL VPN connections for each USG FLEX model, you can refer to User guide page 1231 > APPENDIX B Product Features: USG FLEX 700_V5.38_Ed2.pdf
-
Why can't I see the device name on SecuReporter?
The device name displayed in SecuReporter corresponds to the device name registered in your MyZyxel account. Please check your device name in MyZyxel and enter the exact same name if you want it to appear in SecuReporter.
-
Why can't I convert the configuration from USG FLEX 100 to USG FLEX 500?
Due to the USG FLEX 100 and USG FLEX 500 belonging to different firewall tier levels and having different numbers of ports, it is not possible to directly convert or import configurations from the USG FLEX 100 to the USG FLEX 500. FYI: The Zyxel Firewall Configuration Converter helps convert configurations from: Legacy…
-
Can I transfer configuration from USG FLEX series to USG FLEX H series?
You can convert your USG FLEX configuration to a USG FLEX H model configuration using the tool at convert.cloud.zyxel.com Please note that conversion is only possible between models of the same level (for example, from USG FLEX 200 to USG FLEX 200H or 200HP).
-
What does Zyxel Firewall Configuration Converter help?
The Zyxel Firewall Configuration Converter helps convert configurations from: Legacy appliances (USG/ZyWALL) to newer ZLD firmware devices VPN/ATP/USG FLEX to the latest uOS firmware (USG FLEX H series)
-
Why am I unable to see the traffic statistics in the SecuReporter report?
Question : Why am I unable to see the traffic statistics in the SecuReporter report, as shown below? Answer : The possible reason why the user cannot see the traffic statistics in the SecuReporter report might be a misconfiguration in the firewall settings. Please navigate to Configuration > Mgmt. & Analytics >…
-
Why Can't Block YouTube by Windows Astra Agent?
Question: Why Can't Block YouTube by Windows Astra Agent? Answer: This is because the website used HTTP/3 (You can see what the HTTP version used by extension) Zyxel plans to address this limitation in future updates.
-
Why am I unable to execute the cloud firmware version check on the firewall?
Question : The user may encounter a situation where they cannot execute the cloud firmware version check on the firewall. In this case, the latest version will display as 'None,' as shown below: What could be the possible reason for this issue, and how can it be resolved? Answer: The possible reason why the user cannot…
-
How to enable IPv6 settings on firewall (USG FLEX/ATP)
Background IPv6 (Internet Protocol version 6) is the latest version of the Internet Protocol, designed to address the limitations of IPv4, including the exhaustion of available IP addresses. Enabling IPv6 on your Zyxel firewall ensures compatibility with modern networks and allows for improved connectivity and scalability.…
-
How to assign the same VLAN to different ports on USG FLEX 700?
Question: How do I configure the same VLAN (VLAN1) on port 6 and port 12 on USG FLEX 700? The port P6 and P12 are free and we want to assign the same IP address (VLAN). Answer: In Network > Interface > Port > Port Group, move P12 to ge6. In this way, P6 and P12 belong to the same "interface ge6". Go to Network > Interface…
-
How to Re-enable a Disabled LAN Interface on Zyxel firewall using CLI
This FAQ guide explains how to re-enable a LAN interface on a Zyxel firewall that was accidentally disabled through the graphical user interface (GUI). This guide assumes you do not have SSH web access enabled and need to use the Command Line Interface (CLI) through a console connection. # Scenario You have accidentally…
-
How to determine what MTU size from your networking
First of all you may know ICMP header is 28 bytes. Then using ICMP with Don't Fragmented parameter to find your network MTU. Here is example for Macbook command: The icmp request can not be sent while length exceed 1473 byte, the message said "Message too long" Which means the exact MTU size is 1472+28(icmp header) = 1500
-
Why the exclude list of SSL Inspection does not work
Question: I would like to exclude the IP address of website to bypass ssl inspect. (For example: www.test.com resovle to 1.1.1.1) but it doesn't work. Answer: The IP address in exclude list is SAN(Subject Alternative Name) of certficate extension. We recommend use the SNI or Domain CN as exclude list.
-
How to show sys_mgmt log on H series?
"sys_mgmt.log" contains boot time and detailed timestamps as well as service loaded status. You can use the following CLI to see the sys_mgmt.log usgflex200h> cmd debug show sys-mgnt-log [2024-04-23 11:52:10][1][1.20(ABWV.0)] Booting time: 210 seconds (69 services loaded) [2024-04-23 12:01:15][1][1.20(ABWV.0)] Booting…
-
How to check the DHCP server process?
Symptom: Clients cannot obtain IP address from DHCP server, And you have check clients sent DHCP discover but no reply. To Check: 1)Check the process is up by CLI, It will look like this with Interface name after -q paremeter. 2)Disable/Enable DHCP settings again to force process restart And contact zyxel support to find…
-
[FLEX/ATP] Why I cannot use VoWiFi?
Please check: Do you block these service ports in the security policy? UDP 500, UDP 4500, and UDP 16384 - 49327. If yes, please allow these ports and check if VoWiFi is available. Do you enable ALG service? If yes, please disable it and check if VoWiFi is available. Is there any blocking log? If you still have a problem,…
-
[FLEX/ATP] Which service ports should I open for VoWiFi?
Please allow UDP 500, and UDP 4500 for Wi-Fi calling/VoWiFi. If you are using iPhone, please also allow UDP 16384 - 49327 for RTP.
-
How to allow HTTPS Web GUI Access from WAN? (USG/USG FLEX/ATP/VPN)
Introduction: This article provides a step-by-step guide on how to securely access the Management Web GUI of your Zyxel Security Device (USG/USG FLEX/ATP/VPN) over the WAN using HTTPS. Baseline Setup: Before we begin, ensure you can connect to your device's Web GUI using its IP address and admin credentials. Security…
-
What is the DGMT Parameter for dynamic guest account?
Question: What is the DGMT Parameter for dynamic guest account? Answer: The DGMT parameter stands for "Daylight Saving Time Management." When enabled, it adjusts the system time according to daylight saving time changes.
-
ZyWALL USG Series Firmware Upgrade Service Q&A
Started from the ZLD 4.20 firmware version, the firmware upgrade service was introduced to help customers to easily and safely keep the firmware of their Zyxel devices up-to-date. In this document, you will learn about the firmware upgrade service and how you would benefit from it. You will see how Zyxel keeps ZLD 4.20 and…