USG FLEX H Series - Zyxel Community

1.37 uOS - impossible to edit NAT name
Hello everyone, when you set a rule for a NAT: You cannot edit its name: You cannot copy it either, only rewrite it. Is it possible to remove this limitation?
uOS V1.37(ABXF.0) - BWM does not allow for 'any' as an interface
Hi, I believe this was a feature in the legacy USG series firewalls, but doesnt seem to be the same on the H series. I read the following guide on setting up BWM for VOIP traffic QoS: https://mysupport.zyxel.com/hc/en-us/articles/360010431759--ZyWALL-USG-How-to-configure-BWM-QoS-on-Zyxel-firewalls It suggests that…
Zyxel USG700 zabbix monitoring
Dear All! I want to monitor my new usg in zabbix, i saw that mib are available for it, but for zabbix i didnt found a proper way to install them, if i try to import then i get an error. Do you have some trick to do this? Thank you for your help! bolvar
Dial Remote VPN from internal network
How can I get Remote VPN to work from a local network? I have users with laptops that dial remotely and it works fine. Sometimes they bring their personal laptops into the office and connect to the guest network. Rather than set up specific DMZ/low trust type wifi network, I'd like for them to be able to dial the VPN from…
FQDN object is broken, does not return IPs most of the times.
Objects→Address→FQDN is querying IN ANY instead of being more specific like A, AAAA, etc. Many DNS providers do not respond to ANY queries, or only return a subset of records, because of their misuse in DNS amplification DDoS attacks, hence results are broken. Example of truncated result: Trying "dns.cloudflare.com" ;;…
SecuExterner - Strange name in config file
Hello everyone, this is just a personal curiosity regarding file naming in SSL VPN Zip file. As per this post I download the config archive from a 50 H firewall: https://community.zyxel.com/en/discussion/32315/h-series-ssl-vpn-download-config-button-is-green-only-on-premise And I see that inside the Zip file there are 2…
USG FLEX 500 H V1.37(ABZH.0)
Hello, I'm looking for the CLI command to create a new interface ge5 for example ? I'm also looking for the CLI command to remove a port (p10) from interface ge4 and finally, I'm also looking for the commande to remove an existing interface, for example ge2. I looked at this guide :…
IPSec VPN Site-to-Site behind router
Hello sir or madame, this is my problem. I have 3 buildings with 3 distinct types of connection: [home]#A Router#A FRITZ!Box 4040 (OS 08.03) connected to ONT Router#1 - IP 192.168.198.60 DHCP server Local Area Network 192.168.198.0/24 FTTH connection [company]#B Router#B FRITZ!Box 7560 (OS 07.30) connected to ONT IP…
DNS cookie...and this system...
This really is something else you got going on with all the root and TLD servers. So to bring everyone upto speed Zyxel have a system where your WAN interface links up to Nebula and does this in such a way that if you have two WAN and you try to force Zywall to use a given WAN you get blocked because Nebula was expecting…
Tailscale Exit node broken after V1.37(ABWV.0)
Hello just upgrade my USG Flex 200H to 1.37 today. Tailscale is no longer able to be seen as available as an exit node on my clients. The devices is reporting as offline even though no setting other than firmware was applied. I logged into the the tailscale web site and it is reporting that it was last seen right before…
USG Flex H series - Remote VPN no longer works since v1.36
I have upgraded a flex200H to 1.36 and now remote VPN via windows client no longer works as intended. It seems to be a routing issue as the VPN will connect and i can access and ping the USG but no local resources. Split tunneling also does not work so I have a VPN that can only access the USG and nothing else. There have…
A small thing, but very irritating - USG FLEX 200H
When the device configuration backup is set, after each device update to a higher version, the same with 1.37, the last backup files before the update are deleted and suddenly files from several months earlier appear that were not visible in the window before the update, e.g. from September 2025.
1.37 - Wrong Remote Access VPN Batch file script
Hi, this relates to a USG Flex 100H with the current V1.37 firmware. I've just setup Remote Access VPN and I used the download option for "VPN Configuration Script Download". I've used the windows batch file script to create the VPN connection. There is a syntax error in the generated batch file script related to split…
Remote vpn and mfa
We made a Remote access VPN connection for the customer using the native Windows VPN client. We also put a VPN on top of MFA. MFA only supports local users. The user needs Google Authenticator to use it. Is the only way to get the user a QR code for the authenticator, that the user logs in inside the firewall and scans the…
1.37 uOS - Gold Security Pack trial does not apply to H series
Hello everyone, as you can see I activated a Gold Security Pack trial linked to a site where I have a 100HP with 1.37 onboard: But Nebula shows me: So checking its licenses it seems to me that the Nebula update does not accept trial for updated H series: How can I fix that?
1.37 uOS - Clicking on Security Policy does not save NAT rule
Hello everyone, when you set a new NAT rule and you click on Security Policy: the system does not ask you if you want to save or not the new rule you just edit, so you go to Security Policy area losing the NAT rule. It should be better to have a popup menu asking you if you want to save the new rule. If you click on Apply:…
1.37 uOS - no visible line for new Service on Nebula
Hello everyone, when you go here: to add a new Service you click on Add: but the line is NOT visible. To see it you have to click on Results per page: And then wait for the new refresh page: In this way you have to wait for the entire list of Services instead of placing just the port number you need and go on. If you have…
1.37 uOS - errors when you set DHCP table from Nebula
Hello everyone, I was testing new firmware to deploy in production. As you set DHCP table on Nebula: While if you log in to your firewall and set it from there everything is smooth: Why I cannot set the DHCP reservation from Nebula?
1.37 uOS - DHCP reservation and client list NOT working
Hello everyone, on a site I decided to assign 192.168.0.250 to a switch but it became unreachable. So I gave it the x.x.x.253 IP and now I can see it: The problem is that the firewall does NOT show me the fact that x.x.x.250 was already taken using the On-Premise UI: So I verified it via Nebula and there I see something…
1.37 uOS - wrong default WAN selected inside NAT and VPN panel
Hello everyone, when you want to open a port for a specific server you have to use NAT: The problem is that the 100HP starts offering me always ge2: that is a WAN offline: I had the same issue with VPN panel where I had to set ge1 as primary interface: If you use the on-premise UI everything seems smooth: Is it a Nebula…

Welcome!

It looks like you're new here. Sign in or register to get started.