-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
What's New: uOS1.30 Patch 1Firmware Update for USG FLEX H Series
This discussion has been moved.
-
What's New ZLD5.39
Enjoy stronger traffic control with a new CLI command to drop TCP SYN packets with data, faster filtering, and a fix for Chrome’s TLS 1.3 content filter bug. Update today for seamless protection. Zyxel is committed to continuously updating your devices for important maintenance information. This latest release also…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
ZyXEL SecuExtender "request configuration from the gateway"
I have a problem setting up Client 2 Site with IKEv2. On the firewall I already have a Site 2 Site with preshared key which works fine. I now want to add a client 2 site, but as long as the Site 2 Site is turned on, I cannot connect with Secu Extender, unless I turn off "Request configuration from the gateway" This means…
-
ZyWALL SecuExtender Two-Factor Authentication
Good afternoon I enabled the two-factor authentication method via Google Authenticator, but here we use ZyWALL SecuExtender to connect via VPN. When I log in, it goes straight in without requesting authentication via Google Authenticator, does anyone know what it could be? Print Log in through this software and do not ask…
-
block a bot
How to block a bot on our USG-50 using Security Policy.
-
Wireless Clients List in DHCP Table Using Mgmt Vlan Interface
I have a USG Flex 700, GS1920-24 HPv2, and a Mist AP-41 on my network. I have 5 Vlans with Mgmt Vlan being 1 and 10,20,40,50 as the others. Each Vlan has a corresponding SSID on the Access point. My problem is when I connect any new wireless clients to the network, they always seem to connect under the Mgmt Interface on…
-
USG FLEX 200: is 2FA (Google Authenticator) supposed to work on L2TP vpn?
Is 2FA supposed to work on L2TP vpn? I did some test and it didn't work. The tunnel goes up, and traffic starts to flow. Even if the user doesn't go through 2FA process.
-
Trunk configuration
I have two WANs with 200MB Full each. How do I make it so that when WAN1 goes down, WAN2 goes up automatically? Do I need to configure something in routing besides creating the trunk? How do I create Trunk so it works this way? I'm using the USG FLEX 200 Thanks
-
Zywall 310 L2TP Over IPSec Destroying tunnel due to no connectivity to its peer within 121 secs
Trying to connect from Windows 10 using l2tp. IKE log says: Dynamic Tunnel [Default_L2TP_VPN_GW:Default_L2TP_VPN_Connection:0x3df3aee6] built successfully 35 sec later: ISAKMP SA [Default_L2TP_VPN_GW] is disconnected L2TP log (35+121 secs later): Destroying tunnel ID 11812 due to no connectivity to its peer within 121…
-
souci de connection VPN sur USG FLEX 100
Nous venons d'installer une fibre sur notre site qui est en SDSL, j'ai configuré un VPN qui ne fonctionne pas. Peut-on m'assister pour vérifier la configuration? Mon Numéro de téléphone est le +33629391255
-
USG FLEX50W (20W-VPN) Factory Reset Not "5 Seconds" as stated in Manual
Last Saturday, I attempted to perform Factory Reset of USG20W-VPN, since it was compromised with unknown administrators in the User list, on older FW (prior to 5.39). Below is from the manual (PG 912): 1I Make sure the SYS LED is on and not blinking. 2) Press the RESET button and hold it until the SYS LED begins to blink.…
-
How to set up Android 14 for L2TP via IPSec for ATP100
Hi, We use VPN on ATP100 using L2TP (IPSec). Everything still works on Android 12 and older. L2TP (IPSec) is no longer an option on Android 13 and 14. On Android 13 and 14, there is only IKEv2/lPSec MSCHAPv2, IKEv2/lPSec PSK and IKEv2/lPSec RSA. Which option for Android 13/14 should we select from the image?
-
Sending notifications via SMTP SSL @ port 465
Hello everyone, since a lot of time I have to send notifications using mailservers via port 25, not all of them have TLS support, a lot of mailservers have SSL support. You can see it in a USG60W: You can see the same on a Flex200H: Is there a plan to introduce SSL SMTP usage? Thanks a lot
-
Any VPN related issue in 5.39(ABWC.1)?
I am running an USGFLEX100W and after upgrading to 5.39(ABWC.1), my dynamic IKEv2 IPSec VPN is not working anymore. I thought it might be some configuration change, so I went back 2 months (I have weekly backups), but it still don't work. It don't work on any of the mobiles it used to, and the laptop I used to connect is…
-
increase IPS range
I need to increase my IPS range from 254 ips to 512, how can I do this configuration on the Firewall Flex 200? Would it just be changing the Subnet Mask to 255.255.254.0 and the Pool Size to 512?
-
Starlink and Ipsec
Hello, Actually we've got an Ipsec tunnel using 2 USG Flex behind fiber on each side. We would like to use a starlink (actually bypass mode) in case of fail of fiber on one side. How to handle starlink CGNAT ? Thank's for your help. L.
-
IKE service
Hi, Our analysis shows that the IKE service ( gateway) is clearly visible and can be used by attackers for reconnaissance and targeting. How can we make the IKE service not clearly visible ("hide") in ATP 200? I am waiting your answer
-
Network/NAT
I have a working IPSEC VPN between site1 and site2, so that lan1 and lan2 can communicate. I would like to map a public IP of site1 to a host of lan2. Setting up a virtual server from publicIPsite1 to site2hostIP and adding a route to site2hostIP via the VPN tunnel doesn't work. I suppose because the VPN tunnel allow…
-
USG Flex 200 and Google Authenticator for vpn
I have this machine, with ipsec vpns, and I would like to setup 2FA with Google Authenticator I saw this guide for USG Flex 500: https://support.zyxel.eu/hc/en-us/articles/360018356680-Firewall-Configure-2FA-with-Google-Authenticator-for-Admin-Access And in "step" 1 I see a page that shows "Google Authenticator". Instead,…
-
How can I turn off the SSH login service in USG40?
-
Stampante di rete
ciao a tutti, ho un problema con la stampante di rete, espongo la configurazione: lan1 192.168.3.x /24 rete ufficio lan2 192.168.1.x /24 rete casa la stampante di rete è su lan1 ha ip 192.168.3.248 e dalla lan2 pc 192168.1.47 riesco a fare il ping entro in http://192.168.3.248 non compare tra le stampanti e se la collego…
-
arp spoofing
Bonjour, peut on désactiver les alertes arp spoofing ? merci
