-
Secure Start with Zyxel x Tailscale 🎁 Get 6 Months of Tailscale VPN Free, Before Oct.!
This discussion has been moved.
-
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
Cannot send mail to two-factor authentication for SSL VPN
Hi, I would like to use two-factor authentication for SSL VPN access but from the logs I see this error and I can't understand what I should do. Thanks Max
-
How to route router (fw) traffic via LAN IP to IPsec VPN.
Hello, I have a IPsec tunnel between Zyxel USG Flex 100 and Fortigate 301E, everything works fine but one thing. I need to send Zyxel syslogs to device at Fortigate network. When I try to ping in zyxel console the device the ping fails. When I specify Zyxel's LAN1 IP as a source it works. So in default the zyxel uses WAN…
-
I'm Insane: Bought another USG FLEX H expecting better
Seems I am a glutton for punishment… Upload a config file that has an error (adding address objects vs. the Web UI) the device will factory reset and you have to start the setup all over, the firmware re-downloads (already on the latest) and start over. No option to revert like previous. Additionally there is no log to…
-
"network client" interface in "Easy Mode" not working (USG40W) - bug
when logged into the USG40W, and when in easy mode, if I click in the window "network client" on the "menu" icon (upper right corner, see image below), then it starts saying "loading" and nothing happens (forever). See image below: I have to reload the page in the browser, to get rid of the "loading" sign (otherwise I am…
-
ZyWALL SecuExtender end of life. How connect to VPN?
Hello we have a USG FLEX 200, how can i connect to vpn without pay a license for it? For example fortinet give a client (forticlient) for free and update it Thanks
-
Windows server AD trough IPSec VPN
Hello, We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side. In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on? Many thank's L.
-
USG Flex 200H: ipsec vpn - peer gateway BACKUP address
I have a question. On our old USG 310, we were able to set up a primary and a secondary IP address for the IPSEC VPN "peer gateway address." It's now missing, and I don't know why. Is there another solution for a fallback? I couldn't find. Thank you for your help!
-
IPSec VPN Client-To-Site IKE2 50H behind NAT
Hi all, it's my first time on new firmware, I'm trying to create a IKE2 IPSec behind nat. I've tryed all config but always error. Please advice. WAN1 10.20.30.2 LAN1 10.10.10.X VPN Address Pool : 192.168.50.0/24 on log file you can read all my try. Please let me know. Thank you very much for your help. Bye
-
USG 20 VPN it freezes, the vpn stops working
I have a site-to-site configuration in location A there is USG 20 in location B USG 20 After about 24-48 hours of work, the USG20 hangs in location A and B. The VPN stops working, you can't log in to the USG 20 in location A and B. (but the login page shows up but doesn't log in), but the internet still works, as does the…
-
Change certificate of a managed AP?
Is it possible to add a new certificate to a AP (WAX650S) managed by a USGFlex200? When I'm connecting direct to the AP, I will get a “not secure” message of the browser. I have added the cert and give the rights, but the browser says: This server could not prove that it is 192.168.xxx.xxx. Its security certificate is from…
-
USG FLEX 500 behind other firewall - no IPV6 routing
Hi, I´m trying to set up my USG Flex 500 that is situated behind an OPNsense firewall. I went through several manuals and tutorials but I couldn´t figure out how to set it up right. The ISP is providing Dual Stack (shared IPv4 + IPv6). The OPNsense is used to provide internet for 2 seperate company branches. Branch 1…
-
Migrated to Flex 500, but having problem with sending email from mail server to GMAIL addresses
Hi, we have migrated our working firewall from USG310 to new Flex 500 and we are using internal Mail Server. If we use old USG310 instead everything works fine without any problems even to GMAIL addresses and MXToolBox gives green light on all of their tests. Also we have added to our DNS records everything that Google…
-
ZyWall110 to ATP200 conversion
Hello, I have to replace the Firewall at a customer. He is using a Zywall110 with many different settings. The conversion tool can not convert from Zywall110 to ATP200. So do I have to copy the settings one after another by hand or is there an other option to convert the whole configuration at once? Hope anybody can help…
-
Insert a list of URLs in the content filtering of an ATP200
Hi everyone, I need to insert about 200 URLs to block into the content filtering profile of a ZYXEL ATP200. How should I do it if possible? Thank you and best regards.
-
VPN typu site-to-site and remote access (server role) USG20-VPN
Hello I have 2 problems: I have a site-to-site configuration and remote access (server role) I have the same USG20 models in the headquarters of companies A and B. After changing the Internet provider and adding a new WAN IP address in the configuration. site-to-site establishes a connection, but the devices do not…
-
Urgent: Lack of VLAN over LAG functionality on USG FLEX 700H
Hello, We are deeply disappointed that the USG FLEX 700H, despite being a high-tier and newer product, does not support publishing VLANs over LAG—a feature that was readily available on older devices, such as the ATP500. This omission severely impacts our deployments, and our client has expressed significant…
-
IPSec VPN certificate expires soon- how do I (re)create a valid certificate directly on the USG?
I have an USG20W-VPN firewall. My IPSec VPN certificate will expire soon. How do I create a valid new certificate for the VPN part? I have seen the instructions when using Nebula, I do not use that. How can I do that directly on the firewall? Thank you.
-
Zywall 110 to ATP200 converter
Hi, I`m in need to convert a config from a Zywall110 to ATP200. I cannot do this with the online converter tool. Is there a way to do this easily ? Kind regards, Michel
-
Incorrect RADIUS client behavior on USG devices
We’ve been running several USG devices (110 and 210) without issues for years but recently discovered few issues that seem are persisting on newest FLEX H devices as well. RADIUS Framed-MTU Issue The Zyxel RADIUS client (AAA Server) hardcodes Framed-MTU=1400, which is incorrect and not configurable (Microsoft…
-
IKEv2 and Windows 11 on standalone ATP500
Hi there, because the actual IPSec client from Zyxel does not support ARM proccessors, i had to configure VPN IPSec IKEv2 to use the buildin Windows 11 VPN client. That raises a bunch of questions: How can i use a trusted certificate instead of the "buildin". I cannot use the official bought FQDN based cert, because while…
