Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

Policy routing for L2TP VPN
Hello everyone, In our office we have two site-to-site tunnels with external clients. Configured with SNAT and routing rules. We can access it perfectly from our office subnet, but we need to be able to access it from our users' connections through the L2TP VPN. I explain the assembled infrastructure in the diagram. For…
SSL VPN
I configure my Zywall 110 with SSL VPN. But I can't connect with another user.¿How configure my public IP? I connect my ZyWall 110 with LAN, but I can't connect with Internet. I use Secu Extender. I see this video but in my situation, I can't connect.
Net flow support
Some systems such as Auvik support net flow, as do other firewalls such has Fortinet. Could it be something added to USGs?
What's New ZLD5.37 Patch2
Zyxel is committed to continuously updating your devices for important maintenance. This latest release enhances all functions of security appliances including: Feature Enhancements and Consolidated Bug fixes Table: Resolved issues Upgrade your devices to ZLD5.37 Patch2 for enhanced protection against the CVE references…
whitelist IP address for PCI Scan
Not sure if they are asking for a 1:1 nat to the server or something else. Can someone clarigy what needs to happen on a USG firewall to "whitelist": In order to run the scan, we need you to grant access to the IP addresses listed below. If you use security software such as a firewall in your organization, you may need to…
Zyxel SCR 50AXE - limitations and real life use question
Hi All, I'm considering purchasing Zyxel SCR 50AXE to replace my current gateway solution. I'm using Sophos XG firewall, previously used NSG100, then USG Flex 100 till licenses ran out. Could any one advise if there is any limitation to the number of vlans, dhcp scopes / leases or firewall rules? How does it perform in…
SCR 50 AXE how to create secure connection to my synology NAS?
hi, my SCR50 AXE is working as follows: ISP Router → SCR50 AXE→ MY router → SYNOLOGY NAS I can access my synology NAS from the internet through the quick connect of Synology. therefore anyone in theory who knows the URL can get to the nas and try to hack it How can I protect the access from internet? can this be done on…
USG FLEX 200 - Blocked URL Keywords to block download of certain files
I thought I could use Blocked URL Keywords to prevent downloading of specific file types (e.g. .exe, .scr, .bat files). I have a working active Profile for Content Filtering and the Forbidden Web Sites is working for domain names. However, Blocked URL Keywords doesn't seem to do anything. For example, to block .scr files,…
I can't activate HA on ATP500 V5.37(ABFU.2)
Hello, I am trying to activate the HA with 2 ATP500s but when I apply the HA option on the master computer, the ATP500 restarts automatically and does not activate the HA Pro service when I have access again. That could be happening?
USG FLEX 50 (USG20-VPN) 5.37 (ABAQ.2) C0
Hello! I downloaded USG FLEX 50 (USG20-VPN) 5.37 (ABAQ.2) C0, but checksum on the page (https://www.zyxel.com/global/en/support/download?model=usg20-vpn) did not match the file I received. Checksum MD5 from page: EB9560A4C3B912125979A4A12E3B6076 Checksum MD5 from downloaded file (firmware.zip):…
SCR50 AXE- not taking changes applied in the NCC
Hi , I connected my ISP router to my brand new SCR50 AXE. therefore ISP router → SCR50 AXE→ MY Router everything seems to be working fine i see that my router got the IP address 192.168.168.5 from the SCR50 and i can see that the SCR is seeing my public IP address on the ISP router. the cloud symbol blinks greee!! Its not…
ZyXel USG20w VPN with PfSense
Hi, I updated my pfsense router's firmware and now none of the VPN's to ZyXel USG20w work, looks like PfSense pulled out the older encryption modes like 3DES, MD5, etc.. I changed the encryption to AES128 & SHA256 but can't get the tunnels back up.. Here's a log:
NAT-T with IKEv2 IPSEC
I have a USG60W and trying to configure an IPSEC tunnel that requires NAT Traversal. I do not see this option on the screen to configure IPSEC. This option is available when using IKEv1. Is NAT-T possible to configure when using IKEv2 on a USG60W?
Segregate Traffic on LAN1 and LAN2
I have a USG Flex 200 with the latest firmware. I have two networks, one for home and one for work. Home network is connected to LAN1. Work network is connected to LAN2. Lately, I have been able to see devices from my home network when looking at my work network router. Although I cannot ping anything between the two…
NAT on Zywall USG 110
Hello, is possible on Zywall USG 110 set this? I have more subdomains routed to our public IP (we have 1) but I need from subdomain1.domain.sk 443 and subdomain2.domain.sk 443 set route, on local network, subdomain1:443 to server 1:443 and subdomain2:443 to server2:443 Is this possible to set somehow? (On apache it was…
L2TP VPN Client-to-Site "Wrong Base DN or Bind DN" test error
Hello everyone, I have multiple Zyxel USG Flex 100 in multiple sites and each of those has a L2TP VPN Client-to-Site configuration with AD login. They all work wonderfully, except this last one.. I configured this one as any other one but every time I test it from the AAA Server it gives me the error "Wrong Base DN or Bind…
How do I policy route WAN traffic for a single device through Site to Site IPSec tunnel?
I have an existing USG, site-to-site Ipsec VPN connection set up with a Remote site (subnet 192.168.3.0/24; gateway 192.168.3.1) connected to a Main site (10.2.10.0/24; gateway 10.2.10.1) Remote traffic from the LAN1 out to the WAN ordinarily goes by default through the Remote WAN interface). I have a specific device on…
DHCP exclusions
Is there a simple way to configure DHCP exclusions? We want to use a DHCP range from 192.168.124.0 ~ 192.168.127.253 with the following exceptions: - 192.168.124.0 ~ 192.168.124.99 - 192.168.125.0 ~ 192.168.125.99 - 192.168.126.0 ~ 192.168.126.99 - 192.168.127.0 ~ 192.168.127.99 The goal is that every IP address given by…
Security Policy, NO "ANY" option in drop down list.
Why is there not an 'any' option in the drop down. "any(Excluding Zywall). But I want Zywall protected also? Do I have to create 2 rules "any(Excluding)" and another "Zywall"..
VPN Configuration on Zyxel USG FLEX 700
I am configuring and IPSec VPN on this router and each time, I get this error in the logs. The highlighted line is where I am having the issue. That tunnel is another VPN I have configured on the router that is working for something else. I am not sure why this new VPN is trying to use that tunnel for authentication. It…

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

[2025 April Tips & Tricks] One Platform, Effortless VPN Management
This discussion has been moved.
[2025 April Spotlight] Sync Smarter, Stress Less with USG FLEX H!
Hey Network Managers, Your Chaos-Busting Hero Has Landed! Managing a hybrid network—part cloud, part on-premises—can feel like you’re starring in a disaster movie. One minute you’re tweaking cloud configurations, the next you’re scrambling to update on-premises settings, all while hoping nothing explodes. Sound familiar?…
[2025 APR Notification] uOS1.32 Update: What's New for USG FLEX H Series
The latest USG FLEX H firewall series is powered by the new uOS, which is designed to minimize system response time and improve overall system efficiency, including the following features: Smart Sync, Manage Seamlessly Experience revolutionary sync between the cloud and your devices with our advanced SmartSync technology.…

View All