Security Ideas - Zyxel Community

Seriously, your ideas could be new feature for Security!
Hello Security Forum Members, Do you have moments that if your own thoughts or ideas can make better experience when using Zyxel security products? <3 We can make your wish come true! <3 Simply start a new post here describing your fabulous ideas for features or services you wish to have! Once your ideas get lots of vote ,…
Wireguard?
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running…
Built-in ACME Client
As you know, CA/B Forum has voted to shorten validity period for SSL/TLS certificates. Current: Public SSL/TLS certificates currently have a maximum validity of 13 months (approximately 398 days). Upcoming Changes: 2026: Maximum validity will be reduced to 200 days. 2027: Maximum validity will be further reduced to 100…
USG Lite 60AX DHCP Option 61
User @too_many_accounts need USG Lite 60AX to support DHCP Option 61 for his ISP in the UK (SKY). Anyone who also needs this option, please leave your comment and give it a vote. Original post
FWA710 SMS/text message feature
Hello, II would love to see SIM card SMS/text message receiving feature in the mobile outdoor router series. Or SIM card text message readout. And notification via Nebula when received. Reason : From time to time our ISP sends text message for network maintenance work and planned downtime or other important messages from…
More improvements to DDNS Backup Address
FLEX H models In some cases ARP to gateway may not fail causing DDNS not to failover to backup so if DDNS tries the Primary Address (plus Checking Public IP URL) and does not reply it should use Backup Address. DDNS uses whats listed in Trunk and does not use the Backup Address causing the IP to not update at DDNS end…
Automatic Firewall config save to Nebula
Nowadays if I change something, I manually save roms of my clients(41 FLEX 200 models, 34 FLEX 100, 10 FLEX 50). I can choose to regurly send roms to an emailadress, but that will be a mess. Why no automatic save to Nebula of it's connected with Nebula? Even better would be that it automatically downloads the rom if…
FLEX H BWM/interface limiting improvement
For the FLEX H to have the same BWM/interface limiting like on older models including interface limiting those per interface in a bridge and BWM interfaces that are in a bridge along with interfaces not in a bridge and the option: Router(config)# bwm control-tcp-ack Thanks
Actual ZyWall, WLan Password can not be seen (anymore) => Please add checkbox "unmask"
On older ZyWalls it was easy to see / check the wireless password. Now the admin has NO WAY to "recover/find" the wireless password. ⇒ Please add a checkbox unmask, as it exists for the PSK in VPN-Configs.
Support the use of VTI interfaces in the scenario when using a dynamic peer.
Currently, using VTI interfaces in conjunction with a route bases IPSEC VPN outside is a scenario what is supported. Please add this capability in a future release of the firmware for the FLEX H series.
Implementing BGP, RIP and OSPF features for H series
In response to the requirements raised by user @AMI, we propose the addition of features as BGP, RIP and OSPF features for H series. This suggestion originated from the discussion found here: Flex H Models Routing Protocols e.g. BGP — Zyxel Community If anyone likes this idea, please feel free to leave a comment or click…
Feature Request: Add Syntax Separators in ACL (Security Rules)
Hello to the team and the community, First, I'd like to thank the developers for their continuous work on Zyxel firewalls, which provide a robust and flexible solution for network security management. However, after several years of intensive use, I would like to suggest an improvement that I believe could greatly enhance…
Ability to rename / delete primary administrator account
I'd love to be able to create my own primary admin account username with something different to "admin" At present, a hacker only has to be able to guess a password, as the username "admin" cannot be removed or disabled. I'd prefer to make unauthorised access harder, by forcing would-be hackers to also having to guess my…
ATP100 - Allow "admin" to be renamed and/or deleted
When installing a Windows Server OS I always rename the Administrator account to an individual name. "Admin", "admin" and "Administrator" are well-known user names that hackers use first when trying to attack a system. My ATP100 does not allow me to rename or delete the standard "admin" account. I can just change the…
ATP 200: Multicast and broadcast routing across VLANs to enable media sharing protocols.
I have created several segments (VLANS) in my network to increase security of my home network. One VLAN is for computers and mobile phones, another VLAN is for data servers (e.g. NAS), another VLAN is for media players (e.g. TVs, SONOS audio players or printers) and another VLAN for IOT devices like Philips Hue.…
2FA authentication by EMail
2FA authentication by EMail on FLEX H models allow 2FA authentication from other IP then the connecting VPN IP is from allow 2FA authentication by WAN
In WRR Trunk Load Balancing, add "Bind all sessions from one IP" option on H series Zywall
WRR distributes sessions among available WAN interfaces/lines. However, this may have an adverse effect if multiple sessions from the SAME client are spread among WAN interfaces, effectively showing different IP addresses from the different interfaces. Some sites/apps/services require more than one session to be open, and…
DHCP and Secondary IP
It CAN be possible older models do it! when you do a routing rule incoming LAN next hop WAN 2 SNAT outgoing-interface which will be the the DHCP IP Or in my setup also incoming WAN to Secondary IP 192.168.254.1 Source Address 192.168.252.0/23 next hop WAN 2 SNAT outgoing-interface which will be the the DHCP IP with Static…
SecuExtender VPN CLIENT for ARM processor
I propose a version of the IPSEC client for ARM CPUs.
ZySH scripts in FlexH
In the original version of Flex there was a Maintenance-Shell Script function from the beginning, this was very important for transferring parts of configurations between different boxes. In the new Flex H uOS 1.31 series this is no longer there, and it is reportedly not planned for version 1.32 (04/2025). Is there any…
USG FLEX H series - support user type 'ext-group-user'
User @p4_greg hopes the USG FLEX H series supports the user type 'ext-group-user', like the ZLD firewall. This use case is normally used to limit the VPN users to a specific Active Directory group. If anyone likes this idea, please leave your comment and give it a vote. Original post

Welcome!

It looks like you're new here. Sign in or register to get started.