USG FLEX H Series - Zyxel Community

SecuExterner - Strange name in config file
Hello everyone, this is just a personal curiosity regarding file naming in SSL VPN Zip file. As per this post I download the config archive from a 50 H firewall: https://community.zyxel.com/en/discussion/32315/h-series-ssl-vpn-download-config-button-is-green-only-on-premise And I see that inside the Zip file there are 2…
USG FLEX 500 H V1.37(ABZH.0)
Hello, I'm looking for the CLI command to create a new interface ge5 for example ? I'm also looking for the CLI command to remove a port (p10) from interface ge4 and finally, I'm also looking for the commande to remove an existing interface, for example ge2. I looked at this guide :…
IPSec VPN Site-to-Site behind router
Hello sir or madame, this is my problem. I have 3 buildings with 3 distinct types of connection: [home]#A Router#A FRITZ!Box 4040 (OS 08.03) connected to ONT Router#1 - IP 192.168.198.60 DHCP server Local Area Network 192.168.198.0/24 FTTH connection [company]#B Router#B FRITZ!Box 7560 (OS 07.30) connected to ONT IP…
DNS cookie...and this system...
This really is something else you got going on with all the root and TLD servers. So to bring everyone upto speed Zyxel have a system where your WAN interface links up to Nebula and does this in such a way that if you have two WAN and you try to force Zywall to use a given WAN you get blocked because Nebula was expecting…
Tailscale Exit node broken after V1.37(ABWV.0)
Hello just upgrade my USG Flex 200H to 1.37 today. Tailscale is no longer able to be seen as available as an exit node on my clients. The devices is reporting as offline even though no setting other than firmware was applied. I logged into the the tailscale web site and it is reporting that it was last seen right before…
USG Flex H series - Remote VPN no longer works since v1.36
I have upgraded a flex200H to 1.36 and now remote VPN via windows client no longer works as intended. It seems to be a routing issue as the VPN will connect and i can access and ping the USG but no local resources. Split tunneling also does not work so I have a VPN that can only access the USG and nothing else. There have…
A small thing, but very irritating - USG FLEX 200H
When the device configuration backup is set, after each device update to a higher version, the same with 1.37, the last backup files before the update are deleted and suddenly files from several months earlier appear that were not visible in the window before the update, e.g. from September 2025.
1.37 - Wrong Remote Access VPN Batch file script
Hi, this relates to a USG Flex 100H with the current V1.37 firmware. I've just setup Remote Access VPN and I used the download option for "VPN Configuration Script Download". I've used the windows batch file script to create the VPN connection. There is a syntax error in the generated batch file script related to split…
MAC table goes bad
Got this to happen again and on a test PC on VirtualBox USG FLEX 200H V1.37(ABWV.0) Note Source IP Spoofing Prevention was disabled when this happened To make this happen you need to have one NIC get a IP from DHCP then you don't use that NIC and use another NIC and DHCP give out the same IP due to it thinking that the IP…
Remote vpn and mfa
We made a Remote access VPN connection for the customer using the native Windows VPN client. We also put a VPN on top of MFA. MFA only supports local users. The user needs Google Authenticator to use it. Is the only way to get the user a QR code for the authenticator, that the user logs in inside the firewall and scans the…
1.37 uOS - Gold Security Pack trial does not apply to H series
Hello everyone, as you can see I activated a Gold Security Pack trial linked to a site where I have a 100HP with 1.37 onboard: But Nebula shows me: So checking its licenses it seems to me that the Nebula update does not accept trial for updated H series: How can I fix that?
1.37 uOS - Clicking on Security Policy does not save NAT rule
Hello everyone, when you set a new NAT rule and you click on Security Policy: the system does not ask you if you want to save or not the new rule you just edit, so you go to Security Policy area losing the NAT rule. It should be better to have a popup menu asking you if you want to save the new rule. If you click on Apply:…
1.37 uOS - no visible line for new Service on Nebula
Hello everyone, when you go here: to add a new Service you click on Add: but the line is NOT visible. To see it you have to click on Results per page: And then wait for the new refresh page: In this way you have to wait for the entire list of Services instead of placing just the port number you need and go on. If you have…
1.37 uOS - errors when you set DHCP table from Nebula
Hello everyone, I was testing new firmware to deploy in production. As you set DHCP table on Nebula: While if you log in to your firewall and set it from there everything is smooth: Why I cannot set the DHCP reservation from Nebula?
1.37 uOS - DHCP reservation and client list NOT working
Hello everyone, on a site I decided to assign 192.168.0.250 to a switch but it became unreachable. So I gave it the x.x.x.253 IP and now I can see it: The problem is that the firewall does NOT show me the fact that x.x.x.250 was already taken using the On-Premise UI: So I verified it via Nebula and there I see something…
1.37 uOS - wrong default WAN selected inside NAT and VPN panel
Hello everyone, when you want to open a port for a specific server you have to use NAT: The problem is that the 100HP starts offering me always ge2: that is a WAN offline: I had the same issue with VPN panel where I had to set ge1 as primary interface: If you use the on-premise UI everything seems smooth: Is it a Nebula…
1.37 uOS - error selecting UDP port and saving it from Nebula
Hello everyone, if you add a new UDP port to Services on a H series: When you save that it saves a TCP port: If you create that from On-Premise UI there is no issue: Why you cannot edit that Service port from Nebula? As you can see there is no pencil: So you have to fix this issue from On-Premise UI: selecting UDP from…
1.37 uOS - error DNS rule myrouter.local
Hello everyone, I moved a firewall from a test site to a production site, I updated it to 1.37 So I went to check its DNS rule and I see: This is the default internal subnet, while the firewall has different LANs: Why Nebula still thinks that the firewall is reachable on 192.168.168.1 ?
USG Flex 50H Source Code
Hello, I requested the source code for the open source software running on my USG Flex 50H in November 2025. I got an E-Mail reply with a ticket number: OSC Ticket #251101695 When will the source code be ready? In the past, I requested the source code for my SCR50AXE, which was ready after 2 Months.
Flex 200H - SSLVPN attempts to reconnect every few seconds
Hello I set up a Flex 200H with SSL VPN and installed OpenVPN Connect. This worked fine for a few weeks. Then I started using "OpenVPN Gui" which allows for an "%connection%_up.bat file to be executed as soon as the connection is running. This file starts the internal 2FA Website. This also works fine. For this I use a…

Welcome!

It looks like you're new here. Sign in or register to get started.