-
How to troubleshoot high CPU usage on ATP/USG FLEX?
If you notice occasional high CPU usage on the ATP/USG FLEX, which is causing slow web page loading or management interface access delays, you can follow these steps to collect important diagnostic information: Steps to analyze high CPU usage: Log in to the device console during high CPU usage. Run the following commands…
-
Why event log keep printing "port 5060 is blocked"?
If you are trying to setup VoIP but the event log keeps printing "port 5060 is blocked", this is because of the SIP ALG function enabled, but the traffic of the VoIP is incorrect. SIP ALG supports the scenario that the SIP phone is under the firewall and the phone server is on WAN/Internet. If your scenario is the SIP…
-
Is it possible to send commands to the USG FLEX via ssh?
Yes, it is possible. Put commands in a text file. Then run plink with the CLI file. CLI file example: configure terminal hostname ABC address-object AAA 1.1.1.1 write exit exit plink -ssh -no-antispoof admin@192 .168.1.1 -pw mypassword < cli.txt CLI reference guide:…
-
Why some of Let's Encrypt CRL URL being categorized as malware?
This discussion has been moved.
-
Why can't I use the SSH Forwarding feature after updating to firmware version 5.40?
Question: After updating the firewall to firmware version 5.40, SSH Forwarding no longer works. Is it possible to re-enable it? Answer: SSH Forwarding was disabled starting from ZLD 5.40 due to a vulnerability fix. In these firmware versions, AllowTcpForwarding is set to "no" by default for security reasons. Unfortunately,…
-
ZLD 5.40 Update: Faster Station Monitoring for Better Wireless Health
To provide a more responsive and efficient wireless experience, Zyxel has improved the APC Wireless Health feature in the latest firmware release, ZLD 5.40. What’s New? The primary enhancement focuses on the monitoring interval used by the system to evaluate connected wireless stations (clients): Previous Interval: 3…
-
ZLD 5.40 Update: WiFi 7 AP Operation Mode Changes in APC
As part of Zyxel’s continuous updates to support next-generation wireless technology, ZLD firmware version 5.40 introduces important changes to the Access Point Controller (APC) interface - specifically relating to the operation modes for WiFi 7 (802.11be) Access Points. What's Changed? Removal of Mesh Mode Settings for…
-
ZLD 5.40 Update: Important Notice on Mesh Support for WiFi 7 Access Points
Zyxel Networks has updated its firmware to improve user guidance and transparency regarding mesh networking capabilities, particularly in the context of the newly introduced WiFi 7 Access Points (APs). Current Mesh Support Overview Zyxel firewalls traditionally use ZyMesh to enable mesh networking among managed APs through…
-
ZLD 5.40 Enhances APC with Support for New WiFi 7 Access Points
With the arrival of WiFi 7, Zyxel Networks continues to evolve its centralized management solutions. The latest firmware update, ZLD 5.40, brings Access Point Controller (APC) support for Zyxel’s newest generation of WiFi 7-capable access points. What's New in v5.40? Starting with firmware version 5.40, APC can now…
-
ZLD 5.40 Update: Removal of DHE for Improved Security and Performance
Zyxel Networks continues to strengthen security and streamline performance with the latest firmware release, ZLD 5.40. One of the changes in this version is the removal of Diffie-Hellman Ephemeral (DHE) as a default key exchange method in several key services. Why Remove DHE? 1. Inefficiency DHE, while historically used…
-
ZLD 5.40 Update: Abnormal TCP/UDP Traffic Detection Logs Now Set to Debug Level
New in ZLD firmware version 5.40, this enhancement improves log management and provides clearer information for diagnosing abnormal traffic behaviors. Overview Firewalls are designed to detect and drop suspicious traffic that may indicate potential threats. One such behavior is TCP or UDP traffic with a source or…
-
ZLD 5.40 Update: Security Best Practices
With the release of version 5.40, Zyxel Networks is excited to introduce a new feature designed to streamline and enhance your firewall configuration experience: Security Best Practices. This enhancement addresses user feedback about multiple pop-up reminders and brings a more efficient, user-friendly solution to ensure…
-
The maximum concurrent SSL VPN connections for each USG FLEX model
The maximum concurrent SSL VPN connections for each USG FLEX model, you can refer to User guide page 1231 > APPENDIX B Product Features: USG FLEX 700_V5.38_Ed2.pdf
-
Why can't I see the device name on SecuReporter?
The device name displayed in SecuReporter corresponds to the device name registered in your MyZyxel account. Please check your device name in MyZyxel and enter the exact same name if you want it to appear in SecuReporter.
-
Why can't I convert the configuration from USG FLEX 100 to USG FLEX 500?
Due to the USG FLEX 100 and USG FLEX 500 belonging to different firewall tier levels and having different numbers of ports, it is not possible to directly convert or import configurations from the USG FLEX 100 to the USG FLEX 500. FYI: The Zyxel Firewall Configuration Converter helps convert configurations from: Legacy…
-
Can I transfer configuration from USG FLEX series to USG FLEX H series?
You can convert your USG FLEX configuration to a USG FLEX H model configuration using the tool at convert.cloud.zyxel.com Please note that conversion is only possible between models of the same level (for example, from USG FLEX 200 to USG FLEX 200H or 200HP).
-
What does Zyxel Firewall Configuration Converter help?
The Zyxel Firewall Configuration Converter helps convert configurations from: Legacy appliances (USG/ZyWALL) to newer ZLD firmware devices VPN/ATP/USG FLEX to the latest uOS firmware (USG FLEX H series)
-
Why am I unable to see the traffic statistics in the SecuReporter report?
Question : Why am I unable to see the traffic statistics in the SecuReporter report, as shown below? Answer : The possible reason why the user cannot see the traffic statistics in the SecuReporter report might be a misconfiguration in the firewall settings. Please navigate to Configuration > Mgmt. & Analytics >…
-
Why Can't Block YouTube by Windows Astra Agent?
Question: Why Can't Block YouTube by Windows Astra Agent? Answer: This is because the website used HTTP/3 (You can see what the HTTP version used by extension) Zyxel plans to address this limitation in future updates.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
This discussion has been moved.