USG FLEX H Series - Zyxel Community

💡Duo Security Authentication Integration Guide
This discussion has been moved.
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
1.37 - Wrong Remote Access VPN Batch file script
Hi, this relates to a USG Flex 100H with the current V1.37 firmware. I've just setup Remote Access VPN and I used the download option for "VPN Configuration Script Download". I've used the windows batch file script to create the VPN connection. There is a syntax error in the generated batch file script related to split…
1.37 uOS - DHCP reservation and client list NOT working
Hello everyone, on a site I decided to assign 192.168.0.250 to a switch but it became unreachable. So I gave it the x.x.x.253 IP and now I can see it: The problem is that the firewall does NOT show me the fact that x.x.x.250 was already taken using the On-Premise UI: So I verified it via Nebula and there I see something…
MAC table goes bad
Got this to happen again and on a test PC on VirtualBox USG FLEX 200H V1.37(ABWV.0) Note Source IP Spoofing Prevention was disabled when this happened To make this happen you need to have one NIC get a IP from DHCP then you don't use that NIC and use another NIC and DHCP give out the same IP due to it thinking that the IP…
1.37 uOS - wrong default WAN selected inside NAT and VPN panel
Hello everyone, when you want to open a port for a specific server you have to use NAT: The problem is that the 100HP starts offering me always ge2: that is a WAN offline: I had the same issue with VPN panel where I had to set ge1 as primary interface: If you use the on-premise UI everything seems smooth: Is it a Nebula…
1.37 uOS - impossible to edit NAT name
Hello everyone, when you set a rule for a NAT: You cannot edit its name: You cannot copy it either, only rewrite it. Is it possible to remove this limitation?
1.37 uOS - Clicking on Security Policy does not save NAT rule
Hello everyone, when you set a new NAT rule and you click on Security Policy: the system does not ask you if you want to save or not the new rule you just edit, so you go to Security Policy area losing the NAT rule. It should be better to have a popup menu asking you if you want to save the new rule. If you click on Apply:…
1.37 uOS - Gold Security Pack trial does not apply to H series
Hello everyone, as you can see I activated a Gold Security Pack trial linked to a site where I have a 100HP with 1.37 onboard: But Nebula shows me: So checking its licenses it seems to me that the Nebula update does not accept trial for updated H series: How can I fix that?
1.37 uOS - error selecting UDP port and saving it from Nebula
Hello everyone, if you add a new UDP port to Services on a H series: When you save that it saves a TCP port: If you create that from On-Premise UI there is no issue: Why you cannot edit that Service port from Nebula? As you can see there is no pencil: So you have to fix this issue from On-Premise UI: selecting UDP from…
1.37 uOS - error DNS rule myrouter.local
Hello everyone, I moved a firewall from a test site to a production site, I updated it to 1.37 So I went to check its DNS rule and I see: This is the default internal subnet, while the firewall has different LANs: Why Nebula still thinks that the firewall is reachable on 192.168.168.1 ?
VPN Ike2 + 2fa auth page unreachable
Hi all, I'm trying to troubleshoot a VPN remote access issue with 2FA. (Google Auth.) My scenario: 2 Flex500Hs in HA Pro (Fw 1.35) and 30 remote users. The VPN is an IKE2 remote access + 2FA, and the authentication web page is 192.168.168.1:20443. The native Windows client is configured on each device. Issue: Randomly,…
1.37 uOS - errors when you set DHCP table from Nebula
Hello everyone, I was testing new firmware to deploy in production. As you set DHCP table on Nebula: While if you log in to your firewall and set it from there everything is smooth: Why I cannot set the DHCP reservation from Nebula?
DNS cookie...and this system...
This really is something else you got going on with all the root and TLD servers. So to bring everyone upto speed Zyxel have a system where your WAN interface links up to Nebula and does this in such a way that if you have two WAN and you try to force Zywall to use a given WAN you get blocked because Nebula was expecting…
Tailscale Exit node broken after V1.37(ABWV.0)
Hello just upgrade my USG Flex 200H to 1.37 today. Tailscale is no longer able to be seen as available as an exit node on my clients. The devices is reporting as offline even though no setting other than firmware was applied. I logged into the the tailscale web site and it is reporting that it was last seen right before…
USG Flex 50H Source Code
Hello, I requested the source code for the open source software running on my USG Flex 50H in November 2025. I got an E-Mail reply with a ticket number: OSC Ticket #251101695 When will the source code be ready? In the past, I requested the source code for my SCR50AXE, which was ready after 2 Months.
1.37 uOS - no visible line for new Service on Nebula
Hello everyone, when you go here: to add a new Service you click on Add: but the line is NOT visible. To see it you have to click on Results per page: And then wait for the new refresh page: In this way you have to wait for the entire list of Services instead of placing just the port number you need and go on. If you have…
Remote vpn and mfa
We made a Remote access VPN connection for the customer using the native Windows VPN client. We also put a VPN on top of MFA. MFA only supports local users. The user needs Google Authenticator to use it. Is the only way to get the user a QR code for the authenticator, that the user logs in inside the firewall and scans the…
Flex 200H - SSLVPN attempts to reconnect every few seconds
Hello I set up a Flex 200H with SSL VPN and installed OpenVPN Connect. This worked fine for a few weeks. Then I started using "OpenVPN Gui" which allows for an "%connection%_up.bat file to be executed as soon as the connection is running. This file starts the internal 2FA Website. This also works fine. For this I use a…
Enable/Disable Global zone forwarder is not that good
I'm thinking it might be when a listed this idea but it was not what I was hoping it be Remove AUTO added DNS as forwarder — Zyxel Community This is how I want the FLEX H to be this is what I want to stop from DHCP client interfaces Yes there is a way to remove the DNS option from DHCP discover/request but really just…
Interface Connectivity Check and Policy route Connectivity Check don't work together
USG FLEX 200H V1.37(ABWV.0) I think I posted this bug for ZLD too so time ago... so the FLEX200H is downstream of another USG that you block traffic of the Connectivity Check to cause this to happen. So on a WAN interface of the Connectivity Check Method ICMP Period 5 Timeout 1 Attempt 2 and some IP Then on a routing rule…
Random latency handling delays on FLEX H at low bandwidth
USG FLEX 700H V1.36(ABZI.0) So I know this to be the case with some testing I have done with BQM by thinkbroadband.com and StarTrinity CST by FLEX 700H vs FLEX 200 (non H) With any luck this can be fixed by firmware and is not a hardware limitation? My understanding of FLEX H is the sessions get put on fast path CPU if…

Welcome!

It looks like you're new here. Sign in or register to get started.