-
💡Duo Security Authentication Integration Guide
This discussion has been moved.
-
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
-
FQDN objects not resolving
We seem to have discovered an issue with the method used to resolve DNS hostnames on the USGs, affecting both uOS and previous ZLD based firewalls. Over the last couple of months we are running into issues with certain FQDN objects that will not properly resolve to an IP. Doing a bit of research, it seems some internet DNS…
-
Problem with DHCP permanently offer/request/ack
I have the problem that from some moment on the DHCP for my MGMT Interface (VLAN 168) is no longer working correctly with DHCP, or maybe the zyxel switches like XMG2230 or XMG1915 lost control of DHCP. What i remember is that i have set TTL to 30 days and i have tried to add a Reservation for one other device. Not sure if…
-
Error with SSLVPN split tunnel
Hello, I'm using SSLVPN (OpenVPN style) in split tunnel mode. I've added subnets to be routed and it used to work fine in firmware v1.37. Then running v1.38, I was in need to expose one more network via vpn and while trying to add it I've got an error "The undefined has existed already", while definitely it was not the…
-
WOL possible?
I'm wondering why SME grade network device (FLEX700H) while having cloud features here and there has no basic GUI-function like Wake On Lan with a click of a button? And for some older devices there is a list of configuration you have to do to simply send a magic packet.
-
USG FLEX 700H no more connection on web interface after a couple of minutes...
Hi, I am currently setting up a new USG FLEX 700H. After a few minutes, the web management interface becomes unreachable. The only way to recover access is to reboot the firewall from Nebula. The device is running the latest firmware, and I have found reports from other users experiencing the same behavior. Is this a known…
-
[USG Flex H] - SNMP WAN IN/OUT octet wrong values
Hello everyone, I've the USG Flex 200HP and if I try to query the WAN octet OID, obtain the wrong value. The OID that I query is: 1.3.6.1.2.1.31.1.1.1.6.12 for WAN Incoming and 1.3.6.1.2.1.31.1.1.1.10.12 for WAN Outcoming. Is this the right OID to query? My firewall is up&running from more that 14 hours. Thank you
-
Occasional internet interruptions
Hi, a customer complains about internet interruptions. I'm not sure if it belongs to Zyxel but I delivered a new firewall (USG Flex 100H) in December 2025. Prior to that date the customer used a Zyxel ATP100. The customer uses the tool "PingPlotter" which shows internet interruptions which are mostly 3 seconds long. Two…
-
How to prevent traffic to directly connected subnets being sent through IPSec VPN tunnel ?
Hi ! I'm using a Zywall 50H I set 3 local networks like this: Name Zone IP/Netmask Type Members ge3 LAN3 192.168.105.1/24 (Static) Ethernet p3 ge4 LAN4 192.168.107.1/24 (Static) Ethernet p4 ge5 LAN5 192.168.109.1/24 (Static) Ethernet p5 I have "Computer #1" on ge3 with IP address 192.168.105.34 I have "Computer #2" on ge4…
-
USG 500H Web Console Unresponsive UPDATED Still No Go
My mistake was clicking the VPN Configuration Script Download button. Once I clicked that, the interface locked up. Internet, voice, and site-to-site VPN connections remained active. I rebooted the device. Web UI still unresponsive. I power cycled the device - disconnected the power cable for a few seconds - and still the…
-
RemoteAccess users cannot ping devices on the LAN
Hello, I am trying to setup remote access using VPN IPSec native Windows VPN Client. The users can connect fine but cannot ping any device on the lan they are connected to. However pinging devices on remote lan's that are connected to this lan with site-to-site tunnels works fine. What is missing on the USG Flex 200H they…
-
USG FLEX 200H: LAG LACP Interface Issue
Hi, in my scenario I have a stack of two XGS3700-48HP, firmware V4.30(AAGF.3),and a LAG of two ports on which I've connected public network. I had ATP500 Firewall connected on that LAG with the external interface and it worked fine for years since I've changed with USG FLEX 200 H, firmware V1.38(ABWV.0). Both LAGs where…
-
Zyxel USG Flex100H - IPSec VPN Google Authentication Fail (invalid code)
I have configured a IPSec VPN with 2FA (Google Authenticator) and when I connect my user and go to the page for the code, it will say "Authentication Fail (invalid code)". In the device log it will say the user successully authenticated and the remote connection works properly. I have tried device reboots, remove cookies,…
-
USG FLEX H - Session monitor - "No data"
Hi, I noticed that when I enter Traffic Statistics - Session Monitor, and select "View: sessions by source IP" for example, I get the list of session grouped by source IP and the counter in the last column. If I click the counter, I get always "No data" as response. Javascript console reports Firmware 1.38. Thank you for…
-
IPSEC VPN site to site tunel established bewtween 50H and 100H, traffic gets cought on NAT
I have a IPSEC VPN site to site tunel established bewtween 50H and 100H device. 50H - has 192.168.65.0/24 100H - has 192.168.75.0/24 and 192.168.1.0/24 When I try to establish a connection from 50H (192.168.65.102) to for example 192.168.75.23 it gets caught in the NAT rule. (but the NAT rule is intended for WAN to LAN…
-
RESOLVED: Upgraded from ATP200 to USG500H VPN Connects But No Traffic
Nevermind. It's working now. Not even sure what change fixed it, but it's working and that's enough for now. Upgraded from ATP200 to USG500H at Primary site. ATP200 at Remote site. ATP200-to-ATP200 VPN worked great for years. Duplicated the old ATP200 Primary config as closely as possible, but the UI is different and not…
-
v1.38 Dashboard Issues
So I load my dashboard and get this error (I have cleared Edge's cache too) This is being caused by the client usage widget Error Failed to load interface list Error Code: (500) /api/show/gui/widget/client/usage
-
Port forwarding not working
I have a USG Flex 50H. External IP is 192.168.10.1 (WAN ge1), Internal IP 192.168.1.1 (LAN ge3). The router is a FritzBox 7530AX. According to technical guide, I created NAT rule for Remote Desktop Connection (Object Address, Policy control), but it's not working. Please asking for any support, thanks.
-
Issue generating .ovpn file on Flex 100H
Hi all, we just upgraded to a Flex 100H, applying the converted configuration from our old Flex 100 without an issue. Now we want to configure SSL VPN with OpenVPN following this guide:…