-
The Block QUIC Protocol bug
FLEX H V1.38(ABZI.0) and V1.38(ABZI.0)ITS-26WK16-m11228 So this option was a pain to know about due to it somewhat working and well really not working you can find this option in system > advanced So here the problem for what tests I have done and think bug is. So lets say Block QUIC Protocol is enabled and the LAN is…
-
Lost UDP natting after 1.38 upgrade on Flex 700H
Hello, I have a couple of Flex 700H upgaded from 1.36 to 1.38, with multiple public IP addresses on each of them. I natted some services managed by appliances connected on the DMZ, among them a SSL VPN working with both TCP and UDP connections on port 443 on one of the public IPs. Since the upgrade, tunnels using UDP…
-
Conversion cfg. from Flex100 to Flex200H
Is there a way to convert a configuration from Flex100 to Flex200H? Unfortunately, the Configuration Converter is not even able to convert cf. Flex100 to Flex100H
-
Learning internal networks by OSPF (without propagating any)
We have received several USG FLEX 700H, which we want to connect with each other and to use to gain access to our network from the outside, by split-tunneling traffic towards the "internal" interface. As our network is big and I do not want to add all different private and public networks/addresses manually, I wanted to…
-
Zyxel Newbie - Basic Network configuration
Hello, I want to make easy and secure management of my home network. I'm newbie on firewall management and configuration, so forgive me if I can't understand some terms. My network devices are: Fritzbox 7690 (DHCP disabled) Zyxel USG FLEX 50H (DHCP enabled on LAN Zone) Zyxel XMG1915-18EP (Default configuration with VLAN 1)…
-
Issue generating .ovpn file on Flex 500H (SSL VPN)
Hello, I’m having a problem with my Zyxel Flex 500H. I’m trying to generate an .ovpn configuration file for SSL VPN, but instead of getting an .ovpn file, the system downloads a .tgb file when I click the “Download” button in the SSL VPN section. I expected to receive a standard OpenVPN (.ovpn) configuration file, but I’m…
-
[USG Flex H] - Different device/same Mac Address after change interface to port
Hello everyone, Today I've changed an interface for one port, disconnecting the old device and attaching a new one. After this, when I've tried to connect the new device, it's not acquired an IP and under the DHCP list, I see the new IP for the new interface but the MAC Address was attached to the old device. Example: P8…
-
Anyone running USG FLEX H-series in a complex multi-site environment?
Hi all, We've been running Zyxel USG firewalls for about 10 years now — first the USG 20/60 series, then the USG FLEX 200/700 — and have been very happy with them throughout. Recently we upgraded part of our fleet to the new USG FLEX H-series (200H and 500H, currently on firmware 1.38(ABWV.0), Nebula-managed), and…
-
OpenVPN (SSL VPN) not connecting after migration from USG FLEX 50HP (ZLD) to USG FLEX 100H (uOS)
Hi everyone, I just completed a migration from a USG FLEX 50HP (ZLD firmware) to a USG FLEX 100H (uOS 1.37). The new firewall is up and running — internet access works fine, and LAN clients can reach the internal server without issues. However, I'm unable to establish an OpenVPN connection. Here's what I've done so far:…
-
Issue with AWS VPN Client - Stuck on 'Waiting for identity'
Hello, I am aware that my request is quite vague and may be difficult to address. Since Monday, we have no longer been able to connect to our VPN using the AWS VPN Client (Windows), which relies on OpenVPN. The connection normally goes through an ADFS federation (via SAML). Currently, the VPN client no longer opens the…
-
Usg 500h
Has anyone set up a usg 500h on trooli and did you manage to get an external wan address
-
What "uOS" is?
As Handbook of USG Flex 100H reports, there's a new kid (firmware) on Zyxel firewalls. uOS1.10 New toys for the customers? I hope not cloud-only…
-
Flex 200H Daily Reports
How can I see the top HTTP and HTTPS Web Site Hits in my daily report as I used to in my USG110? I don't see the options. I have been trying to track down who is sending excessive Tx activity from the Amazon Web Services/Cloudfront CDN service, and I have also been trying to track down excessive Tx activity in the…
-
[USG Flex H] - Captive Portal for Tailscale VPN
Hello everyone, I would like to use the Captive Portal for every Tailscale devices, but I cannot create the Captive Portal rule because into the "Incoming Interface/Zone" is not present the configured Tailscale Zone How I can configure a Captive portal for the Tailscale network? Thank you
-
[200 H, firmware 1.37] Is the device failing to send certain email notifications?
I'm testing email notifications and I get the impression that the 200H isn't sending some of them. Part 1. "Log Alert" - "DoS Prevention" notifications. I defined a "Log Alert" that includes all "Authenticate" events and all "Security" events. This was the only notification defined in this test. Next, I intentionally…
-
[USG Flex H] - Export the CA trusted certificate
Hello everyone, I try to use the internal certificate functionality; I've tried to create a cert and download it, all works. But, when I try to export the CA certificate from the "Trusted Certificates" tab, the downloaded file seems to be corrupted. Anyone that uses this functionality? Can you help me to export the CA…
-
USG FLEX H series external block list records limit
Hello, The online guide and the PDF manual for the H-series firewalls specify that there is a limit of 50,000 records for external block lists. On Nebula, I haven't seen this limitation mentioned anywhere. Does this limitation apply to both on-premises and Nebula deployments for the H series? If so, would it be possible to…
-
USG FLEX 200H: Remote Access VPN (IKEv2) Split Tunnel limited to a single CIDR field
Hi everyone, We are currently configuring a Remote Access VPN (IKEv2) on a USG FLEX 200H. While setting up Split Tunneling, we’ve noticed a major limitation compared to the Site-to-Site (S2S) configuration. In Site-to-Site VPN, the H-series easily allows the selection of multiple subnets. However, in the Remote Access VPN…
-
USG 100H cant access youtube via roku
I just switched from a USG FLEX 700 down to a USG 100 H. With the new devices, none of our Roku devices can access youtube. I have disabled all security services without any luck. There is nothing in the logs the shows any type of an error from these devices. As a last resort, I specifically added a rule to permit QUIC…
-
[v 1.38] don't work Policy Routes via VTI trunk
after update from 1.36 to 1.38 PR via VTI trunks don't work. If change trunk to single VTI - routes start working After downgrade to 1.36 all work as usual Policy routes Policy routes status At 1.36 policy routes status