Security Ideas - Zyxel Community

Seriously, your ideas could be new feature for Security!
Hello Security Forum Members, Do you have moments that if your own thoughts or ideas can make better experience when using Zyxel security products? <3 We can make your wish come true! <3 Simply start a new post here describing your fabulous ideas for features or services you wish to have! Once your ideas get lots of vote ,…
ZySH scripts in FlexH
In the original version of Flex there was a Maintenance-Shell Script function from the beginning, this was very important for transferring parts of configurations between different boxes. In the new Flex H uOS 1.31 series this is no longer there, and it is reportedly not planned for version 1.32 (04/2025). Is there any…
Automatic Firewall config save to Nebula
Nowadays if I change something, I manually save roms of my clients(41 FLEX 200 models, 34 FLEX 100, 10 FLEX 50). I can choose to regurly send roms to an emailadress, but that will be a mess. Why no automatic save to Nebula of it's connected with Nebula? Even better would be that it automatically downloads the rom if…
2FA authentication by EMail
2FA authentication by EMail on FLEX H models allow 2FA authentication from other IP then the connecting VPN IP is from allow 2FA authentication by WAN
USG FLEX H series - support user type 'ext-group-user'
User @p4_greg hopes the USG FLEX H series supports the user type 'ext-group-user', like the ZLD firewall. This use case is normally used to limit the VPN users to a specific Active Directory group. If anyone likes this idea, please leave your comment and give it a vote. Original post
GitHub - Repository
Dear Team, I would like to propose the creation of an official GitHub repository for Zyxel, where scripts and solutions for specific use cases can be shared. Currently, there is a lack of repositories containing ready-made templates and scripts, similar to what competitors like Fortigate offer. The repository could…
In WRR Trunk Load Balancing, add "Bind all sessions from one IP" option on H series Zywall
WRR distributes sessions among available WAN interfaces/lines. However, this may have an adverse effect if multiple sessions from the SAME client are spread among WAN interfaces, effectively showing different IP addresses from the different interfaces. Some sites/apps/services require more than one session to be open, and…
SecuExtender VPN CLIENT for ARM processor
I propose a version of the IPSEC client for ARM CPUs.
Console port compatibility with SH-RJ45A from DSD Tech
Hi to all the Zyxel folks reading this message, serial connection has been part of Zyxel devices I see for a long time… Zywall 2 Plus and Zywall 5 had a serial connection availabe, some with RS232 port some with an RJ45 port. Today, RJ45 console port is still on latest USG Flex lineup, and I think it's not going away soon.…
Please fix the settings below, they do not work as intended
Password renewal option every __ days, opting out this option does not work. Even if renew password is NOT enabled, the device still requires a new password for ALL users every 60 days- see pictures attached. Either you take out the click option because it does not work anyway, or you make it work 😊 This other option does…
DHCP and Secondary IP
It CAN be possible older models do it! when you do a routing rule incoming LAN next hop WAN 2 SNAT outgoing-interface which will be the the DHCP IP Or in my setup also incoming WAN to Secondary IP 192.168.254.1 Source Address 192.168.252.0/23 next hop WAN 2 SNAT outgoing-interface which will be the the DHCP IP with Static…
2FA Login mask, 2 suggestions for log viewing
2FA Login Mask Browser login: entering username and password accepts ENTER and mouse click to continue. If 2FA is enabled, the next window with the 2FA code input does not accept enter but only mouse click to send/enter. One needs to grab again the mouse to hover over the button of send, this is annoying when there are…
Notification change: Abnormal tcp traffic detected, source port is zero, DROP
Is it possible to request a change to the log level for events such as: "Invalid TCP traffic detected, source port is zero, DROP" Lately I've been receiving notifications every 20 seconds and I can't hide them when viewing the logs. Support says there is currently no way to disable logging of these events. This is standard…
USG FLEX H series SSL VPN support push DNS domain suffix to SSL VPN client
User @Alex_91 requires USG FLEX H series SSL VPN support to push the DNS domain suffix to the SSL VPN client. If anyone likes this idea, please leave your comment and give it a vote! Original post
USG FLEX H SNAT to a pool of Internet addresses with two or more providers
Situation that providers provide subnets when connecting and there are several providers where traffic is balanced (backed up) is typical. In most (in all of my cases) large companies this scenario is used. Otherwise, if 500 clients come from one IP, there will be a guaranteed captcha and a ban in many services like…
SecuReporter dashboard display adjustment
User @GiuseppeR hopes SecuRepoter dashboard can display "traffic usage," "simple threats graph view," and "threat history". If anyone likes this idea, please leave your comment and give it a vote. Original post
VPN NAT Traversal when both USG are behind CGNAT with unpredictable source port
I'm not sure this will happen due to how it can only be done where by both ends are behind CGNAT with no incoming allowed and unpredictable source port mapping but here is one hell of a way to do it! Not 100% sure it would work. Here how port 500 Traversal would go then the same for 4500
USG FLEX H series support NetBIOS broadcast over SSL VPN tunnel function
User @Asgatlat hopes the USG FLEX H series can support NetBIOS broadcast over SSL VPN tunnel function as Zywall/USG FLEX/ATP series. Anyon likes this idea, please leave your comment and give it a vote. Original link
Flex H Series - 2FA Page with FQDN
Hello together We would like to have a possibility to assign an FQDN to the 2-FA page. However, this would require the internal DNS to be accessible before verifying with the 2-FA. The reason for our request is that we would like to store a certificate on the firewall so that the browser no longer displays the message that…
[USG FLEX H] Add counter on object page
User @PeterUK hopes to add a counter in FLEX H on the object page. Anyone likes this idea, please leave your comment below and give it a vote! Original post
[USG FLEX H] Retain Imported Certificates After Reset
@PeterUK proposes that imported certificates on USG FLEX H devices be retained even after a factory reset. This proposal follows an observation that, after resetting the USG FLEX 200H to default settings, all imported certificates are erased upon reboot. In contrast, ZLD devices retain certificates even after a reset,…

Welcome!

It looks like you're new here. Sign in or register to get started.