Security Ideas - Zyxel Community

Seriously, your ideas could be new feature for Security!
Hello Security Forum Members, Do you have moments that if your own thoughts or ideas can make better experience when using Zyxel security products? <3 We can make your wish come true! <3 Simply start a new post here describing your fabulous ideas for features or services you wish to have! Once your ideas get lots of vote ,…
Actual ZyWall, WLan Password can not be seen (anymore) => Please add checkbox "unmask"
On older ZyWalls it was easy to see / check the wireless password. Now the admin has NO WAY to "recover/find" the wireless password. ⇒ Please add a checkbox unmask, as it exists for the PSK in VPN-Configs.
Support the use of VTI interfaces in the scenario when using a dynamic peer.
Currently, using VTI interfaces in conjunction with a route bases IPSEC VPN outside is a scenario what is supported. Please add this capability in a future release of the firmware for the FLEX H series.
FWA710 SMS/text message feature
Hello, II would love to see SIM card SMS/text message receiving feature in the mobile outdoor router series. Or SIM card text message readout. And notification via Nebula when received. Reason : From time to time our ISP sends text message for network maintenance work and planned downtime or other important messages from…
Implementing BGP, RIP and OSPF features for H series
In response to the requirements raised by user @AMI, we propose the addition of features as BGP, RIP and OSPF features for H series. This suggestion originated from the discussion found here: Flex H Models Routing Protocols e.g. BGP — Zyxel Community If anyone likes this idea, please feel free to leave a comment or click…
Feature Request: Add Syntax Separators in ACL (Security Rules)
Hello to the team and the community, First, I'd like to thank the developers for their continuous work on Zyxel firewalls, which provide a robust and flexible solution for network security management. However, after several years of intensive use, I would like to suggest an improvement that I believe could greatly enhance…
Ability to rename / delete primary administrator account
I'd love to be able to create my own primary admin account username with something different to "admin" At present, a hacker only has to be able to guess a password, as the username "admin" cannot be removed or disabled. I'd prefer to make unauthorised access harder, by forcing would-be hackers to also having to guess my…
ATP100 - Allow "admin" to be renamed and/or deleted
When installing a Windows Server OS I always rename the Administrator account to an individual name. "Admin", "admin" and "Administrator" are well-known user names that hackers use first when trying to attack a system. My ATP100 does not allow me to rename or delete the standard "admin" account. I can just change the…
ATP 200: Multicast and broadcast routing across VLANs to enable media sharing protocols.
I have created several segments (VLANS) in my network to increase security of my home network. One VLAN is for computers and mobile phones, another VLAN is for data servers (e.g. NAS), another VLAN is for media players (e.g. TVs, SONOS audio players or printers) and another VLAN for IOT devices like Philips Hue.…
2FA authentication by EMail
2FA authentication by EMail on FLEX H models allow 2FA authentication from other IP then the connecting VPN IP is from allow 2FA authentication by WAN
Automatic Firewall config save to Nebula
Nowadays if I change something, I manually save roms of my clients(41 FLEX 200 models, 34 FLEX 100, 10 FLEX 50). I can choose to regurly send roms to an emailadress, but that will be a mess. Why no automatic save to Nebula of it's connected with Nebula? Even better would be that it automatically downloads the rom if…
In WRR Trunk Load Balancing, add "Bind all sessions from one IP" option on H series Zywall
WRR distributes sessions among available WAN interfaces/lines. However, this may have an adverse effect if multiple sessions from the SAME client are spread among WAN interfaces, effectively showing different IP addresses from the different interfaces. Some sites/apps/services require more than one session to be open, and…
DHCP and Secondary IP
It CAN be possible older models do it! when you do a routing rule incoming LAN next hop WAN 2 SNAT outgoing-interface which will be the the DHCP IP Or in my setup also incoming WAN to Secondary IP 192.168.254.1 Source Address 192.168.252.0/23 next hop WAN 2 SNAT outgoing-interface which will be the the DHCP IP with Static…
SecuExtender VPN CLIENT for ARM processor
I propose a version of the IPSEC client for ARM CPUs.
ZySH scripts in FlexH
In the original version of Flex there was a Maintenance-Shell Script function from the beginning, this was very important for transferring parts of configurations between different boxes. In the new Flex H uOS 1.31 series this is no longer there, and it is reportedly not planned for version 1.32 (04/2025). Is there any…
USG FLEX H series - support user type 'ext-group-user'
User @p4_greg hopes the USG FLEX H series supports the user type 'ext-group-user', like the ZLD firewall. This use case is normally used to limit the VPN users to a specific Active Directory group. If anyone likes this idea, please leave your comment and give it a vote. Original post
GitHub - Repository
Dear Team, I would like to propose the creation of an official GitHub repository for Zyxel, where scripts and solutions for specific use cases can be shared. Currently, there is a lack of repositories containing ready-made templates and scripts, similar to what competitors like Fortigate offer. The repository could…
Console port compatibility with SH-RJ45A from DSD Tech
Hi to all the Zyxel folks reading this message, serial connection has been part of Zyxel devices I see for a long time… Zywall 2 Plus and Zywall 5 had a serial connection availabe, some with RS232 port some with an RJ45 port. Today, RJ45 console port is still on latest USG Flex lineup, and I think it's not going away soon.…
Please fix the settings below, they do not work as intended
Password renewal option every __ days, opting out this option does not work. Even if renew password is NOT enabled, the device still requires a new password for ALL users every 60 days- see pictures attached. Either you take out the click option because it does not work anyway, or you make it work 😊 This other option does…
2FA Login mask, 2 suggestions for log viewing
2FA Login Mask Browser login: entering username and password accepts ENTER and mouse click to continue. If 2FA is enabled, the next window with the 2FA code input does not accept enter but only mouse click to send/enter. One needs to grab again the mouse to hover over the button of send, this is annoying when there are…
Notification change: Abnormal tcp traffic detected, source port is zero, DROP
Is it possible to request a change to the log level for events such as: "Invalid TCP traffic detected, source port is zero, DROP" Lately I've been receiving notifications every 20 seconds and I can't hide them when viewing the logs. Support says there is currently no way to disable logging of these events. This is standard…

Welcome!

It looks like you're new here. Sign in or register to get started.