Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

USG40w config conversion to USG100felx
Hi alltogether, I'm going to migrate from usg40w to usg100flex and am about to use the config conversion tool on the website. But I haven't yet beacause I'm a bit concerned to upload all my VPN an very security sensitive data up to ab website to let the conversion happen. What do you guys think about my concerns? BR zyx…
CDR Testing
Hello, my first post in this section… We want to setup CDR for customers, but first want to get familiar with it, and find out how we configure it, it does what we want. Is there a method to test it? Like download some (innocent) files but files what triggers CDR? I know Microsoft has some test files, but do they trigger…
I have a question about an IPSEC with VTI.
I have a question about an IPSEC with VTI. I have two routers (USG FLEX 700H AND USG FLEX 500) with dual wan I have made an IPSEC from ROUTER-1 WAN 1 to ROUTER-2 WAN 1 I have made an IPSEC from ROUTER-1 WAN 2 to ROUTER-2 WAN 2 Remote LAN Router 1: 192.168.100.0/24 Remote LAN Router 2: 192.168.1.0/24 Router 1: VTI1(via…
IP range
On the Flex 200 firewall, can I increase the IP range from 254 to 512 leaving the same current network submask, in this case 255.255.255.0? Is there a possibility to increase my IPs without changing the submask?
Device error, Wrong CLI command, device timeout or device logout.
Since this morning I get the above error when I log on to the Zyxel USG Flex 200 via the web interface. And the web display is empty, nothing can be displayed or operated. What can I do to resolve this error?
SecuExtender connecting to site which connects site to site
Trying to configure Remote vpn to site which connects to site to site so both sites can be reached by remote vpn. Configured a site to site VPN, then configured remote to site. created policy route to send traffic from remote vpn to other site connected to connecting site but traffice isn't going through. Contacted support…
Wireless Controller Issues on Recovery Firmware?
Hi, I have an ATP800 which had to go to the recovery firmware. It was being used as the controller for a WAX620D-6E prior to the recovery, but it no longer shows up in the management AP list afterwards. I've tried the standard steps of rebooting both devices, as well as resetting the AP. The ATP800 can ping the AP without…
How to add static routes to macOS IKEv2 VPN
Hello, Our users are accessing internal's network via a client-to-site IKEv2 VPN (using native clients both on macOS and Windows). On windows, we can configure a temporary route in the installation script that will redirect all "work-related" LAN to the IPSec tunnel. Unfortunately, we haven't find a way to do that on…
Replace ATP200 with other ATP200
HI, I need to replace an ATP200 with another ATP200. How to keep the same configuration? Is it possible to download startup.config.conf and load it onto the new one without reprogramming all the functions? THX Carlo
USG FLEX 500 and Two SUBNET Interface
I have a zyxel USG FLEX 500 firewall with lan1 interface (192.168.0.230 - DHCP managed by Active Directory) lan2 interface (192.168.33.230 - DHCP Disabled). Any machine I set in the second subnet can only communicate with the firewall and has no internet. What configuration did I forget?
ATP 700 showing wrong CLI command when trying to login
Has anyone had an issue with an ATP700 not logging in it just times out and then shows an error of wrong CLI command, device timeout or device logout. Its on the latest firmware since November is in standalone mode and disconnected from SecuReporter but is passing traffic fine. No ports open on the WAN appart from ICMP.…
PMS hôtel intégration with UAG5100 for Billings
Sir, good evening, please, how to interconnect our zyxel UAG5100 router with our hotel management PMS? After installing our PMS, we will need your API for interfacing. Could you please send us it for download? thank you in advance
Client VPN access to site A and B
Hi I am trying to create a senario link the one in the picture. Now: VPN Client can connect to Site A and access local resources. Site to Site VPN between Site A and Site B is working. I want users on VPN Client to be able to acces both Site A and Site B, througth the Site to Site VPN. How to do that?
IPSEC Secuextender IkeV2 not working in MacOS
Hi, all. I hope my question wasn't already answered: I took a look around but didn't find it. If so, please excuse me. Back to the topic, as per subject, we're trying to connect to a IPSEC VPN via MacOS. We used the way by getting configuration from server, giving IP and credentials. Configuration went well and we got the…
ATP500 and rekey time in phase1 for ipsec VPN tunnels
Hi I have a IPSEC tunnel, the other side is a Sophos device. We have intermittent disconnections and the Sophos guy says that it's due a bad rekey time. The remote log shows: "Received IKE message with invalid SPI" They have the tunnel configured in Phase1 for SA LifeTime of 10800s with a re-key margin of 360s, but I can't…
USG LITE 60AX and IPv6 support
I have an AVM FRITZ!Box 6890 LTE that worked marvellous with both IPv4 + IPv6 on a German Telekom VDSL incl. port forwarding and am quite shocked that our new USG LITE 60AX does not seem to support IPv6 to the internet or even DNS forwarding. nslookup anysite.xy is not answered but ping is working, however only with IPv4.…
usg60w wifi and lan1 > a customer wiped one of their remote office routers
After a cable outage, the customer not only power cycled everything but used a point to hard reset the router. They use wifi to update handheld tablets for delivery drivers. I used the wizard to set up the wifi but it shows on the home/monitor screen as being on lan1 but in expert mode it shows outgoing interface lan2. Can…
Firewall reboot randomly
I have an ATP700, ATP500, and USG 210 firewall, and they randomly reboot on their own. I already have the last firmware, what can I do?
antispam works just with pop and stmtp ?
Hello Support, I'm trying to test spam email but It doesn't work. I think it works just with pop and smtp. I can't use it because I use stmp with ssl and pop as well. I'm wrong ? Please let me know. thank you roberto
Link Zywall IPSEC Client with AD Server
Hello, Is it possible to link an AD server to the Zywall IPSEC VPN client for remote connection. At a client, I had an AD server linked to SSL and everything worked. The connection no longer works since he switched to the IPSEC client Thank you for helping me Cdt Alex

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

[2025 Jan Tips & Tricks] Take Control of Your Security: Enable 2FA on Your Zyxel Firewalls
We’ve said it countless times, but it’s worth repeating: Enable two-factor authentication (2FA) for administrative logins! This critical recommendation arises from the latest vulnerability disclosures, underscoring the importance of proactive measures. Let’s break it down to safeguard what matters most. CVE-2024-11667: Key…
[2024 Sept Notification] SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options
SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options We want to inform you that the SecuExtender SSL VPN macOS and Windows clients have reached their end of life (EOL). Zyxel is no longer selling, maintaining or supporting these products. However, for those who recently purchased a license, we understand…
[2025 Feb Tips & Tricks] Seamless Synchronization for Effortless Management
Simplify your network management with the new USG FLEX H series feature! At Zyxel, we are dedicated to enhancing your network's security and management efficiency. With the latest uOS1.31 firmware for the USG FLEX H series, we've streamlined your user experience across both the local GUI and Nebula cloud management. What's…

View All