-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
What's New: uOS1.30 Patch 1Firmware Update for USG FLEX H Series
This discussion has been moved.
-
What's New ZLD5.39
Enjoy stronger traffic control with a new CLI command to drop TCP SYN packets with data, faster filtering, and a fix for Chrome’s TLS 1.3 content filter bug. Update today for seamless protection. Zyxel is committed to continuously updating your devices for important maintenance information. This latest release also…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
usg20-vpn and surfshark
is there anybody able to share a configuration to connect my old usg20-vpn with surfshark? Actually looks like they provide a certificate for an ikev2 that i cannot import because they provide no secret key with it, and also no shared key. I think i should use the username and password system through ms chap, but it seems…
-
SFP Slot at USG 700 Flex - which standard is supported?
Which SFP standard support the SFP ports on USG 700 FLEX? The problem is, that we most probably get only one single fiber and have to put dual wave length for TX and RX on it. But this would be 1000BASE-BX standard. Many devices on the market only support 1000BASE-SX /-LX /-ZX standards where different fibers are in use…
-
SSL VPN SecuExtender Retirement / Licenses for IPSec SecuExtender needed?
Since the SSL VPN SecuExtender Client will be retired soon (or is already retired?), we have to seach for an alternative. The Windows build-in IKEv2 Client works so far with our USG 700 Flex and could be used, but is not so comfortable for us due to different reasons. Does Zyxel offers limited IPSec SecuExtender licences…
-
redirecting http
Hi! I have a webserver behind a zyxel 200H (frimware: V1.30) and I cant reach its website with its domain name/url, and instead of the website all I get is the zyxel 200H login screen. I looked up the problem, and I should find a "HTTP Redirect" instruction on…
-
ATP500 - Avast antivirus block, anti-botnet log
Hi there, we have the problem that since the last firmware update in November our ATP500 blocks the Avast antivirus and the message “BLOCK anti-botnet” appears in the log. We have configured under: Security Service > Reputation Filter > Types of Cyber Threats Coming From The Internet And Local Networks, deactivated the…
-
USG20-VPN (now USG Flex 50) problem with the upgrade
"I have a USG20-VPN device that has been updated to the USG Flex 50 version. On the standby partition, there is the old firmware V5.10(ABAQ.0), and on the running partition, there is firmware V5.30(ABAQ.0). Now, the latest firmware version has been released. When I try to upgrade to the latest firmware, nothing happens. It…
-
USG40W - When entering a website (www.idrive.com) I get redirected to the firewall login
Hi, When trying to access the website www.idrive.com on any PC on the network the page gets redirected to the login screen for the USG40W. We found this issue when trying to get Cloud Replication (Backup) working on the iDrive BMR device. THe site *.idrive.com is listed as a Trusted website in the Content Filter. Larry
-
Advice on policy control issue
Hi Zyxel world, I wonder if you can help please - We've 3x USG60, connecting IPSEC to an Azure VPN Gateway, all 3x VPNs connect and remain connected but only 2x pass traffic (pings) and one does not. The key settings look identical as far as I can tell, having compared them side-by-side, aside from the expected network…
-
USG FLEX 500H - Client VPN with Entra ID login
Hi Is it possible to use Entra ID accounts to login to a client VPN (Remote Access VPN or SSL VPN)? Right now I'm using a Cisco ASA where I have created a SAML setup to Azure, and it works just fine with the login and also to ask for the users MFA. I have the same setup on some FortiGate firewalls, but I just can't find…
-
USG FLEX 500H - SNAT on a Site-2-Site VPN
Hi I want to replace a Cisco ASA 5506-x with a USG FLEX 500H. I have multiple Site-2-Site VPN connections and and got them all but one up and running. The last one uses SNAT, where my lan subnet (/24) has to be translated to another (/32). All information I could find so for on SNAT in a VPN tunnel is for the old model, or…
-
No entries in device insight
Hi, I have configured one device insight profile. Inside this only the criteria for OS "Windows" is selected. I would have now expected, that my laptops and desktops are listed in the device insight table of monitoring, but this table is always empty. I'm sure I have misunderstood or done something wrong. Kind regards SB
-
DNS lookup issue
We've got a really weird issue with a FLEX100. So a client reported that they can't access their website from their office network. On any device. If they turn WiFi off on their phones, they can acces it fine. Sure enough, the FLEX100 is not returning ANY address for their primary domain. But every public DNS server…
-
USG60 - Problem with internal LAN.
Good morning, I have a strange behavior with our USG60 regarding the local LAN port. Since we changed the network provider every time the provider's router reboots (power loss, random reboot, manual reboot, etc.), the USG changes the internal LAN IP mask. Something that it never had done in the past. To give you an…
-
zywall atp100w - external captive + radius
Hi all. I really need help from the community on setting up zywall atp100w. I read a lot of information on setting up, but I still couldn’t set it up correctly. Task: I have an atp100w router on which an open wifi network is configured on LAN1. Internet access is configured via WAN. NAT is configured. Wifi users access the…
-
SCR50AXE sending internal ARP requests on WAN interface
Hello, I've just captured some traffic from the WAN interface of my SCR50AXE device. One thing seems very odd and that is that the device is sending ARP requests of internal VLANs on the WAN interface. Sending ARP requests on a completely different Subnet makes no sense in itself, but sending all ARP requests from all…
-
HA config(Flex 700)
I have the following set up. The question I have is what takes precedence when it comes to HA, and what would give the desired end result? two 700 in functional HA pair. WAN1, WAN2 policy routes for different traffic to go primarily through WAN1 or WAN2, policy routes have connectivity check to fail down to an alternate…
-
ATP200 - unable to update antimalware
After updating "Firmware Version V5.37(ABFW.2) / 2024-01-20 05:47:51" I have: Anti-Malware signatures are updated to the latest version 2.1.1.20231130.0.. (success) at Mon Mar 11 09:03:50 2024 Threat Intelligence Machine Learning (TIML) signatures are updated to the latest version 1.0.0.20240310.0.. (success) at Mon Mar 11…
-
USG Flex 500: WAN failover and virtual server won't work
Hello everybody I have an USG Flex 500 with 2 wan and 2 lan connected, and i'm trying to make a server inside a wan to respond to two NAT (Virtualserver), one on each wan. I should use virtualserver NAT because i need to redirect different ports on same external IP to different internal servers. This is the simplified…
-
Problem ZyWALL SecuExtender
I have a VPN con UGS60. I have problem with connect with ZyWALL SecuExtender because disconnect fast without error. I try with 4.0.4.0 and 4.0.5.0. This VPS work fine with pc with Win10 but on the pc with Win 11 no. Disconnect fast. In the log the error is [ 2025/02/20 12:39:05 ][SecuExtender Agent][INFO] Server subject:…
-
Change default admin password not working
Hi, ATP 500 The procedure for resetting the admin password does NOT work. https://support.zyxel.eu/hc/it/articles/360012744371-Cosa-posso-fare-se-ho-dimenticato-la-mia-password-USG-FLEX-ATP-VPN-o-non-riesco-pi%C3%B9-ad-accedervi#two ATKZ -g ATGO the password should be 1234 but on the next reboot entering these credentials…
