-
Protect the link between the firewall and the switch
Hi I’m using MAC authentication on a GS1920-24 switch to prevent unauthorized devices from connecting to it. However, I can’t use MAC authentication on the uplink to the firewall. How can I ensure that only the firewall can connect to the switch, and only the switch can connect to the firewall? The firewall is a USG FLEX…
-
Zyxel SCR 50AXE Stop Working 2.4Ghz wifi after upgrade to V1.20(ACGN.0)
Hi, I upgraded my Zyxel SCR 50AXE to the latest version (V1.20(ACGN.0)), and after that, my 2.4GHz Wi-Fi network stopped working. Sometimes it appears, sometimes it doesn’t, and when I try to connect, it gives an error. It also shows a Wi-Fi network named “SSID,” but I think that was already there before the upgrade. Has…
-
VPN SSL: unable to access to a server folder
Hi I need to connect a remote pc to an internal server folder. My LAN is a domain network type and I'm running a USG 1100. I've configured the SSL VPN in the firewall and the remote pc is connected succesfully to the firewall. SecuExtender shows: Client IP: 192.168.200.11 Server IP: 217.xxx.xxx.xxx DNS: 192.168.0.2,…
-
ZyXel USG20-W - internet failing and VPN issue.
Hello, I am running quite old ZyXel USG20-W with latest firmware (upgraded today) and I started experiencing some issues couple days ago. We had internet connection outages while downloading big updates and so on. So we changed internet provider and swaped from 40Mb internet to 100Mb internet connection. We are now able to…
-
ATP800 V5.41(ABIQ.0) firmware image corrupted
Hi, My ATP800 has been trying to update to firmware v5.41 since the release via auto update but encountering a checksum error on the download. I attempted to use the firmware file from the myZyzel portal, but could not boot with the 5.41 image. The firmware management page shows the new version number, but boot falls back…
-
Politica para Bloqueo de Aplicaciones moviles en router mercusys coenctado a un usg flex 200
Muy buenas noches a todos, tengo conectado un router mercusys via lan a un sw no administrado, y estos a un firewall USG FLEX 200H, donde y como puedo hacer (Politica) para que los telefonos moviles que se coencten via wifi, no me permita abrir las apps de facebook, tiktok, youtube, twich, x, solo me permita whatsapp.…
-
Admin password reset
Is there a procedure to reset the admin password for my USG-20 Firmware 4.73? I already tried tit atgk -u but it seems doesn't work. Any help is appreciated.
-
USG 20w/50 Flex
Hi, please help to understand strange situation. Due to USG prepare for production, I did some settings in test environment via browser, set interfaces, dhcp bind, server & e.t.c, so no action might disrupt communication via cable. Suddenly I lost connection, no ping, no http. Was restart but no effect. Connect via console…
-
Zyxel Firewall Security Service Incident 2025-10-20 06:49 ~ 10:47 (UTC+0)
Dear Zyxel firewall users, The Zyxel firewall security services had some issues due to an incident from AWS. Issue Started from: 2025-10-20 06:49 (UTC+0) Resolved: 2025-10-20 10:47 (UTC+0) Issue Symptom & Risk: These functions are effected: Firmware upgrade Signature upgrade Cloud query Sandbox Threat Intelligence service…
-
IPv6 configuration with RDNSS (RFC 6106)
Hello, We are MSP which deployed IPv6 internally on one of client's existing Zyxel firewall. The device in question is an USG Flex 200 running firmware 5.40 (latest). Coming from Fortinet / FortiOS we find the IPv6 configuration on Zyxel convoluted as there is no official knowledge base (aside from random official blog…
-
Problem l2tp connect
Good evening, We have a Zyxel VPN 100 and the L2TP protocol enabled, which several users with Macs with their configurations use. Everything worked for a week now, but it no longer works without any changes. Can you tell us what the problem is based on the logs I've attached and how to fix it? warn sessions-limit ACCESS…
-
BWM problem with wildcard FQDN to Guaranteed Bandwidth
USG FLEX 200 V5.40(ABUI.0) SFP WAN LAN 192.168.255.237 255.255.255.192 interface Egress limit 81920Kbps BWM rule 1 incoming LAN1 outgoing SFP destination *googlevideo.com Guaranteed Bandwidth Inbound 71680Kbps Outbound 3200Kbps maximize bandwidth checked Priority 7 note setting the Priority higher does not help…
-
Forticlient VPN thru USGFLEX50
Hi everyone. I need to let my notebook connect to an external VPN on a fortigate via IPsec (FortiClient IPsec). Everything works fine except for being at office where my USGFLEX50 seems not to let me connect to the external fortigate. Obviously my notebook has no filters outgoing and I can see IKE packet ougoing correctly…
-
NAT rule "allow remote IP" on USG LITE 60AX no subnets?
First go around with the USG LITE 60AX. NAT rules "allow remote IP" doesn't seem to support a subnet, only a single IP (unless I'm doing something wrong). Is the only option to leave it at Any, the create firewall rules to limit allowed inbound subnets? Do NAT rules in this case also implicitly create the matching firewall…
-
USG Flex 200 Connectivity Check
Any documentation on running connectivity check from the command line of the device?
-
USG Flex 100H and GS1920-24HPv2 VLAN and LAG Internet speed issue
Hi, USG fw: V1.35(ABXF.2) Switch fw: V5.00(ABMI.1) I've configured everything needed: separate zones (not using existing LAN zone), VLANs, policies, configured LAG (LACP) on 3 ports and connected to switch. Everything seems to be fine, however, after that I decided to test Internet speed using services like speedtest.net…
-
SSO agent still using dangerous NTLM
Microsoft deprecated NTLM a long time ago, SSO agent still do not support kerberos. This is a security issue, any plan to address it? Ticket 481177, 456941 and 417559. Regards.
-
Zyxel, I paid SSL Vpn service, give it me back!
Bought a couple of Usg Flex 500 on July 2024, I need SSL Vpn and Flex 500 support 150 SSL Vpn connections. Two months later Zyxel announced that SSL Vpn are discountinued with no advance notice, now I have dozens of users using unsupported SSL Vpn. IPSEC Vpn are not an option for us, I bought and paid Flex 500 because it…
-
A valid website is being incorrectly identified as a phishing site by Threat Filter
A business website (a bank) is being identified as a threat by the threat filter. I have verified with the bank that the IP address is correct and valid. I have entered the web address in the allow list. Is there a process for submitting website to get the items removed that are incorrectly in the Zyxel database of threat…
-
Site to Site VPN with Dynamic DNS
hi, I have been able to set up site-to-siten VPN with dynamic DNS to the point it almost works. My problem is that for the other site I am not able to set the public address as WAN address. The operator makes a NAT that I can't do anything about. Is there any way to tell the VPN to use Dynamic DNS for the local IP address…
