-
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
USG FLEX 500 FIREWALL FREEZES AND REBOOTS
I'm having issues with two USG FLEX 500s in HA (High Availability). Every 2 to 4 days, they freeze (PWR+SYS LEDs off and port LEDs blinking)." The tests I have performed are: Shut down the passive firewall and leave only the master active. Shut down the master firewall and leave only the passive one, promoted to master The…
-
Why is FLEX H being advertised as an upgrade?
I am not happy with the latest FLEX H model and the "trade in" promotion will certainly bring in more disappointed users. The firmware is not feature complete versus the FLEX The converter will not convert all config data, in fact almost none 1-2 year feature requests for missing functions of the FLEX Someone really messed…
-
Where is all the documentation for SecuExtender?
I bit the bullet and bought licenses for MacOS and Win11. I use the StrongSwan for Android and the Win11 clients and settings created by the Zyxel firewall wizard, and they work automatically just fine. Now, I need to know where to look after what on the firewall, in order to configure the SecuExtender VPN client. Where is…
-
USG Flex 200H: ipsec vpn - peer gateway BACKUP address
I have a question. On our old USG 310, we were able to set up a primary and a secondary IP address for the IPSEC VPN "peer gateway address." It's now missing, and I don't know why. Is there another solution for a fallback? I couldn't find. Thank you for your help!
-
Zyxel USG Flex series - any way to send DEBUG system log through e-mail?
Is there any way to send DEBUG system log through e-mail? No option in the settings, only NORMAL and ALERT.
-
ZLD 5.x firmware development status
According to this page https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version latest pubblication of Lab Firmware for ZLD 5.x is dated november 2024, 1 month after 5.39P1, roughly 20 weeks ago. Is there a new way for access Lab Firmwares? Is Lab Firmware release suspended? Is…
-
Nebula GEO IP Blocking
In Nebula if you wished to use the GEO IP Blocking feature, it used to restrict you to only inputting 10 countries per rule. However I am now finding that it allows me to add more than 10 countries in a sigle GEO IP Filtering rule. Has the 10 country limit been removed entirely? Or has it been raised to a higher number of…
-
no link in P1 port, in Flex200H device
Our company has a Flex200 firewall, and the service provider device is FiberHome AN5506-02-FG GPON Modem Router (configured PPPoE connection). We receive a Flex200H device for testing, to which, if we replace our own device, there is no link on anymore the WAN (P1) port It is plugged into any other device there is physical…
-
IPSec sessions on the firewall not terminated after a while of being idle?
I have the following scenario: I manually connect with a device (smartphone or notebook) and via IPSec VPN client (the ones generated by the USG-20W-VPN), StrongSwan resp. Win1x Client from outside. Now, when I take the device(s) again in WiFi range, they reconnect to the WiFi ergo the IPSec tunnel is not used anymore.…
-
USG Flex - extending a broadcast domain for WoL magic pakets?
We have running a server in one subnet, which is able to send magic WoL pakets into the own subnet in order to wake-up computers. Such magic paket will not be routed into other subnets. But now we've extended our network with an additional subnet (VLAN) and would like to wake-up computers from that new subnet as well, but…
-
Cannot send mail to two-factor authentication for SSL VPN
Hi, I would like to use two-factor authentication for SSL VPN access but from the logs I see this error and I can't understand what I should do. Thanks Max
-
USG110 upgrade
-
Routing public class c over VPN Tunnel
Hello, Here is our setup. Location A has public class C (1.1.1.0/24). Location B has a single public IP. Loc B has internal IPs 192.168.5.1/24. Both locations have ATP800 and are connected to each other VPN tunnel. Loc A vti IP 10.10.20.10. Loc B vti IP 10.10.20.20. On Loc A ATP, we have policy route to route 1.1.1.5 -…
-
multiple site to site vpn accessing the same resources.
This is not the typical vpn access that i usually setup and it has me a bit stumped. I have a site to site vpn that was setup to access a set of devices on the network. I'll try and explain this best I can. ips are just examples and there are 4 devices that need to be accessed. VPN-1 Site A (devices vlan…
-
IKEv2 and Windows 11 on standalone ATP500
Hi there, because the actual IPSec client from Zyxel does not support ARM proccessors, i had to configure VPN IPSec IKEv2 to use the buildin Windows 11 VPN client. That raises a bunch of questions: How can i use a trusted certificate instead of the "buildin". I cannot use the official bought FQDN based cert, because while…
-
USG Flex - VPN Logins into different subnets possible?
Hi guys, Before I dig deeper into the manual … Is it generally possible to have different VPN configurations to different subnets/VLANs simultaneously active on an USG Flex? Presently we've got two configurations active, one SSLVPN profile and another IPSec profile. The corresponding profile is automatically chosen…
-
wildcard in whitelists (on-premise)
Hello folks, Are there wildcards that can be used in Web Content Filter —> Trusted Web Sites and in DNS Content Filter —> Allowed sites ? for example *.google.com works with any 3th level domain? I refer to ATP / USG Flex Series, don't know if there are differences in H series Searched a little bit in the community but did…
-
¿falso positivo?
¿es correcto el bloqueo de url2319.nexa.pro ? 2025-05-02 10:58:55warnURL Threat Filterurl2319.nexa.pro:Malicious Sites, SSI:N 192.168.xx.xx:63085 167.89.123.90:443 ACCESS BLOCK 2025-05-02 10:58:55warnURL Threat Filterurl2319.nexa.pro:Malicious Sites, SSI:N 192.168.xx.xx:63073 167.89.118.61:80 ACCESS BLOCK 2025-05-02…
-
Zywall 110 remove corrupted firmware from debug mode?
Zywall boots up but no webaccess. No ping on any port. Lots and lots of error suggesting all kind of files missing via console port though. Is it possible to erase the fimrware as the system seems to think it can start the firmware image. Some at command to wipe out the firmware?
-
Usg flex h with build in wifi
I was wondering if there will be an model of the flex h series with build in WiFi. There is an flex 100 ax, but i think in 2030 this will eol?