-
💬 Your Firewall Story Could Earn You $35 Across Two Platforms!
This discussion has been moved.
-
Secure Start with Zyxel x Tailscale 🎁 Get 6 Months of Tailscale VPN Free, Before Oct.!
This discussion has been moved.
-
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
General rule possible to allow IPSec VPN traffic only, from everywhere? I am also using GeoIP
Hello, I have the newest firmware installed on a USG20W-VPN and regularly update the GeoIP database on the firewall. I use only IPSec VPNs, with SecuExtender client from MacOS and Win11, native IPSec VPN from iPhone, and Strongswan IPSec VPN from Android. All works- so far so good. It is no rocket science for IPSec VPN: it…
-
ETA for next ZLD 5.X firmware
If any… for the known and sharable information at this date.
-
ZyXel USG20-W - internet failing and VPN issue.
Hello, I am running quite old ZyXel USG20-W with latest firmware (upgraded today) and I started experiencing some issues couple days ago. We had internet connection outages while downloading big updates and so on. So we changed internet provider and swaped from 40Mb internet to 100Mb internet connection. We are now able to…
-
Zyxel Firewall Security Service Incident 2025-10-20 06:49 ~ 10:47 (UTC+0)
Dear Zyxel firewall users, The Zyxel firewall security services had some issues due to an incident from AWS. Issue Started from: 2025-10-20 06:49 (UTC+0) Resolved: 2025-10-20 10:47 (UTC+0) Issue Symptom & Risk: These functions are effected: Firmware upgrade Signature upgrade Cloud query Sandbox Threat Intelligence service…
-
IPv6 configuration with RDNSS (RFC 6106)
Hello, We are MSP which deployed IPv6 internally on one of client's existing Zyxel firewall. The device in question is an USG Flex 200 running firmware 5.40 (latest). Coming from Fortinet / FortiOS we find the IPv6 configuration on Zyxel convoluted as there is no official knowledge base (aside from random official blog…
-
Vlan1 On Primary LAN Interface
Hello, I have a HUGE security concern about this topic and I am running a Flex USG500H and I spoke to tech support and discovered that I am not able to change the primary LAN interface (192.168.1.1) to any other vlan other then the default vlan1 and that is designed that way. In my opinion that is a security "No No". This…
-
Problem l2tp connect
Good evening, We have a Zyxel VPN 100 and the L2TP protocol enabled, which several users with Macs with their configurations use. Everything worked for a week now, but it no longer works without any changes. Can you tell us what the problem is based on the logs I've attached and how to fix it? warn sessions-limit ACCESS…
-
BWM problem with wildcard FQDN to Guaranteed Bandwidth
USG FLEX 200 V5.40(ABUI.0) SFP WAN LAN 192.168.255.237 255.255.255.192 interface Egress limit 81920Kbps BWM rule 1 incoming LAN1 outgoing SFP destination *googlevideo.com Guaranteed Bandwidth Inbound 71680Kbps Outbound 3200Kbps maximize bandwidth checked Priority 7 note setting the Priority higher does not help…
-
Forticlient VPN thru USGFLEX50
Hi everyone. I need to let my notebook connect to an external VPN on a fortigate via IPsec (FortiClient IPsec). Everything works fine except for being at office where my USGFLEX50 seems not to let me connect to the external fortigate. Obviously my notebook has no filters outgoing and I can see IKE packet ougoing correctly…
-
NAT rule "allow remote IP" on USG LITE 60AX no subnets?
First go around with the USG LITE 60AX. NAT rules "allow remote IP" doesn't seem to support a subnet, only a single IP (unless I'm doing something wrong). Is the only option to leave it at Any, the create firewall rules to limit allowed inbound subnets? Do NAT rules in this case also implicitly create the matching firewall…
-
USG Flex 200 Connectivity Check
Any documentation on running connectivity check from the command line of the device?
-
USG Flex 100H and GS1920-24HPv2 VLAN and LAG Internet speed issue
Hi, USG fw: V1.35(ABXF.2) Switch fw: V5.00(ABMI.1) I've configured everything needed: separate zones (not using existing LAN zone), VLANs, policies, configured LAG (LACP) on 3 ports and connected to switch. Everything seems to be fine, however, after that I decided to test Internet speed using services like speedtest.net…
-
SSO agent still using dangerous NTLM
Microsoft deprecated NTLM a long time ago, SSO agent still do not support kerberos. This is a security issue, any plan to address it? Ticket 481177, 456941 and 417559. Regards.
-
Zyxel, I paid SSL Vpn service, give it me back!
Bought a couple of Usg Flex 500 on July 2024, I need SSL Vpn and Flex 500 support 150 SSL Vpn connections. Two months later Zyxel announced that SSL Vpn are discountinued with no advance notice, now I have dozens of users using unsupported SSL Vpn. IPSEC Vpn are not an option for us, I bought and paid Flex 500 because it…
-
A valid website is being incorrectly identified as a phishing site by Threat Filter
A business website (a bank) is being identified as a threat by the threat filter. I have verified with the bank that the IP address is correct and valid. I have entered the web address in the allow list. Is there a process for submitting website to get the items removed that are incorrectly in the Zyxel database of threat…
-
Site to Site VPN with Dynamic DNS
hi, I have been able to set up site-to-siten VPN with dynamic DNS to the point it almost works. My problem is that for the other site I am not able to set the public address as WAN address. The operator makes a NAT that I can't do anything about. Is there any way to tell the VPN to use Dynamic DNS for the local IP address…
-
How to configure parental control, with allowing youtube
-
Port 5060 is blocked?
Hi I set a rule in my ATP200 to allow VoIP Traffic from WAN to the IP Pbx. When I look into the Logfile I see → Wan IP Phone to WAN IP Router : 5060 ACCESS BLOCK. I dont know why? I the rule say I allow the traffic?! Thanks
-
USG Flex 200 and SSH commands
Is it possible to send commands to the USG 200 via ssh? The use case is to activate and deactivate easily Security Policy and time schedules. I have tried it with putty and plink.exe, but it didn't work: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (Using username…
-
DC over site-to-site IPSEC
Hello, For a small remote office, we mounted an IPSEC VPN with the main office (USG Flex at both side) We can join the domain, logon… etc But for PC with W11Pro 24H2 we got problems: after logon, search bar, flux on widgets menu and other does not run normaly… it's very very slow (search bar is filled after many minutes…).…
