-
💡Duo Security Authentication Integration Guide
This discussion has been moved.
-
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
-
OIDC Setup on FLEX H
I'm trying to configure OIDC on FLEX H with MS Entra. Tried to follow this guide: SSLVPN authentication with Microsoft Entra ID — Zyxel Community But when I press the test button I get this error: Invalid OIDC authorization_endpoint. Error Code: (10016)cmd aaa validate-oidc-profile MS365 Normally my Issuer URL, Client ID…
-
USG Flex 200H: I have problems with SSL-VPN using AD Users
Hallo, i can login to AD when using "ANY" User is allowed to use SSLVPN. But i can not restrict to the username who is allowed to login and also i can not use a username on a policy to restrict a rule to one person or a group. Maybe i only don't know the correct naming for a user when authenticated to AD. I have tried with…
-
v1.38 Dashboard Issues
So I load my dashboard and get this error (I have cleared Edge's cache too) This is being caused by the client usage widget Error Failed to load interface list Error Code: (500) /api/show/gui/widget/client/usage
-
200H - IPV6 support ?
hello, any news for ipv6 support for Flex H series? my old zywall 110 used to support it
-
BWM on a 700H works only a few minutes
Hello everyone, On our USG FLEX 700H (Firmware: V1.38(ABZI.0)ITS-26WK16-m11228) with HA enabled, BWM is not functioning correctly. Once enabled, according to the log entries, it works for only a few minutes. Both our monitoring system and the logs confirm that the rules are no longer being applied thereafter. No further…
-
[USG Flex H] - SNMP WAN IN/OUT octet wrong values
Hello everyone, I've the USG Flex 200HP and if I try to query the WAN octet OID, obtain the wrong value. The OID that I query is: 1.3.6.1.2.1.31.1.1.1.6.12 for WAN Incoming and 1.3.6.1.2.1.31.1.1.1.10.12 for WAN Outcoming. Is this the right OID to query? My firewall is up&running from more that 14 hours. Thank you
-
USG FLEX H - LAG Interface edit Transmit Hash Policy issue
Hi, editing "Transmit Hash Policy", changing from src-dst-ip-mac to src-dst-mac and viceversa, made the firewall unresponsive. I had another interface for configuring USG FLEX 200 H via Ethernet, so it wasn't the same LAG interface I was editing. HTTP access works, but I cannot use any command since it logs me out…
-
USG FLEX 200H: LAG LACP Interface Issue
Hi, in my scenario I have a stack of two XGS3700-48HP, firmware V4.30(AAGF.3),and a LAG of two ports on which I've connected public network. I had ATP500 Firewall connected on that LAG with the external interface and it worked fine for years since I've changed with USG FLEX 200 H, firmware V1.38(ABWV.0). Both LAGs where…
-
SecuRepoter - Traffic analyses
I use SecuReporter on my site. In Analysis - Traffic, sections Top Source Hostname and Top Source MAC Address are always empty. while other information is present. All checkboxes in Log&Report-SecuReporter of the FW appliance are ticked. Why so?
-
The Block QUIC Protocol bug
FLEX H V1.38(ABZI.0) and V1.38(ABZI.0)ITS-26WK16-m11228 So this option was a pain to know about due to it somewhat working and well really not working you can find this option in system > advanced So here the problem for what tests I have done and think bug is. So lets say Block QUIC Protocol is enabled and the LAN is…
-
Lost UDP natting after 1.38 upgrade on Flex 700H
Hello, I have a couple of Flex 700H upgaded from 1.36 to 1.38, with multiple public IP addresses on each of them. I natted some services managed by appliances connected on the DMZ, among them a SSL VPN working with both TCP and UDP connections on port 443 on one of the public IPs. Since the upgrade, tunnels using UDP…
-
Conversion cfg. from Flex100 to Flex200H
Is there a way to convert a configuration from Flex100 to Flex200H? Unfortunately, the Configuration Converter is not even able to convert cf. Flex100 to Flex100H
-
Learning internal networks by OSPF (without propagating any)
We have received several USG FLEX 700H, which we want to connect with each other and to use to gain access to our network from the outside, by split-tunneling traffic towards the "internal" interface. As our network is big and I do not want to add all different private and public networks/addresses manually, I wanted to…
-
USG FLEX H - Session monitor - "No data"
Hi, I noticed that when I enter Traffic Statistics - Session Monitor, and select "View: sessions by source IP" for example, I get the list of session grouped by source IP and the counter in the last column. If I click the counter, I get always "No data" as response. Javascript console reports Firmware 1.38. Thank you for…
-
Zyxel Newbie - Basic Network configuration
Hello, I want to make easy and secure management of my home network. I'm newbie on firewall management and configuration, so forgive me if I can't understand some terms. My network devices are: Fritzbox 7690 (DHCP disabled) Zyxel USG FLEX 50H (DHCP enabled on LAN Zone) Zyxel XMG1915-18EP (Default configuration with VLAN 1)…
-
Issue generating .ovpn file on Flex 500H (SSL VPN)
Hello, I’m having a problem with my Zyxel Flex 500H. I’m trying to generate an .ovpn configuration file for SSL VPN, but instead of getting an .ovpn file, the system downloads a .tgb file when I click the “Download” button in the SSL VPN section. I expected to receive a standard OpenVPN (.ovpn) configuration file, but I’m…
-
[USG Flex H] - Different device/same Mac Address after change interface to port
Hello everyone, Today I've changed an interface for one port, disconnecting the old device and attaching a new one. After this, when I've tried to connect the new device, it's not acquired an IP and under the DHCP list, I see the new IP for the new interface but the MAC Address was attached to the old device. Example: P8…
-
Anyone running USG FLEX H-series in a complex multi-site environment?
Hi all, We've been running Zyxel USG firewalls for about 10 years now — first the USG 20/60 series, then the USG FLEX 200/700 — and have been very happy with them throughout. Recently we upgraded part of our fleet to the new USG FLEX H-series (200H and 500H, currently on firmware 1.38(ABWV.0), Nebula-managed), and…