Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

Pros/cons in blocking GEO locations from inbound - other use of GEO fencing?
What is the advantage to further protect though incoming traffic from GEO locations?Should I also block outbound?
USG40: strange DHCP Behavior
I've setup a USG40 with 3 network segments: Lan1 (192.168.20.0/24), Lan2 (172.31.2.0/23), OPT as WAN with a fixed IP address matching network segment for WAN connection (subnet 192.168.1.0/24). DHCP was enabled on LAN2. Starting address 172.31.2.51, 400 clients available, so addresses should start from 172.31.2.51 to…
USG Flex 700 & GS1920-24HPv2 Throughput Issues
Hello all, I currently have a USG Flex 700 connected to a GS1920-24HPv2 with a 4 Port LAG. I currently have 5 vlans (1, 10,20,40,50) using the lag0 port on the USG and the T1 LAG on the switch. I have normal IP Addressing using 192.168.xx.1/24 on the USG and 192.168.xx.2/24 on the GS1920. My issue is with a loss of…
Should I enable IP/MAC binding on ISP interface?
Should I enable IP/MAC binding on ISP interface?What are the pros/cons?
USG FLEX 100 does not receive DPD_ACK from remote linux client l2tp
Hello, any help solving the below problem is appreciated 1. usg flex 100 <->nat<->internet<->nat<->android 10 client (working) 2. usg flex 100 <->nat<->internet<->nat<->ubuntu 20.04 client (not working) 2.a. symptoms: 2.a.1 R_U_THERE (DPD) from usg flex 100 are received and answers are send (but never received) Oct 10…
USG 1100 - DHCP issue - stops serving IP addresses
I have a USG 1100 running v4.35 which is providing DHCP for the configured lans and vlans. Most of the devices on the lans and vlans are set up with IP/Mac binding so that they are always assigned the same IP address. Periodically (4 times in the last 48 hours) the USG 1100 stops serving IP addresses. When this happens no…
which one to choose?
could you give me a hand for a quote to do for a customer relating to a firewall that performs the following functions: - 2 separate LAN IPs (LAN1 x OFFICE SWITCH 192.x.x.x and LAN2 x GUEST SWITCH 122.x.x.x) - 2 WAN with load balancing or bonding and failover backup operation (WAN1 x FIBRA ESTRA proprietary router not…
How to analyze IPv6 issues on Zywall
My Zywall is behind a cable modem (home network router) provided by the ISP. The cable modem has hardly any configuration options, but supports IPv6.If I connect a device directly to the cable modem, it gets an IPv6 address and "everything" works. The cable modem has the IPv6 prefix 1234:5678:9abc:def00::/56 (IP addresses…
How to debug IPv6 Issues with Zywall 100 (duplicate post)
My Zywall is behind a cable modem (home network router) provided by the ISP. The cable modem has hardly any configuration options, but supports IPv6.If I connect a device directly to the cable modem, it gets an IPv6 address and "everything" works fine. The cable modem has the IPv6 prefix 1234:5678:9abc:def00::/56 (IP…
Can't connect L2TP VPN
Hi everyone, i have a atp 500 firewall. There is an L2TP configuration made by xyxel distributor. Genarally i have no problem but some clients can not connect with l2tp. I 've tried deactive client's firewall, network protection and antivirus program but this is not helped. I can access to my local using l2tp with same…
L2TP VPN saved credentials connects...not saved disconnects
Our L2TP VPN connection connects when the user saves their user credentials through Windows VPN client. If they don't have VPN credentials saved and wait for windows to prompt, by the time the user enters credentials the VPN has disconnected. -----------------------------------------------------------------------…
Can't Access Opposite Web Interface Across Site-to-Site VPN
Hello. We have a Site-to-Site IPSEC VPN set up between two sites. From either site we can access all resources (eg. computers, servers, APs), but we can't access the web interface of the opposite side's ATP via its internal IP. The connection simply times out and we don't see anything listed in the logs. However, we can…
SSL Inspection question (iPhone iOS 16)?
Hi. I've been experimenting with SSL Inspection on my iPhone (iOS 16) and it seems to work most of the time (traffic is being inspected as it should be). But some apps like Apple App Store, banking apps, national ID apps, home security apps and so on always seem to have an "untrusted certificate chain" flag when checking…
Zyxel USGFLEX 200 problem with two PPPOE
Zyxel USGFLEX 200 problem with two PPPOE connections, I have a message like in the attachment. What am I doing wrong that after 1 minute disconnects # 1 or # 2
Problem ssl vpn client
Good morning,on an atp 500, firmware V5.30 (ABFU.0), i configured a ssl vpn connection.On the various PCs I have installed the ZyWALL SecuExtender client.It happens on many stations that at a first connection everything works, in subsequent connections it is not possible to connect in vpn. Uninstalling ZyWALL SecuExtender…
Destination unreachable on DHCP renew bug
VPN300 V5.31(ABFC.0)ITS-22WK31-r104914 Start by a capture of a interface set to DHCP then disable/enable interface all is fine then go the monitor > traffic statistics > Interface Status and click renew for the interface now every time it does a request a ACK happens but the VPN300 send a ICMP destination unreachable…
IPsec IKEv1 with user authentication
Hi Support, I'm facing an issue with setup of an IPsec VPN on my USG20-VPN device at version 5.31 I'm using with success a IKEv1 tunnel only with the Pre-shared key authentication from SecuExtender IPsec client. But, when I try to adding an authentication level with username+password the tunnel doesn't connect as expected.…
USG 40 throughput
Hello, I am running a small network with USG 40 (no wifi). I recently increased the ISP WAN speed from 100M/10M -> 250M/50M. However, I can get only 110 Mbps throughput with the USG. If I connect a laptop directly to the WAN (bypass the USG40), I get full 250M throughput. I searched from the forums and discovered that…
How i can block VPN Hotspot
I have an issue, I configured to block some applications such as Youtube and Facebook on my Zywall, but some users installed the VPN software and they can access those websites normally. How can I block the VPN program?
USG-60 - On VPN SSL I have "Error 0x800b0109 authenticating server credentials! (0x0)"
Hi As in subject, followed all instructions found here with no success. If I reboot USG it works fine and for some days everything is fine but after a while if I try to reconnect I get error again Is there a way to solve this? Best regards…

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

[2025 Jan Tips & Tricks] Take Control of Your Security: Enable 2FA on Your Zyxel Firewalls
We’ve said it countless times, but it’s worth repeating: Enable two-factor authentication (2FA) for administrative logins! This critical recommendation arises from the latest vulnerability disclosures, underscoring the importance of proactive measures. Let’s break it down to safeguard what matters most. CVE-2024-11667: Key…
[2024 Sept Notification] SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options
SecuExtender SSL VPN macOS and Windows Clients: EOL and Upgrade Options We want to inform you that the SecuExtender SSL VPN macOS and Windows clients have reached their end of life (EOL). Zyxel is no longer selling, maintaining or supporting these products. However, for those who recently purchased a license, we understand…
[2025 Feb Tips & Tricks] Seamless Synchronization for Effortless Management
Simplify your network management with the new USG FLEX H series feature! At Zyxel, we are dedicated to enhancing your network's security and management efficiency. With the latest uOS1.31 firmware for the USG FLEX H series, we've streamlined your user experience across both the local GUI and Nebula cloud management. What's…

View All