-
💡Duo Security Authentication Integration Guide
This discussion has been moved.
-
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
-
[USG Flex H] - Captive Portal for Tailscale VPN
Hello everyone, I would like to use the Captive Portal for every Tailscale devices, but I cannot create the Captive Portal rule because into the "Incoming Interface/Zone" is not present the configured Tailscale Zone How I can configure a Captive portal for the Tailscale network? Thank you
-
[200 H, firmware 1.37] Is the device failing to send certain email notifications?
I'm testing email notifications and I get the impression that the 200H isn't sending some of them. Part 1. "Log Alert" - "DoS Prevention" notifications. I defined a "Log Alert" that includes all "Authenticate" events and all "Security" events. This was the only notification defined in this test. Next, I intentionally…
-
The Block QUIC Protocol bug
FLEX H V1.38(ABZI.0) and V1.38(ABZI.0)ITS-26WK16-m11228 So this option was a pain to know about due to it somewhat working and well really not working you can find this option in system > advanced So here the problem for what tests I have done and think bug is. So lets say Block QUIC Protocol is enabled and the LAN is…
-
[USG Flex H] - Export the CA trusted certificate
Hello everyone, I try to use the internal certificate functionality; I've tried to create a cert and download it, all works. But, when I try to export the CA certificate from the "Trusted Certificates" tab, the downloaded file seems to be corrupted. Anyone that uses this functionality? Can you help me to export the CA…
-
What "uOS" is?
As Handbook of USG Flex 100H reports, there's a new kid (firmware) on Zyxel firewalls. uOS1.10 New toys for the customers? I hope not cloud-only…
-
OIDC Setup on FLEX H
I'm trying to configure OIDC on FLEX H with MS Entra. Tried to follow this guide: SSLVPN authentication with Microsoft Entra ID — Zyxel Community But when I press the test button I get this error: Invalid OIDC authorization_endpoint. Error Code: (10016)cmd aaa validate-oidc-profile MS365 Normally my Issuer URL, Client ID…
-
Issue generating .ovpn file on Flex 500H (SSL VPN)
Hello, I’m having a problem with my Zyxel Flex 500H. I’m trying to generate an .ovpn configuration file for SSL VPN, but instead of getting an .ovpn file, the system downloads a .tgb file when I click the “Download” button in the SSL VPN section. I expected to receive a standard OpenVPN (.ovpn) configuration file, but I’m…
-
USG FLEX H series external block list records limit
Hello, The online guide and the PDF manual for the H-series firewalls specify that there is a limit of 50,000 records for external block lists. On Nebula, I haven't seen this limitation mentioned anywhere. Does this limitation apply to both on-premises and Nebula deployments for the H series? If so, would it be possible to…
-
USG FLEX 200H: Remote Access VPN (IKEv2) Split Tunnel limited to a single CIDR field
Hi everyone, We are currently configuring a Remote Access VPN (IKEv2) on a USG FLEX 200H. While setting up Split Tunneling, we’ve noticed a major limitation compared to the Site-to-Site (S2S) configuration. In Site-to-Site VPN, the H-series easily allows the selection of multiple subnets. However, in the Remote Access VPN…
-
v1.38 Dashboard Issues
So I load my dashboard and get this error (I have cleared Edge's cache too) This is being caused by the client usage widget Error Failed to load interface list Error Code: (500) /api/show/gui/widget/client/usage
-
OpenVPN (SSL VPN) not connecting after migration from USG FLEX 50HP (ZLD) to USG FLEX 100H (uOS)
Hi everyone, I just completed a migration from a USG FLEX 50HP (ZLD firmware) to a USG FLEX 100H (uOS 1.37). The new firewall is up and running — internet access works fine, and LAN clients can reach the internal server without issues. However, I'm unable to establish an OpenVPN connection. Here's what I've done so far:…
-
USG 100H cant access youtube via roku
I just switched from a USG FLEX 700 down to a USG 100 H. With the new devices, none of our Roku devices can access youtube. I have disabled all security services without any luck. There is nothing in the logs the shows any type of an error from these devices. As a last resort, I specifically added a rule to permit QUIC…
-
[v 1.38] don't work Policy Routes via VTI trunk
after update from 1.36 to 1.38 PR via VTI trunks don't work. If change trunk to single VTI - routes start working After downgrade to 1.36 all work as usual Policy routes Policy routes status At 1.36 policy routes status
-
V 1.38 SSL VPN DNS bug
Good day, After upgrading my flex700h to the latest (1.38) firmware, SSL VPN stopped to do any DNS resolution. In VPN - SSL VPN, option DNS Server I have ZyWall. Used to work fine. When I check logs now of VPN client connected, I see this "ZyWall" is passed as is, while it has to be an IP instead. I have currently fixed it…
-
[USG Flex H] - Tailscale VPN - every reboot Default SNAT not working
Hello everyone, every time that I reboot of my USG Flex 200HP, the Tailscale exit node not working anymore. I've enabled the exit node from the Tailscale configuration, and enabled the Default SNAT rule. All works fine, until I reboot the firewall; by default this rule is enabled (reload the last setting) but seems not…
-
Issue with AWS VPN Client - Stuck on 'Waiting for identity'
Hello, I am aware that my request is quite vague and may be difficult to address. Since Monday, we have no longer been able to connect to our VPN using the AWS VPN Client (Windows), which relies on OpenVPN. The connection normally goes through an ADFS federation (via SAML). Currently, the VPN client no longer opens the…
-
[200H] Can't I assign all the ports (p3-p8) to a single LAN subnet?
I don't need two LAN subnets, but I want to have as many ports as possible on a single LAN subnet. There was no problem with this on the USG 210: I can't do this on the 200H. Default configuration: I can remove one port (e.g., p7) from ge4: I can assign this port (p7) to ge3: But I can’t remove the last port (p8) from ge4:…
-
Zyxel Newbie - Basic Network configuration
Hello, I want to make easy and secure management of my home network. I'm newbie on firewall management and configuration, so forgive me if I can't understand some terms. My network devices are: Fritzbox 7690 (DHCP disabled) Zyxel USG FLEX 50H (DHCP enabled on LAN Zone) Zyxel XMG1915-18EP (Default configuration with VLAN 1)…