Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

Multi Subnet and VPN
a customer of mine has a new USG50. connected via VPN IP SEC to headquarters. It has two subnets 192.1.40.0/24 192.168.36.0/24 I can't set that all traffic from the 192.168.36.0/24 subnet must not pass through the vpn I'm a novice technician thank you all for the support
Port clone
Good morning ATP800 How do I set one port to be a clone of another? I'm a novice technician thank you all for the support
Service License refresh sometimes use AUTO DNS
VPN300 V5.37(ABFC.0) In DNS forwarder I have * 192.168.53.12 VLAN53 * 192.168.53.4 VLAN53 And AUTO default that I don't want to use and have blocked then upstream with a switch When you do a Service License refresh it will sometime use AUTO and will fail refresh it again then it works This problem could be solved by this…
Follow up on zyxel vpn tutorial - and soft ether vpn server
Hello guys, To sum things up quick, i followed these tutorials: https://support.zyxel.eu/hc/en-us/articles/360001390914 https://support.zyxel.eu/hc/en-us/articles/360000706899 And i get stuck with windows 10 stating that the remote server doesn't respond. On the zywall log all i see is "Security Policy ControlMatch default…
Zyxel Usg 1000 - Trunk / VPN
We have a Zyxel usg 1000. I understand it's old, but it works. We have recently purchased some Flex 200 devices, but not implemented yet. My question: We have two internet providers, Comcast and ATT Fiber. Currently we have a single ipsec vpn configured between the remote office and the primary office…using the Comcast Wan…
ZYXEL USG FLEX 200 - ENABLE PING BETWEEN LAN 1 AND LAN 2
Hello, I have a ZYXEL USG FLEX 200 with two LAN : LAN1 : 172.17.30.0 /24 LAN2 : 172.18.30.0 /24 I can't ping LAN 2 from LAN 1 and LAN 1 from LAN 2, I tried to add Policy Control from LAN 1 to LAN 2 and LAN 2 to LAN 1. I also add a policy route from LAN 1 to LAN 2 with a SNAT on outgoing-interface. I tried to put static…
Gateway confusion between two IPSec Gateways
USG40, Firmware 4.73. One internet connection FTTC, static IP address 9 IPSec gateways configured, 2 IKEv2. 7 IKEv1. Gateway 8 is the one used for IPSec client with license; aggressive negotiation, lifetime SA 86400. Gateway 9 is configured as "site to site with dynamic peer"; aggressive negotiation SA lifetime 3600 sec;…
Configuration converter seems not working
I am not able to have a converted configuration....Steps to reproduce: * download a startup-configuration from a 3.30 P3 USG20 * rename as DATE_USG20_330_site_startup-config.conf * opened Configuration Converter in In Private Microsoft Edge 105 * selected "Zywall USG20 3.30" and "USG20-VPN 4.20" * load the configuration *…
Apple Updates and Backups not working Zyxel 5510-BO firm v517abqx7c1
Hello, several of our managed wifi customers with 5510 routers are not able to do software updates or backups on apple devices through wifi on Zyxel 5510-BO routers. Any ideas?
Firmware V5.36(ABWD.0) issues
Hi team, we're facing stability issues once upgraded to new firmware V5.36(ABWD.0) on a couple of USG FLEX 700. The firewalls suddenly became unresponsive, no response from https gui and ssh, switching off the power is the only remaining option. Both firewalls have been upgraded from few hours and this issue happened for…
L2TP connections do not show up on L2TP page [FLEX200]
When I add my own gateway + connection (IKEv1 with PSK) it will not show up on the L2TP page under "VPN Connection:". When I run the wizard, the created connection is there. When I create a new connection (exact copy of the wizard one), it will still not show up in the menu. I am also experiencing some weird symptoms when…
Activate secure reporter
I am activating secure reporter and I don't know which option I should select. Based on your experiences, which do you think might be the best? regards, sammy
Usg Flex 100: sometimes Nat rules stop working
Hi I have an usg Flex 100 with latest firmware After some year of perfect working from 1 month, sometimes, Nat rules stop working and the workstation software cant receive traffic from external call (external devices call the local software for record some status information) Solution: uncheck Nat rules Wait some minutes…
Web GUI access through VPN IPSec
Hello, I'm accessing my local network through a VPN IPSEC tunnel, i can ping my USG 210 and every device on this network, i can telnet on 80/443 access it through SSH but i cannot access the Web GUI. Above is the curl -L https://IP result Above is the curl http://IP result Can anyone give me some help on this…
VPN gateways change/switch certs and PSK on reboot / upgrade
I already described this here in the 2nd part of the post. Upgraded our FLEX200 to the latest today, after that our main VPN IKEv2 gateway has lost it's certificate (have to reselect in settings) and the site-2-site IKEv2 switched password with another gateway! This happened before on FW upgrade – the config reboots…
Need instructions for generating self signed certificates
I would like to have certificates on my Zyxel devices that cover more than one IP address. So basically openSSL plus "add more SubjectAlt fields". Since I am no expert on SSL / openSSL (but then who really is?), I was wondering if anyone else has done this already and can share their code? All those options and formats…
How do I connect to more remote subnets with SecuExtender IPSec client
Today I am using SecuExtender SSL client for remote access to company network, and it handles more subnets just fine, and meet my needs. However, I would like to switch to SecuExtender IPSec, since it is a more secure solution. I have managed to setup SecuExtender IPSec so I have access to one of my subnets but cannot…
Disconnecting from SSLVPN after 30seconds
Good morning, I get disconnected from my SSL VPN (USG Flex 100) around 20-30 seconds after the connection. Works on other computers. HP brand computer, already checked if network driver installed, C++ 2015-2022 installed. Thanks for your help.
USG310 2 ISP
I am using USG 310 with two ISP one with PPPoE and 2nd one connected by ip(using bridge) how to combine together? Trunk not working. Maybe i am doing something incorrectly. Can you share some tips to make it work properly. WAN 1 WAN 2 Inactivated for now Trunk
Zywall usg 210 unexpected reboot.
Hello everyone, I will go straight to my problem. I have a pair of zywall usg 210 (1 licence), that i used to work on high availability. After a lot of unexpected reboots on high availability in the past 7 months, i made them stand alone (three months ago) and since then, i change from usg-a to usg-b by changing physical…

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

[2024 Sept Notification] SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options
SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options We want to inform you that the SecuExtender SSL VPN macOS and Windows clients have reached their end of life (EOL). Zyxel is no longer selling, maintaining or supporting these products. However, for those who recently purchased a license, we understand…
[2025 May Notification] Blocking AI Risks Before They Spread — App Patrol Now in Action
Recent reports from South Korea allege that DeepSeek has been transmitting user data to servers in China and the U.S., raising further concerns about its security. To help mitigate potential cybersecurity risks posed by generative AI applications like DeepSeek, Nebula’s App Patrol now supports the ability to restrict its…
[2025 May Spotlight] Smarter and Faster: Discover What’s New with SecuPilot!
If you’ve been using Zyxel SecuReporter, you probably already know SecuPilot — our AI-powered helper that enhances SecuReporter to make network security management smarter and easier for SMBs and managed service providers (MSPs). 👉 Just to quickly recap: SecuPilot lets you ask security questions in plain language,…

View All