USG FLEX H Series - Zyxel Community

💡Duo Security Authentication Integration Guide
This discussion has been moved.
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
1.37 uOS - Nebula SSL VPN - Change from Cloud Authentication to Local Users
Hello everyone, following this thread: https://community.zyxel.com/en/discussion/32315/h-series-ssl-vpn-download-config-button-is-green-only-on-premise I saw that upgrading from 1.36 to 1.37 the Nebula UI shows me changed authentication from "Nebula cloud authenticaton" to "Local Users". I re-use same screenshots taken for…
IKEv2 IPSec stability with H- series, experiences
Hello, I’m today using Flex 100. Considering to upgrade to Flex 50H or to other manufacturer product, let’s see. I’m asking experiences for H- series IKEv2 session stability with iPhone and iPad’s. I don’t have too good experience with Flex 100, L2TP/IPSec seems to be much more stable, sessions can last for hours. With…
Domain zone forwarder through tunnel
In FLEX (non H) series I was able to add a Domain Zone Forwarder in DNS to an IP-Address behind a tunnel. So the other site could resolve server.domain.local for example. I could select Private DNS Server then and then it mentioned "query via tunnel". In FLEX H Series I don't have that option anymore, can only select one…
H series & SSL VPN - Download config button is green only On-Premise
Hello everyone, as you can see I have a grey button on Nebula: While I see it green On-Premise: How is it possible?
USG Flex H freezing issues
Hi, Over the past three weeks, we’ve had three different sites experience downtime because the USG Flex H firewall randomly blocks all outbound traffic. So far, this issue has only occurred on the USG Flex 50H and 100H models. The only workaround I’ve found is to connect to the firewall through Nebula and perform a reboot.…
configuring remote access vpn
When i try to configure an remote access vpn, i get this error: There were errors saving this configuration. ERR_LOCAL_CERTIFICATE_NAME_UNEXIST any ideas?
Stuck on getting SSLVPN authentication with Microsoft Entra ID to work
Hi, I did follow this guide, trying to achieve SSLVPN authentication with Microsoft Entra ID SSLVPN authentication with Microsoft Entra ID — Zyxel Community Everything goes well as the guide explains, until step "6 - Click Test on the Firewall" in the section "Create OIDC AAA Server" where I got this error. I'm unsure…
Interface Rate Limiting UDP gets high! Priority with or without BWM
V1.37 Its great that Interface Rate Limiting has been added works on interfaces of a bridge but you must remove them to set the rate limit to add them back which is fine. Too bad you BWM for Transparent Bridge interface as listed in notes plus no FQDN support for BWM yet. Back to this problem when you set a Egress limit on…
Interface Connectivity Check and Policy route Connectivity Check don't work together
USG FLEX 200H V1.37(ABWV.0) I think I posted this bug for ZLD too so time ago... so the FLEX200H is downstream of another USG that you block traffic of the Connectivity Check to cause this to happen. So on a WAN interface of the Connectivity Check Method ICMP Period 5 Timeout 1 Attempt 2 and some IP Then on a routing rule…
Load a backup configuration file to a different device
If I have two 700H devices, both with the same firmware version. Can I export the configuration file from the "live" firewall and load it into the "backup" firewall without issue? I read about HA devices and that wont work in the current environment, I have limited fiber to the remote switches, both can not be connected to…
SSL VPN I can't ping client on LAN network
I configured an SSL VPN with a standard IP pool: 192.168.51.0/24. I use OpenVPN as my client to connect, and the connection is established correctly. However, if I try to ping a client on the network, for example, 192.168.168.10, I get no response. However, if I ping the IP 192.168.168.1, it responds correctly. I can't…
VPN Ike2 + 2fa auth page unreachable
Hi all, I'm trying to troubleshoot a VPN remote access issue with 2FA. (Google Auth.) My scenario: 2 Flex500Hs in HA Pro (Fw 1.35) and 30 remote users. The VPN is an IKE2 remote access + 2FA, and the authentication web page is 192.168.168.1:20443. The native Windows client is configured on each device. Issue: Randomly,…
1.37 uOS - impossible to edit NAT name
Hello everyone, when you set a rule for a NAT: You cannot edit its name: You cannot copy it either, only rewrite it. Is it possible to remove this limitation?
uOS V1.37(ABXF.0) - BWM does not allow for 'any' as an interface
Hi, I believe this was a feature in the legacy USG series firewalls, but doesnt seem to be the same on the H series. I read the following guide on setting up BWM for VOIP traffic QoS: https://mysupport.zyxel.com/hc/en-us/articles/360010431759--ZyWALL-USG-How-to-configure-BWM-QoS-on-Zyxel-firewalls It suggests that…
Zyxel USG700 zabbix monitoring
Dear All! I want to monitor my new usg in zabbix, i saw that mib are available for it, but for zabbix i didnt found a proper way to install them, if i try to import then i get an error. Do you have some trick to do this? Thank you for your help! bolvar
Dial Remote VPN from internal network
How can I get Remote VPN to work from a local network? I have users with laptops that dial remotely and it works fine. Sometimes they bring their personal laptops into the office and connect to the guest network. Rather than set up specific DMZ/low trust type wifi network, I'd like for them to be able to dial the VPN from…
FQDN object is broken, does not return IPs most of the times.
Objects→Address→FQDN is querying IN ANY instead of being more specific like A, AAAA, etc. Many DNS providers do not respond to ANY queries, or only return a subset of records, because of their misuse in DNS amplification DDoS attacks, hence results are broken. Example of truncated result: Trying "dns.cloudflare.com" ;;…
SecuExterner - Strange name in config file
Hello everyone, this is just a personal curiosity regarding file naming in SSL VPN Zip file. As per this post I download the config archive from a 50 H firewall: https://community.zyxel.com/en/discussion/32315/h-series-ssl-vpn-download-config-button-is-green-only-on-premise And I see that inside the Zip file there are 2…
USG FLEX 500 H V1.37(ABZH.0)
Hello, I'm looking for the CLI command to create a new interface ge5 for example ? I'm also looking for the CLI command to remove a port (p10) from interface ge4 and finally, I'm also looking for the commande to remove an existing interface, for example ge2. I looked at this guide :…
IPSec VPN Site-to-Site behind router
Hello sir or madame, this is my problem. I have 3 buildings with 3 distinct types of connection: [home]#A Router#A FRITZ!Box 4040 (OS 08.03) connected to ONT Router#1 - IP 192.168.198.60 DHCP server Local Area Network 192.168.198.0/24 FTTH connection [company]#B Router#B FRITZ!Box 7560 (OS 07.30) connected to ONT IP…

Welcome!

It looks like you're new here. Sign in or register to get started.