-
FQDN Expire cache by TTL look back and questions
So I have used FQDN in the past a lot and back when it was released had asked for some changes some was done others were not. One of the changes was when FQDN TTL is 0 and gets removed from the Cache that the firewall session continues which I'm guessing hold true for FLEX H? The other problem was BWM like on my VPN300…
-
Flex 500H manual migration of user account configurations
This is already my second consultation regarding migrating the configuration from USG Flex 200 to Flex 500H. This time, I am trying to migrate part of the configuration related to user account definitions (including passwords). I have successfully extracted the necessary information from the Flex 200 configuration file and…
-
FLEX700H and IPSEC VPN with MFA via e-mail code
I have a Flex700H and i have setup IPSEC VPN for remote users to connect. When i turn on MFA for each user the only option that is available is Google Auth APP. I prefer MFA with a authorize e-mail sent to that users e-mail to click auth I do not user secure extender client due to cost and want to use the native IPSEC VPN…
-
Flex500H IPSec VPN Issue
Hi all, Here's my problem: It's not possible to connect remotely to the IPSec VPN (client to site) if the peer IP address is not the main one. (Configured as secondary in my scenario). Never had problem with usg/atp using wan virtual intercaces. Is it a normal behavior on H Series? Regards Lorenzo
-
[USG Flex 100H] - DHCP not release any IPs for Interface (randomly)
Hello everyone, I have an USG Flex 100H with the latest firmware, and in the night I always switch off my network devices (router, firewall, access point). In the morning, when I switch back its, sometimes - randomly - the firewall not release any IPs via DHCP for an Interface - also randomly - (sometimes no IPs for LAN…
-
OAuth2 do works on FLEX H series?
hello everyone I have sold some USG Flex H (200 and 500) and I'm unable to configure OAuth2.0. Just one of them works. Everything seems to look fine (valid token acquired) but when the firewall try to send an e-mail it gets "msmtp: authentication failed (method XOAUTH2)". please help! 😥
-
I' cant update some 700H
I need to update different flex700H. What should I do? Thanks
-
H series 1.35 Patch1 - Missing Mac filtering for SSIDs
Hello everyone, using Flex/ATP series you can configure specific MAC filtering for specific SSID. For example you can set more SSIDs with optional deny/allow lists. Where the same function is on Flex H series with latest firmware? Have a nice evening
-
Static IP assignation for SSL VPN clients
Hello. How to assign specific static IP adrress for SSL VPN clients, for example based on username/password? I have Split Tunnel configuration with two local networks and one client network pool. I would like to assign static IP for every VPN client so it will help me to analyze Security Reports and identify problematic…
-
setup vpn subscription
I'm looking to setup active directory credentials for use as vpn. using the vpn subscription license. Cannot seem to find the steps to perform the task. Can someone point me in the right direction? also, how do I get the master vpn license so the activation email will read hostname@company.com?
-
URL filter 2k reports in the mornin - USG FLEX 200H
After logging into the device, I have over 2,000 URL threat reports 2025-09-08 07:31:45 194.36.32.201/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.19127.20192/a640_exp.cab Spam URLs 194.36.32.201 2025-09-08 07:31:45 194.36.32.201/filestreamingservice/files/d8e5a058-a962-49d1-a201-a691c531ba6d/pieceshash Spam…
-
same VLAN on WAN and LAN
Hello! Is it allowed to create VLANs with the same VLAN ID on an internal interface and on an external interface? AFAIK it is not possible to have the same VLAN ID on two WANs but i don't know in the case described above
-
VPN between USG110 and smartphone
I need to set up a VPN between a USG110 and my iOS smartphone so I can query the IP addresses on LAN1 from the phone. What type of VPN should I use?
-
Unable to delete interface
FLEX H V1.35 seems like if name has "_" in it
-
FQDN problem www.grc.com vs grc.com under wildcard
USG FLEX 700H V1.35(ABZI.1) So I'm building a trusted FQDN list (including 3rd party for sites to load fine) for HTTPS mostly it works fine but have found a problem that ZLD is doing correctly but not uOS. So if I have FQDN *.grc.com Go to www.grc.com it loads fine but if I try grc.com it does not and I think the problem…
-
DNS: How to set up a private Domain Zone Forwarder
To resolve local DNS entries, I set up Domain Zone Forwarders (System|DNS) for the locally resolved domains. Up to the classic USG Flex Series I was able to chose to set up "private servers". These where queried via "tunnel" which worked locally AND via VPN tunnel. The new USG Flex H series firewall forces me to chose the…
-
Turn off 2.4Ghz on individual APs that are in the same AP group.
700H WiFi. With the older 700 (non H) controller I could turn off a 2.4Ghz radio, leaving on 5Ghz, on a single AP in a group. How is that done in the 700H?
-
IP/MAC Binding on Flex H series
Hello community, is it possible to configure IP/MAC binding as it is in the "interface" settings of the ATP GUI? I cannot find it, nor on-premise nor in the nebula configuration I found a more or less recent FAQ about MAC binding here but it just refers to the ATP GUI. Thanks😜
-
FW 1.35 Breaks DynDNS updates?
We have a Flex 100H with 2 WAN connections. On this router, ge2 is the active/primary connection, and ge1 is the backup/passive connection. Previously on 1.32, when the primary connection went down, the DynDNS address updated appropriately to the backup address and routed internet traffic out the backup WAN connection.…
-
NAT and UDP with fragments
FLEX H V1.35 When you do a NAT rule for UDP ports when traffic comes in only UDP packets are sent to Internal IP any fragments belonging to the UDP on Incoming Interface are not send to Internal IP.