-
💬 Your Firewall Story Could Earn You $50 Across Two Platforms!
This discussion has been moved.
-
Secure Start with Zyxel x Tailscale 🎁 Get 6 Months of Tailscale VPN Free, Before Oct.!
This discussion has been moved.
-
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
Using a USG20W-VPN together with a NWA50BE Pro so that end devices seamlessly roam same WiFi
Hello, I have an USG20W-VPN, and its WiFi6 is not enough to cover all the intended areas. Now, I evaluate an additional Access Point with WiFi7 and WPA3 to extend the wireless access where is needed, namely an NWA50BE Pro. Now, I haven't received yet the new AP, but I assume that it will cover the existing area better, so…
-
Windows server AD trough IPSec VPN
Hello, We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side. In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on? Many thank's L.
-
Flex 200 to 100H Migration
Hello! Attempting to migrate from a Flex200 to a Flex 100H, I've encountered a few problems. No template migration. This is a big one, there is not any ability to define multiple peer gateway addresses in an IPSEC tunnel. I needed this feature in the Flex 200, and it was there. I wanted to use Nebula with the 200, but I…
-
USG LITE 60AX and IPv6 support
I have an AVM FRITZ!Box 6890 LTE that worked marvellous with both IPv4 + IPv6 on a German Telekom VDSL incl. port forwarding and am quite shocked that our new USG LITE 60AX does not seem to support IPv6 to the internet or even DNS forwarding. nslookup anysite.xy is not answered but ping is working, however only with IPv4.…
-
Why is the logfile full of source IPs which are mapped to the wrong countries?
I have an USG firewall, the logfile is full of source IPs which show the wrong country of domain registration / origin. When I look these IPs up with different tools, they may show different partially incomplete or even wrong answers, that is true as well. But using specific tools, the answer is correct. I refer to IP…
-
Problems with "non-default WAN IP address" and domain name in VPN gateway setting.
Hi all, I have a Zyxel USG FLEX 500. I have public IP addresses in the range 8.14.19.210/255.255.255.240, the default public IP address of the USG is 8.14.19.210. How to properly set up VPN on a "non-default IP address"? What I have described below works for me, but is it correct? If I want to set up VPN so that clients…
-
Does USGFLEX100AX support software VPN clients?
The last step in choosing my equipment upgrade is whether it supports software VPN clients like OpenVPN. This device is already recommended for my VOIP system; but I need to know I can easily connect devices remotely and without additional hardware.
-
Legacy firmware for Zywall USG 200
Hi, I'm trying to upgrade the firmware from version 2.20(AQU.1) to the latest 3.30(AQU.7) I tried to upgrade directly to the latest version but I get the error that says the firmware is not compatible, I was looking for the intermediate versions but are not available anymore from the site ftp.zyxel.com. there is a way…
-
IKEv2 fragmentation support in ATP firewalls
Hi everyone, I have a weird problem setting up an IKEv2 VPN on a ATP firewall using a self signed certificate from the same ATP. Some users from some places can connect to the IKEv2 VPN and some others from other places don't. All client are using the same Windows build. I think the problem have to do with the IKEv2…
-
Issue with File Transfer Speeds using an ATP800
Hello, I have a question about performance with regard to an ATP800. The question is due to only getting file transfers speeds of about 40 MB/s on the network. In looking into this, the weak link appears to be the uplink to the ATP. We have 10G fiber throughout the company connecting all the switches and speeds on the same…
-
Problemas na configuração de HA com firewalls FLEX 500
Implementamos um cenário de Alta Disponibilidade (HA) utilizando dois firewalls Zyxel FLEX 500. Durante os testes de failover, observamos que as configurações se perderam no equipamento passivo. Tentamos realizar o reset do firewall passivo para que ele sincronizasse automaticamente com o primário, porém não tivemos…
-
DNS settings for the second-level domain.
Hello everyone, Can you please help me with DNS settings? We have www pages on the Internet on the domain contoso.com. If I enter www.contoso.com in the browser, the browser is redirected to contoso.com (the page are then, for example, https://contoso.com/about.html). This works for me at home and on my mobile, but it does…
-
change rule via cli
Dear all, my name is Heimo and this is my first question. I am not a Firewall specialist and so i changed a rule (webinterface from LAN) unintentionally from allow to deny and so I am not able to access the web gui. For this gui my knowledge is ok. Does anybody know how to change a secure-policy of a FLEX-100 from deny to…
-
How to implement failover on VPN connection ?
Hello, I want to set up a failover between two VPN connections, so when one of them fails, I switch automatically to the second one. I tested the use of VTI with a dedicated trunk. It worked once, but I saw that I had to create new firewall rules for the subnet that tests the connection between remote VTI interfaces. I…
-
Where to download old Firmware versions? Is there a new FTP site for Firmware download?
I understand that ftp://ftp.zyxel.com site is no longer available. Where can we find firmware versions that are not found at the MyZyxel portal? I need the ZLD4.62 Patch0, for a USG 210 Zywall, but have no idea where to look for. Thanks!
-
USG FLEX 100AX with Windows Server DHCP?
Disregard. Pretty sure I found it. Can the address assignment in the FLEX be reconfigured/disabled? What's the best practice for using this device with an existing DHCP server on the LAN? I've looked through Nebula config and haven't seen anything I recognize as a solution.
-
One 2FA Google Autheticator in USG for both boot images.
Hi all, USG FLEX 500 has two boot images (firmware 1 and 2), each with its own configuration. I use two-factor authentication for admins with the Google Autheticator method. Even if I transfer the configuration from firmware 1 to firmware 2, each uses its own registration in Google Authenticator, so they use different…
-
Usg Lite 60AX failover connection?
Is it possible to use a secondary WAN connection as a failover on a USG Lite 60? If so how should I go about configuring the device to do so.
-
E-mail alert format
Hi, The alert emails from the firewall (USG500 Flex) are unreadable (see below). How can I format the message? I want this vertical format (or any readable solution): No: 1 Date/Time: 2025-02-12 13:43:47 Category: secure-policy Priority: alert Source: 1.xx.xx.xx:27181 Destination: 212.xx.xx.xx:7523 Note: ACCESS BLOCK…
-
ZyWALL USG 20 Firmware
Please help me download the latest firmware for this equipment. I understand that it is outdated, but for my work it has always suited me. Please give me a working download link.
