USG FLEX H Series - Zyxel Community

💡Duo Security Authentication Integration Guide
This discussion has been moved.
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
SSL-Inspection causes "Content Encoding Error"
Hello everyone, We recently purchased a Zyxel USG Flex 100H, and most of the features are working well so far. However, we’ve run into an issue with SSL-Inspection. When SSL-Inspection is enabled, some websites (like YouTube) load normally, while others (like ChatGPT and Zyxel Support Forum) return a "Content Encoding…
Multiple Source IPs in NAT rules
Hi, I currently have a Web API that requires HTTPS traffic forwarding to our internal Web server through the USG Flex H series. We've got a group of IPs that all require this same NAT rule applying to them, but I couldn't figure out a way to do this and as a result I have had to configure 6 individual NAT rules that…
[USG Flex H] - Wireguard/Tailscale
Hello everyone, Today I've tried to configure the Tailscale VPN, but I've some questions about: Why is not possible to use Wireguard? I think that Wireguard is more affidable than Tailscale. Tailscale is a service on-top of Wireguard, end of support/develop, end of Tailscale service; instead Wireguard is a low level app,…
Flex 700H stops responding
Does anyone with a 700H have issues with the firewall just locking up and stop responding? Only way to recover it is to pull the plug and start again. Have the logs writing to USB and can see nothing in there that points to why it just locks up. Did have the firewall connected to a 3800 switch via DAC cable but recently…
MAC table goes bad
Got this to happen again and on a test PC on VirtualBox USG FLEX 200H V1.37(ABWV.0) Note Source IP Spoofing Prevention was disabled when this happened To make this happen you need to have one NIC get a IP from DHCP then you don't use that NIC and use another NIC and DHCP give out the same IP due to it thinking that the IP…
[USG Flex H] - Wireguard/Tailscale
Hello everyone, Today I've tried to configure the Tailscale VPN, but I've some questions about: Why is not possible to use Wireguard? I think that Wireguard is more affidable than Tailscale. Tailscale is a service on-top of Wireguard, end of support/develop, end of Tailscale service; instead Wireguard is a low level app,…
1.37 uOS - Impossible to connect SSL VPN
Hello everyone, I setup a SSL VPN via Nebula, I see some issues. I'm using 10443 standard port. -1- I went here: And clicking Download button I downloaded a Zip file where the tgb file is NOT accepted by the SecuExtender app: The error shown is this one: So I had to download that zip file via On-Premise interface: And the…
arp reply restricted
Previous to the Flex100H Series routers we were able to run the "arp reply restricted" cli command. Is there a way to do this on the H Series routers? The reason why we need this is because it is responding to arp request on the wan interface for IP's on the LAN interfaces. Old Community post that references this is below.…
Setup VPN to Home USG FLEX 500H
Hi everyone, could someone help me configure a VPN connection from my Zyxel firewall so I can connect from home? I’ve already purchased the VPN license, but I’m not sure how to set it up correctly. Any guidance would be greatly appreciated.
Stuck on getting SSLVPN authentication with Microsoft Entra ID to work
Hi, I did follow this guide, trying to achieve SSLVPN authentication with Microsoft Entra ID SSLVPN authentication with Microsoft Entra ID — Zyxel Community Everything goes well as the guide explains, until step "6 - Click Test on the Firewall" in the section "Create OIDC AAA Server" where I got this error. I'm unsure…
Dual Wan Failover causes DNS failure and loss of Internet
For cost reasons, I moved from a dedicated Mediacom line with Public Static IP to a 'Residential' line that is DHCP internally as well as Public DHCP externally. My Static IP WAN2 has not changed. My previous WAN Trunk was weighted round robin and worked fine. I reconfigured the WAN interface to DHCP and it picks up an…
IPSec VPN stuck on DPD
Hi, I'm having trouble making an IPSec VPN tunnel to be established between a USG FLEX 500H v1.37 ABZH.1 located in a branch office and another firewall (not Zyxel) located at Head Quarter. Our firewall is behind the ISP's router, set in DMZ. It seems the tunnel is correctly established as the monitor page says it's…
USG FLEX 700H - Problems
Hello: I currently have a USG FLEX 700H with firmware version 1.37(ABZI.1). I've been experiencing unexpected devicerestarts. Upon checking the systemmonitoring, I observed that both CPU and RAM usage remain at high levels. Torule out a configuration issue, I performed a factory reset, restoring thedevice to its default…
[USG 200HP] + [NWA130BE] + Unable to connect to Wifi
Hello community, This evening I had problems with Wi-Fi and my iPhone. My phone kept disconnecting from Wi-Fi, connecting and disconnecting in rapid succession. I tried connecting my computer to the firewall LAN, but I couldn't get a valid IP address. From my computer (Windows), I opened a command window and tried to renew…
IPSEC VPN - AD link broken with special caracters
Hi, We found a bug in usg flex 100h last firmware concerning ipsec vpn. The authentication doesnt work if the username OR password contain "é" or "è". We are using a standard microsoft ad, and i think a standard configuration on the firewall. The work around is changing name and password but its kinda annoying. Thanks
IPS custom signatures
Hello, according to the user handbook https://download.zyxel.com/USG_FLEX_50H/user_guide/USG%20FLEX%2050H-UG.pdf the Zyxel Flex 50H supports a maximum of 32 custom IPS signatures: How can I add these custom IPS signatures? I couldn't find a way in the user handbook or in the CLI guide.
Zyxel Flex 100H - VPN Apple mobileconfig returns error on importing on Apple OSX
Here is the screenshot. Apple OSX version Tahoe 26.3
Zyxel Flex 100H model - How many SSL VPN licenses are included by default?
I see that the technical limitation is 25 users. But what is the license limitation in the scenario when the Flex 100H model was bought by default (with no extra licenses like Gold pack or something else) ?
Tailscale VPN performance issue
Hi Melen. I've been using Tailscale for a long time to connect to my office. For about two weeks now, I've been experiencing problems with Tailscale VPN, sometimes with poor performance, and sometimes with no connection at all. In these situations, I solve the problem by disabling and then re-enabling Tailscale VPN on my…
IKEv2 IPSec stability with H- series, experiences
Hello, I’m today using Flex 100. Considering to upgrade to Flex 50H or to other manufacturer product, let’s see. I’m asking experiences for H- series IKEv2 session stability with iPhone and iPad’s. I don’t have too good experience with Flex 100, L2TP/IPSec seems to be much more stable, sessions can last for hours. With…

Welcome!

It looks like you're new here. Sign in or register to get started.