-
Secure Start with Zyxel x Tailscale 🎁 Get 6 Months of Tailscale VPN Free, Before Oct.!
This discussion has been moved.
-
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
Incorrect RADIUS client behavior on USG devices
We’ve been running several USG devices (110 and 210) without issues for years but recently discovered few issues that seem are persisting on newest FLEX H devices as well. RADIUS Framed-MTU Issue The Zyxel RADIUS client (AAA Server) hardcodes Framed-MTU=1400, which is incorrect and not configurable (Microsoft…
-
IKEv2 causes USG to crash
We’ve been running several USG devices (110 and 210) without issues for years. However, our USG110 recently started hanging every three days. By "hang," I mean it completely stops responding and becomes inaccessible by any means. To rule out hardware or configuration issues, we replaced it with a brand-new USG210 from…
-
Server 2025 Std. as AD autentication server
A Zyxel Flex500 worked as an AD authentication server with a server 2012 std. After updating the server to 2025 it does not work, the error is Wrong Base DN or Bind DN. What could be the problem?
-
VPN client-to-site settings for MacOS 15 (Sequoia)
Hi, I'm currently using these settings for a working VPN connection from Windows native clients: Gateway: - SA Lifetime: 86400 - Negotiation mode: Main - Proposal (enc/auth): 3DES/SHA1 - Key Group: DH2 Connection: - SA Lifetime: 3600 - Active Protocol: ESP - Encapsulation: Transport (L2TP/IPSec) or Tunnel (IKEv2) -…
-
USG FLEX 500H SSL VPN How How to set up two user groups for split and full tunnel?
Hy, we need to create two user groups for SSL VPN (OpenVPN Client), one using split tunnel and one using full tunnel, but the GUI doesn't seem to allow it. On the old USG firewall we could do it instead. Do you have some tips? Thank you.
-
Zyxel firewall categorizing Let's Encrypt CRL as malware
I work at Let's Encrypt, a widely used Certificate Authority - including by some Zyxel websites like support.zyxel.eu. We've received reports that our CRL (Certificate Revocation List) URL r10.c.lencr.org arise being categorized as malware by Zyxel firewalls. I am not familiar with Zyxel products, but I do see it shows as…
-
Request help to convert configuration file
Hello, I'd like to request help to convert USG Flex 200 to USG Flex 200H configuration file. When I try it on the convert.cloud.zyxel.com website, I get the error conversion failed and to contact support for assistance. Thank you.
-
ZLD 5.x firmware development status
According to this page https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version latest pubblication of Lab Firmware for ZLD 5.x is dated november 2024, 1 month after 5.39P1, roughly 20 weeks ago. Is there a new way for access Lab Firmwares? Is Lab Firmware release suspended? Is…
-
my flex 200 doesn't recognize my usb storage
i reformatted the usb stick to fat32, and restarted the router. any suggestions i think this post is in the wrong place, but i can't move it.
-
SSL VPN SecuExtender Retirement / Licenses for IPSec SecuExtender needed?
Since the SSL VPN SecuExtender Client will be retired soon (or is already retired?), we have to seach for an alternative. The Windows build-in IKEv2 Client works so far with our USG 700 Flex and could be used, but is not so comfortable for us due to different reasons. Does Zyxel offers limited IPSec SecuExtender licences…
-
Zyxel USG 100
Hello, How to solve issue Cli Number :0 Error number: -2 Error Message: Not connected to ZySH Daemon Best regards
-
USG 210 - weird behaviour during WAN failover
Hi community, this is my first post here. I'm playing with a Zyxel USG 210, I'm trying to configure properly the WAN failover feature. We have 2 WAN connection, WAN1 is pure ethernet with static IP, WAN2 is a PPPoE connection over VLAN 100, which parent's interface is WAN2. Connectivity check is also enabled on both WAN1…
-
USG20-VPN -> Security policy -> Default rule
Hi there, We own a USG20-VPN running as our gateway-firewall with the wan-nic connected to the Internet. Checking the configuration we've found something i (hope) don't understand. What looks to me like the default (catch-all) rule is set to "Allow"…(see image) but i was expecting to find it set to "Deny" ! There is…
-
Routing between Lan1 and Lan2
Hi I have a USG200, appreciate it's an old unsupported product, but it's at hand so hopefully I can use it to do what I need. Have 2 networks, Lan1 172.16.20.0/24 and Lan2 192.168.50.0/24, set ports 4 and 5 to LAN1 and ports 6 and 7 to LAN2. Lan2 comes from a broadband router it's gateway is 192.168.50.1. Lan1 is a…
-
USG Flex H series "no sooner than" roadmap for missing functions/features
Is their a roadmap for when the missing functions/features in release notes 1.10 might be finished ("no sooner than")? Of course there may be other items such as a config file converter, or a means to convert USG Flex licenses to series H. 50 functions/features or so no doubt means a small number of them will not perform…
-
Legacy firmware for Zywall USG 200
Hi, I'm trying to upgrade the firmware from version 2.20(AQU.1) to the latest 3.30(AQU.7) I tried to upgrade directly to the latest version but I get the error that says the firmware is not compatible, I was looking for the intermediate versions but are not available anymore from the site ftp.zyxel.com. there is a way…
-
Windows server AD trough IPSec VPN
Hello, We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side. In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on? Many thank's L.
-
ATP200, SFP to Lan Port?
Hi My Home Server is hooked directly to the SFP Port on my ATP. The ATP is the DHCP Server for a bunch of Virtual Machines. Now I have to move them somehow to an Server who is connect lets say Lan Port 1 (= P4). For that reason I set up LAN2 and under "DHCP Setting" I choose DHCP Relay and in "Relay Server 1" I put in the…
-
Weird Problem with WAN?!
Well I dont know how but since my ISP Upgradet my Internet to an higher speed everything is weird… No HW changed. I also use the Zyxel Modem from my ISP. The "Dial In" does my ATP. When I go to Ethernet i see this: The show me an 100.X.X.X IP Adress as WAN IP. When I go to PPP I see this: Here I see my fix Wan IP Adress…
-
ZYWAL ATP700 so that it sees MikroTik's subnet
Hello, I wanted the ATP700 to see the MikroTik subnet and to show up in the logs. Well, I can't set up static routing either, I've tried, but somehow I'm not sure if I'm making a mistake. Help me solve this problem.