Security Ideas - Zyxel Community

Seriously, your ideas could be new feature for Security!
Hello Security Forum Members, Do you have moments that if your own thoughts or ideas can make better experience when using Zyxel security products? <3 We can make your wish come true! <3 Simply start a new post here describing your fabulous ideas for features or services you wish to have! Once your ideas get lots of vote ,…
[USG FLEX H] add dark mode on standalone interface like Nebula
hello is it possible to add the dark mode like the Nebula's one on local interface of UOS ?
Support FQDN wildcard for both root domain and subdomains on USG FLEX H
Currently on uOS, the FQDN object only supports the format *.domain.com, which matches subdomains (e.g., www.domain.com, mail.domain.com) but does not include the root domain (domain.com). In ZLD systems, the format *domain.com was supported, allowing both the root domain and subdomains to be covered by a single entry.…
Disable DNS server in global zone forwarder for USG FLEX H
User @PeterUK would like to remove the auto added DNS server for USG FLEX H when the WAN interface is DHCP client mode. Anyone likes this idea, please leave your comment and give it a vote! Original post
USG Flex H series - internal radius server for WLAN auth
on the previous USG Flex series it was possible to use the internal user database for WLAN auth. (Configuration - System - Auth. Server - Trusted Clients) On the new USG Flex H series this feature seems not to be available this time. Please put it on the roadmap. Best regards, MJR
SAML integration to Microsoft Entra ID with VPN authentication
We would like to request the implementation of SAML 2.0 support in the Zyxel USG H Series firewalls to enable Client VPN authentication via Microsoft Entra ID. Currently, achieving this setup requires our customers to deploy a costly Site-to-Site VPN to Azure and maintain Microsoft Entra Domain Services, which adds…
Use External Block List only option
Very simple really a option to use only External Block List for IP Reputation filter
[USG Flex H] - Create Object Address based on MAC Address
Hello everyone, I've the USG Flex 200HP from some months and I've difficulty to understand the Object Address of type "Host". I mean, if I need to create some Control Policy rule based on some "device", I need to configure the device as Static DHCP based on Mac Address, and than configure an object address based on the IP…
Change default NSlookup query type for Zyxel firewall
User @p4_greg mentioned the potential issue for the Zyxel firewall NSlookup default query type. Current type ANY could not get any response for some DNS server which applied RFC8482. Anyone likes this idea, please leave your comment and give it a vote. FQDN objects not resolving — Zyxel Community
USG FLEX H - external block list also blocks traffic from WAN to ZyWALL
User @SiegfriedH found that USG FLEX H - external block list doesn't block traffic from WAN to ZyWALL. Since this is the current spec, we create an idea post for the enhancement. Original post
[USG Flex H Series] - Two Factor Auth with Mobile Auth notification
Hello everyone, I've enabled the Two-Factor Auth, but every time that I would like to login into the Web Admin Portal, the interface ask to me to enter the 6-digit MFA code. It's possible to change this behavior for receive a notification on the Mobile Auth App and accept/decline? If is not possible or this is a missing…
Don't hide DNS filtering rules on Flex H series
Hello, When creating a DNS filtering rules, it in reality creates two (one for lan to wan, one for lan to Zywall). Could you not hide the second rule ? (Like it was the case on non H Flex series)
Manual configuration of OpenVPN server
We currently have very limited say on what is going on with the OpenVPN server, being able to modify manually the config (even if only available from command line) would be great. Some users might need different split tunnel configuration.
More than one roaming IPSec server config for Flex H (like we were able to do with Flex)
BWM feature rule to bypass interface Egress rate limit
How this would work and be useful if you don't have a L3 switch On a FLEX 200 (non H) you limit on the interface LAN1 egress to 204800kbps but you have LAN2 and you want LAN1 to receive at full speed from LAN2 thats where this rule comes in to bypass the interface Egress rate limit by a rule LAN2 to LAN1. Now you might…
On site reputation filter allow list only
So here the thing I can't use the reputation filter due to a problem with FLEX connecting to the servers (routeing Zywall out a given WAN if you have more then one) to check but at the same time what if you want to fully control what is allowed and whats not sure you could add a option to check Allow List only but if you…
Wireguard?
WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running…
USG FLEX H BWM support FQDN object
User @PeterUK requires BWM function can support FQDN object for USG FLEX H series model. Anyone who likes this idea, please leave your comments below and vote up for this idea post. original link
SSO agent need to support Kerberos
User @AndB requests the SSO agent need to support Kerberos to enhanced the security. Anyone who likes this idea, please leave your comment below and give it a vote! Original post
[USG Flex H] - Export to external services some usefull metrics
Hello everyone, I've a domotic house, in which I have Home Assistant as my central hub to manage curtrains, lights, networks devices, electrical plugs and so on. It's interesting to have some metrics on about the network performances, external WAN IP, how many devices are connected, and somethings help to manage the…
Virtual Firewall for Nebula (vUSG FLEX / Nebula vFirewall)
Use Case: Many enterprise and SMB customers today operate in hybrid environments where part of their infrastructure resides in public cloud services such as Microsoft Azure, AWS, or Google Cloud Platform. Competitors like Cisco (Meraki vMX), Fortinet (FortiGate VM), and Sophos (XG Firewall VM) already offer virtual…

Welcome!

It looks like you're new here. Sign in or register to get started.