USG FLEX H Series - Zyxel Community

💡Duo Security Authentication Integration Guide
This discussion has been moved.
[2026 January Spotlight] Integrate Secure Cloud Authentication with the USG FLEX H series
As organizations adopt cloud services and support remote and hybrid work models, identity has become a critical foundation of modern security. Traditional authentication methods based on locally managed accounts are increasingly difficult to scale and protect against today’s threats, including credential theft and…
1.37 uOS - Impossible to connect SSL VPN
Hello everyone, I setup a SSL VPN via Nebula, I see some issues. I'm using 10443 standard port. -1- I went here: And clicking Download button I downloaded a Zip file where the tgb file is NOT accepted by the SecuExtender app: The error shown is this one: So I had to download that zip file via On-Premise interface: And the…
arp reply restricted
Previous to the Flex100H Series routers we were able to run the "arp reply restricted" cli command. Is there a way to do this on the H Series routers? The reason why we need this is because it is responding to arp request on the wan interface for IP's on the LAN interfaces. Old Community post that references this is below.…
Setup VPN to Home USG FLEX 500H
Hi everyone, could someone help me configure a VPN connection from my Zyxel firewall so I can connect from home? I’ve already purchased the VPN license, but I’m not sure how to set it up correctly. Any guidance would be greatly appreciated.
SSL-Inspection causes "Content Encoding Error"
Hello everyone, We recently purchased a Zyxel USG Flex 100H, and most of the features are working well so far. However, we’ve run into an issue with SSL-Inspection. When SSL-Inspection is enabled, some websites (like YouTube) load normally, while others (like ChatGPT and Zyxel Support Forum) return a "Content Encoding…
Stuck on getting SSLVPN authentication with Microsoft Entra ID to work
Hi, I did follow this guide, trying to achieve SSLVPN authentication with Microsoft Entra ID SSLVPN authentication with Microsoft Entra ID — Zyxel Community Everything goes well as the guide explains, until step "6 - Click Test on the Firewall" in the section "Create OIDC AAA Server" where I got this error. I'm unsure…
Dual Wan Failover causes DNS failure and loss of Internet
For cost reasons, I moved from a dedicated Mediacom line with Public Static IP to a 'Residential' line that is DHCP internally as well as Public DHCP externally. My Static IP WAN2 has not changed. My previous WAN Trunk was weighted round robin and worked fine. I reconfigured the WAN interface to DHCP and it picks up an…
IPSec VPN stuck on DPD
Hi, I'm having trouble making an IPSec VPN tunnel to be established between a USG FLEX 500H v1.37 ABZH.1 located in a branch office and another firewall (not Zyxel) located at Head Quarter. Our firewall is behind the ISP's router, set in DMZ. It seems the tunnel is correctly established as the monitor page says it's…
USG FLEX 700H - Problems
Hello: I currently have a USG FLEX 700H with firmware version 1.37(ABZI.1). I've been experiencing unexpected devicerestarts. Upon checking the systemmonitoring, I observed that both CPU and RAM usage remain at high levels. Torule out a configuration issue, I performed a factory reset, restoring thedevice to its default…
[USG 200HP] + [NWA130BE] + Unable to connect to Wifi
Hello community, This evening I had problems with Wi-Fi and my iPhone. My phone kept disconnecting from Wi-Fi, connecting and disconnecting in rapid succession. I tried connecting my computer to the firewall LAN, but I couldn't get a valid IP address. From my computer (Windows), I opened a command window and tried to renew…
IPSEC VPN - AD link broken with special caracters
Hi, We found a bug in usg flex 100h last firmware concerning ipsec vpn. The authentication doesnt work if the username OR password contain "é" or "è". We are using a standard microsoft ad, and i think a standard configuration on the firewall. The work around is changing name and password but its kinda annoying. Thanks
IPS custom signatures
Hello, according to the user handbook https://download.zyxel.com/USG_FLEX_50H/user_guide/USG%20FLEX%2050H-UG.pdf the Zyxel Flex 50H supports a maximum of 32 custom IPS signatures: How can I add these custom IPS signatures? I couldn't find a way in the user handbook or in the CLI guide.
Flex 700H stops responding
Does anyone with a 700H have issues with the firewall just locking up and stop responding? Only way to recover it is to pull the plug and start again. Have the logs writing to USB and can see nothing in there that points to why it just locks up. Did have the firewall connected to a 3800 switch via DAC cable but recently…
Zyxel Flex 100H - VPN Apple mobileconfig returns error on importing on Apple OSX
Here is the screenshot. Apple OSX version Tahoe 26.3
Zyxel Flex 100H model - How many SSL VPN licenses are included by default?
I see that the technical limitation is 25 users. But what is the license limitation in the scenario when the Flex 100H model was bought by default (with no extra licenses like Gold pack or something else) ?
Tailscale VPN performance issue
Hi Melen. I've been using Tailscale for a long time to connect to my office. For about two weeks now, I've been experiencing problems with Tailscale VPN, sometimes with poor performance, and sometimes with no connection at all. In these situations, I solve the problem by disabling and then re-enabling Tailscale VPN on my…
IKEv2 IPSec stability with H- series, experiences
Hello, I’m today using Flex 100. Considering to upgrade to Flex 50H or to other manufacturer product, let’s see. I’m asking experiences for H- series IKEv2 session stability with iPhone and iPad’s. I don’t have too good experience with Flex 100, L2TP/IPSec seems to be much more stable, sessions can last for hours. With…
Firewall H series, VPN orchestrator not working
we are trying to make a site to site vpn connection between the customer's offices with vpn orchestrator. vpn connection does not connect, gives error received NO_PROPOSAL_CHOSEN notify error and parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]. Have we forgotten something or what is wrong
[USG Flex H] - Simultaneous Logins
Hello, I've enabled a security enhancement for force no login if an user is already logged in (at the moment, I don't remember the function name). I've activated this function on the admin account, but now I'm unable to login: This is because if refreshes web page, the firewall push out the logged user, without really…
V1.37(ABXF.1) on 100H - DNS Threat Filter/URL Threat Filter not possible to configure
Hello, after the Update V1.37(ABXF.1) on my 100H it's not possible to configure DNS Threat Filter/URL Threat Filter under External Block List. It's not possible to load files or do something else. IP Reputation is working without problems. Still not possible to do something after 15min. waiting …
[USG Flex H] - User 2FA Backup Codes no available anymore
Hello, I've enabled the 2FA for the admin account and after setup it, I've tried to disable/enable the 2FA flag without save the configuration (disable the flag, enable the flag and then click on "cancel" without saving). When I returned into the profile management, I see this: If I try to regenerate backup codes, I obtain…

Welcome!

It looks like you're new here. Sign in or register to get started.