Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

problem with losing packets
Hello. I have a problem with losing packets to an email server (isp) but randomly, and we cannot send / receive emails and access the website. Is there a possibility that the zyxel 110 equipment will have these problems? The interruption can last up to 15 minutes, but at the same time I can access the webpage from my…
Zywall USG FLEX 500 can't send daily report, not saving configurations correctly in GUI and CLI.
It seems that Zywall USNG FLEX 500 does not correctly save notification configurations in the GUI and the CLI does not have configuration commands for do that. If I configure the daily report in the GUI and configure notifications (on FW 5.36 U2 and 5.37) by checking the SMTP Authentication option in the CLI on the status…
IPS - File identification and false positives
Hi, we move medical files (e.g.: dcm files - CT slices) between VLANs. In many cases, the operation is interrupted and the USG500 log shows that the IPS module has detected the following threats: Microsoft Office BMP Header biClrUsed Integer Overflow HP Data Protector CRS Multiple Stack Buffer-Overflows The log does not…
USG FLEX 50W 2FA If WAN Down
Hello ZyXEL Community, I am planning on implementing 2FA as mandatory on all our future base configurations, but my concern is what occurs when the WAN is dead? If, for some reason, the WAN connection dies and the customer has to change to another one in an emergency - particularly with a static IP - how does 2FA work on…
usg-20
hello, is it reasonable to keep a usg-20 router in an installation thanks
Disable UTM for specific device
Hello. Our usg60 is connected to the internet via 1GBit/s FTTH symmetric. We have 1 public IP. The device runs as max security with UTM enabled. It works fine. Max speed behind the firewall is around 90MBit/s. Now there will be one new device behind the firewall which needs maximum speed, not maximum security. How could we…
How to Configure a Local Guest User for Monitoring Firewall Settings on an ATP100?
Hello Zyxel Community, I am currently using an ATP100 firewall and I would like to configure a local guest user account that has read-only access to the firewall settings. The purpose is to allow this guest user to monitor the firewall settings without making any changes. Could anyone guide me through the steps to achieve…
IPSec VTI VPN access device in overlapping subnet
Hi all, i've two USG FLEX 200 connected with Point-to-Point WiFi and IPSec VPN with VTI as backup. This setup works fine, both subnets 10.50.0.0/16 and 10.60.0.0/16 can reach each other. Now I want to access 10.70.70.20/32 from 10.50.0.0/16 and 10.70.70.10/32 from 10.60.0.0/16 over the IPSev VPN (when the PtP WiFi…
alert
hello, i have a lot of alert in the page log : what to do ? thanks
Whole device trottle when passing traffic trough VPN
Hi all, I'm encountering a peculiar issue with one of my devices and am having difficulty pinpointing the cause. I was hoping someone here might have some insights. I am using a Zyxel USG FLEX 200 for a small office we have in London. It's set up with PPPoE using BT credentials, as the USG functions as both our router and…
Default AP Group profile inaccessible on USG Flex 700 using a converted configuration
Hi team, I've converted a startup configuration from USG310 to USG Flex 700 using your online converter. After that, I found out that editing the default AP Group profile leads to a neverending “loading” page, the same behavour happens on editing every previous profile that have been converted. I've then recreated AP Group…
What to do if 2FA appears to be broken?
Hi, No idea why, but appears that the 2FA at the device login is broken or does not appear anymore after username/password page. It just goes straight to the Dashboard. Has it been compromised or Is this a bug? My device is an ATP500 with firmware V5.37(ABFU.0) Should I reset the device back to hard rest/default again? As…
Port forwarding USGFLEX200 issue
Hi all, I am trying to redirect port 7980 to a lan IP of 192.168.1.30 Everything works well on the LAN and the device is responsive on port 80. However, when I try to access the device from the WAN it looks like the port forwarding is not working correctly. the broadband in WAN_1 is a dsl line and there aren’t any filter…
CLI command not found on ZyWall
Hi! Some Command`s from the CLI Reference Guide Zywall Series version 4.10–5.37 Ed. 1, 7/2023 not working on real VPN100 with firmware 5.37. I`am about "29.3 Output Control Commands" such as: show firewall-output firewall-output activate and so on. In case typing of this command device not recognize it.…
WAN Failover Won't Automatically Restore Back to WAN1 on Zyxel ZyWall USG110
My setup: WAN1: Cable internet WAN2: LTE router Other ports: LAN1 Configuration -> Network -> Interface -> Trunk: Disconnect Connections Before Falling Back: Enabled User configured trunk: Wan-Fallover (Spillover, wan1=active, wan2=passive) Configuration -> Network -> Interface -> Ethernet: Enable Connectivity Check:…
Several VPN gateways USG FLEX 500
A quick question about the USG FLEX 500. Is it possible to set up several VPN gateways in parallel? I want to implement the following scenario: VPN GW1 is set up and running. Users can access the internal LAN via L2TP/IPSEC from their devices. VPN GW2 is new and should now connect our new office directly to the…
Device Insight.
Very nice. But at times can be a problem. Device Insight at times have identified the device correctly, then later on identifies the device as something different. I try my best to submit the device feedback, and thanks me for submitting, but it still doesn’t recognize the device correctly. Not sure what’s going on with…
VPN Cli Command
Hi all, my question is: is there a cli command to reconnect a dropped vpn (ipsec site-to-site)? my issue: atp 100 is in a customer HQ; usg 60 is in branch office. Since a brand new ftth line has been installed in branch, vpn drops often and even if "nailed up" option in enabled, sometimes vpn fails reconnect and a manual…
Troubles with DNAT
I setup 2 Phase 2 VPN NATTED with the same GW (Phase1) in IKEv2. The Topology is this: LOCAL LAN1 192.168.7.0/24 → NATTED ON 10.64.33.0/24 - REMOTE SUBNET 172.28.0.0/16 LOCAL LAN2 172.16.69.0/24 → NATTED ON 10.64.34.0/24 - REMOTE SUBNET 172.28.0.0/16 The 2 phases 2 go Online but only 1 DNAT works, the second one nope……
Sometime CPU & Flash uses 95%

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

[2025 Feb Notification] uOS1.31 Update: What's New for USG FLEX H Series
The latest USG FLEX H firewall series is powered by the new uOS, which is designed to minimize system response time and improve overall system efficiency, including the following features: New USG FLEX 50H and USG FLEX 50HP Launch Introducing the USG FLEX 50H and USG FLEX 50HP, ideal for small offices and branch locations…
[2024 Sept Notification] SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options
SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options We want to inform you that the SecuExtender SSL VPN macOS and Windows clients have reached their end of life (EOL). Zyxel is no longer selling, maintaining or supporting these products. However, for those who recently purchased a license, we understand…
[2025 Jan Tips & Tricks] Take Control of Your Security: Enable 2FA on Your Zyxel Firewalls
We’ve said it countless times, but it’s worth repeating: Enable two-factor authentication (2FA) for administrative logins! This critical recommendation arises from the latest vulnerability disclosures, underscoring the importance of proactive measures. Let’s break it down to safeguard what matters most. CVE-2024-11667: Key…

View All