-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
What's New: uOS1.30 Patch 1Firmware Update for USG FLEX H Series
This discussion has been moved.
-
What's New ZLD5.39
Enjoy stronger traffic control with a new CLI command to drop TCP SYN packets with data, faster filtering, and a fix for Chrome’s TLS 1.3 content filter bug. Update today for seamless protection. Zyxel is committed to continuously updating your devices for important maintenance information. This latest release also…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
Zyxel USG Flex H series - How to configure route from VPN client (Site A vpn server) to Site B
Hey dear community, can't figure out how to configure this scenario Site A - Zyxel USG 100H series (configured Remote Access VPN for client, configured Site to Site VPN from site A to site B) Site B - Zyxel USG 100 series (configured Site to Site VPN from site B to site A) Site to site VPN works perfectly in both ways.…
-
USG Flex IKE v1 VPN connection to Fritz!Box
Hi! First post as the community and the help posts have been very helpful throughout the past years. We do have a setup with an USG Flex on our company site. Due to lack of time we didn't implement network segregation in the past and it was configured recently. The USG would provide multiple interfaces (most of the virtual…
-
IPSEC VPN behind a NAT
I am try to setup an IPSEC VPN, between and USG 310 and USG 20W. But the USG 20W is behind a NAT, because the internet provider give the service behind a NAT. I try to setup but even in the NAT Traversal flag is on I cannot make it working. Below the logs, do you you have any suggestion? No. Date/Time Source Destination…
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue en HA
Hi, I have several affected ATPs in HA, especially ATP800. How do I try to perform the recovery process? Same as a single ATP? Is there a different protocol? Thanks.
-
Create policy rules VPN Access for different Geolocations
A client has 2 IPSEC VPN USers: 1 works from Belgium, other 1 from USA He wants the useraccounts only to work from their own region. So I create 2 policy rules WAN → ZyWALL, IPv4 source GEO_BELGIUM, Service IKE and User: belgium ext-group-user(AD User!) WAN → ZyWALL, IPv4 Source, GEO_USA, Service IKE and User: USA…
-
Zywall 310 update a certificate
I need to update the certificate because it's expiring, the new certificate is the same as the old one except for the expiry date. If I try to upload it says to me it already exists. I deleted the old certificate and deleted it in all the services linked but I still have the error -17018 PKI certificate already exists How…
-
ZYSH scripts in USG FlexH
In the original version of Flex there was a Maintenance-Shell Script function from the beginning, this was very important for transferring parts of configurations between different boxes. In the new Flex H uOS 1.31 series this is no longer there, and it is reportedly not planned for version 1.32 (04/2025). Is there any…
-
Secu Extender 4.0.4.0 Snapdragon
Hi, I have tried to install secuextender 4.0.4.0 on a surface laptop 7th. The processor is a Snapdragon ARM. The installation goes through, but secuextender does not open. I suspect it is due to the ARM processor. Does anyone have similar problems or is there a solution? The helper service is started. The user log shows…
-
USG40w config conversion to USG100felx
Hi alltogether, I'm going to migrate from usg40w to usg100flex and am about to use the config conversion tool on the website. But I haven't yet beacause I'm a bit concerned to upload all my VPN an very security sensitive data up to ab website to let the conversion happen. What do you guys think about my concerns? BR zyx…
-
Does Zyxel offer any SFP Network Switches with MACsec (IEEE 802.1AE)
We are looking for small managed L2 or L3 switches which are able to connect different VLANs of two remote branches via a direct fiber connection (SFP port) and which are able to directly encrypt the layer 2 traffic via MACsec (IEEE 802.1AE). Does Zyxel offer such switches? I'm not able to find any.
-
ZYWALL 8443 NOT ACCESSIBLE
Good evening everyone, we have an ATP100 that works correctly for ports napped to a NAS TCP 20001 TCP 80 and TCP 443 based on the policies chosen by limiting reachability to my FQDN because I have a dynamic IP connection in the office. The reachability problem of port 8443 configured for the firewall GUI occurred after the…
-
ATP 500 and Web Gui unusable
I have an ATP 500 that is not directly exposed on the Internet. Since this morning I can no longer reach the configuration web interface. It remains loading with Firmware 5.39 ABFU 1. And even some sites no longer load correctly. Restoring the previous firmware version (5.39 ABFU 0) everything is OK. To restore I used…
-
CDR Testing
Hello, my first post in this section… We want to setup CDR for customers, but first want to get familiar with it, and find out how we configure it, it does what we want. Is there a method to test it? Like download some (innocent) files but files what triggers CDR? I know Microsoft has some test files, but do they trigger…
-
I have a question about an IPSEC with VTI.
I have a question about an IPSEC with VTI. I have two routers (USG FLEX 700H AND USG FLEX 500) with dual wan I have made an IPSEC from ROUTER-1 WAN 1 to ROUTER-2 WAN 1 I have made an IPSEC from ROUTER-1 WAN 2 to ROUTER-2 WAN 2 Remote LAN Router 1: 192.168.100.0/24 Remote LAN Router 2: 192.168.1.0/24 Router 1: VTI1(via…
-
IP range
On the Flex 200 firewall, can I increase the IP range from 254 to 512 leaving the same current network submask, in this case 255.255.255.0? Is there a possibility to increase my IPs without changing the submask?
-
Nebula Monitoring Mode Issues | Post Signature Firmware Fix
Recently recovered a UFG FLEX 500 that was affected by the signature issues. When the issue arose, the device was showing as offline constantly in Nebula (other affected devices would periodically go online & offline). However, since the firmware patch was applied, the device still showed as offline. So, I went to the…
-
Device error, Wrong CLI command, device timeout or device logout.
Since this morning I get the above error when I log on to the Zyxel USG Flex 200 via the web interface. And the web display is empty, nothing can be displayed or operated. What can I do to resolve this error?
-
Latests Logs Dashboard widget empty
Hi, This area remains empty. Can't find how to view activity in that widget. Logs correctly recorded in Monitor→Log, but useful to have it in the Dashboard. Thanks for your help, Jean-Pierre
-
SecuExtender connecting to site which connects site to site
Trying to configure Remote vpn to site which connects to site to site so both sites can be reached by remote vpn. Configured a site to site VPN, then configured remote to site. created policy route to send traffic from remote vpn to other site connected to connecting site but traffice isn't going through. Contacted support…
-
USG500H - SSL VPN connection impossible
Hello, I need to set up the SSL VPN through port TCP 10443 but cannot make it work. This is our configuration: USG FLEX 500H FLEX V1.31(ABZH.0) ISP ROUTER 192.168.1.1 (public static IP address, integrated firewall switched off, map forwarding active for some ports including 10443 TCP pointing to firewall, any other mapped…
