Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

USG authentication against Cisco ISE
Hi community, anyone can advice how to setup Radius attribute on Cisco ISE so that when login with my RAdius credentials my privilidge is correctly assigned to user type admin? i have tried to follow AD/LDAP/Radius Admin Authentication — Zyxel Community ATTRIBUTE Zyxel-User-Type 64 string with direction BOTH and i can…
Changing a VPN user's password on your own
We are currently using Flex200. I've read through many threads regarding the topic of allowing VPN users to change their own passwords, but none of them led me to a working solution — in fact, I’m now even more confused. Since many of these discussions are outdated, I would like to know what options are currently…
I have forgotten my password to Zyxel8751-2,4ghz
Use an Static + Dynamic IP Adress together (if the ISP support it!).
Hi "By accident" i found out that with my current config of the ATP my ISP give me 2 different IP Adress. The first IP Adress get signt via DHCP from the Modem. The can be found in: Network → Interface → Ethernet → WAN Port In my case as mention before the get assign via DHCP Automatic and change every ~24h. Than for my…
UTM Bundle License Refund or Upgrade Option Inquiry
I hope this message finds you well. I would like to inquire about the possibility of returning or exchanging a license from the equipment. I recently purchased and activated a UTM Bundle license for my USG FLEX 100 firewall. However, I later realized that I actually need it the Gold Security Pack, which includes additional…
AD Authentication Failed after upgrade to 5.40 on USGFLEX700 model only
hi everybody, after upgrading to ZLD 5.40 on USGFLEX700 (Standalone mode) we got systematic authentication failure using AD Authentication against windows server 2019 Domain Controllers (so this shouldn't have nothing to do with the Windows Server 2025's problem as of Zyxel's advisory of last April) We've verified that on…
ATP200, SFP to Lan Port?
Hi My Home Server is hooked directly to the SFP Port on my ATP. The ATP is the DHCP Server for a bunch of Virtual Machines. Now I have to move them somehow to an Server who is connect lets say Lan Port 1 (= P4). For that reason I set up LAN2 and under "DHCP Setting" I choose DHCP Relay and in "Relay Server 1" I put in the…
Weird Problem with WAN?!
Well I dont know how but since my ISP Upgradet my Internet to an higher speed everything is weird… No HW changed. I also use the Zyxel Modem from my ISP. The "Dial In" does my ATP. When I go to Ethernet i see this: The show me an 100.X.X.X IP Adress as WAN IP. When I go to PPP I see this: Here I see my fix Wan IP Adress…
USG FLEX 500H SSL VPN How How to set up two user groups for split and full tunnel?
Hy, we need to create two user groups for SSL VPN (OpenVPN Client), one using split tunnel and one using full tunnel, but the GUI doesn't seem to allow it. On the old USG firewall we could do it instead. Do you have some tips? Thank you.
Server 2025 Std. as AD autentication server
A Zyxel Flex500 worked as an AD authentication server with a server 2012 std. After updating the server to 2025 it does not work, the error is Wrong Base DN or Bind DN. What could be the problem?
IKEv2 causes USG to crash
We’ve been running several USG devices (110 and 210) without issues for years. However, our USG110 recently started hanging every three days. By "hang," I mean it completely stops responding and becomes inaccessible by any means. To rule out hardware or configuration issues, we replaced it with a brand-new USG210 from…
Incorrect RADIUS client behavior on USG devices
We’ve been running several USG devices (110 and 210) without issues for years but recently discovered few issues that seem are persisting on newest FLEX H devices as well. RADIUS Framed-MTU Issue The Zyxel RADIUS client (AAA Server) hardcodes Framed-MTU=1400, which is incorrect and not configurable (Microsoft…
VPN client-to-site settings for MacOS 15 (Sequoia)
Hi, I'm currently using these settings for a working VPN connection from Windows native clients: Gateway: - SA Lifetime: 86400 - Negotiation mode: Main - Proposal (enc/auth): 3DES/SHA1 - Key Group: DH2 Connection: - SA Lifetime: 3600 - Active Protocol: ESP - Encapsulation: Transport (L2TP/IPSec) or Tunnel (IKEv2) -…
Zyxel firewall categorizing Let's Encrypt CRL as malware
I work at Let's Encrypt, a widely used Certificate Authority - including by some Zyxel websites like support.zyxel.eu. We've received reports that our CRL (Certificate Revocation List) URL r10.c.lencr.org arise being categorized as malware by Zyxel firewalls. I am not familiar with Zyxel products, but I do see it shows as…
Request help to convert configuration file
Hello, I'd like to request help to convert USG Flex 200 to USG Flex 200H configuration file. When I try it on the convert.cloud.zyxel.com website, I get the error conversion failed and to contact support for assistance. Thank you.
ZLD 5.x firmware development status
According to this page https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version latest pubblication of Lab Firmware for ZLD 5.x is dated november 2024, 1 month after 5.39P1, roughly 20 weeks ago. Is there a new way for access Lab Firmwares? Is Lab Firmware release suspended? Is…
my flex 200 doesn't recognize my usb storage
i reformatted the usb stick to fat32, and restarted the router. any suggestions i think this post is in the wrong place, but i can't move it.
Zyxel USG 100
Hello, How to solve issue Cli Number :0 Error number: -2 Error Message: Not connected to ZySH Daemon Best regards
USG 210 - weird behaviour during WAN failover
Hi community, this is my first post here. I'm playing with a Zyxel USG 210, I'm trying to configure properly the WAN failover feature. We have 2 WAN connection, WAN1 is pure ethernet with static IP, WAN2 is a PPPoE connection over VLAN 100, which parent's interface is WAN2. Connectivity check is also enabled on both WAN1…
USG20-VPN -> Security policy -> Default rule
Hi there, We own a USG20-VPN running as our gateway-firewall with the wan-nic connected to the Internet. Checking the configuration we've found something i (hope) don't understand. What looks to me like the default (catch-all) rule is set to "Allow"…(see image) but i was expecting to find it set to "Deny" ! There is…

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

uOS1.37 Update: What's New for USG FLEX H Series
The latest USG FLEX H firewall series is powered by the new uOS, which is designed to minimize system response time and improve overall system efficiency, including the following features: Enhanced VPN Security with IKEv2 AES-GCM Support IPsec VPN now supports IKEv2 with AES-GCM encryption for both Site-to-Site and Remote…
[2026 January Tips & Tricks] Why It’s Time to Move Your VPN Encryption to AES-GCM
AES-GCM (Galois/Counter Mode) is currently the gold standard for encryption in modern VPNs (like IPsec and TLS). In this short blog we will walk through AES-GCM with you and most importantly help you adapt to the latest technology to stay safe. AES-GCM is an AEAD (Authenticated Encryption with Associated Data) algorithm.…
[2025 December Spotlight] SecuReporter AI: Proactive Device Health Anomaly Detection
🚀SecuReporter AI Keeps Evolving Over the years, SecuReporter has grown into an AI-powered analytics platform that processes massive volumes of log data to organize and highlight critical insights, helping IT teams visualize security events, understand threats, and accelerate troubleshooting across networks of any size.…

View All