Failed to upgrade to the new ZLD5.21 patch 1: why and how to resolve it?

Zyxel_Vic

Zyxel had just released the new ZLD5.21 patch1, which fixed the parsing error in the Application signature V1.0.0.20220310.0.

However, Zyxel support had received support cases, where the firmware upgrade operation failed in certain conditions, in both on-premise mode or Nebula-managed mode. This supplement document is created to help Zyxel customers using USG FLEX, ATP, and also USG20-VPN/20W-VPN to self-service upgrading firmware to the latest one.

On-Premises Mode :

BEFORE YOU BEGIN:

1. This document is applicable to USG FLEX series, ATP series, and also USG20-VPN/20W-VPN
2. IF YOUR FIREWALL WAS CONFIGURED WITH DEVICE HA, PLEASE REFER TO "Recovery steps for USG FLEX/ATP Series with Device HA Firmware Update Fail"
   
3. If your device was suffering device hang after reboot, please refer to the "Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue" to recover the device
   

For the devices which are running standalone and managed from device GUI. No HA (High Availability) feature is implemented. You can follow the procedure "Cloud firmware upgrade -- On-premises mode" to finish the upgrading

On-Cloud Mode (Devices are managed by Nebula Control Center):

BEFORE YOU BEGIN:

1. The procedure explained in this section is applicable to USG FLEX series, and ATP series only. IF you are using USG20-VPN/20W-VPN, DO NOT following the procedures here, however Zyxel will provide new patch via Nebula Control Center shortly.
2. If your device was suffering device hang after reboot, please refer to the "Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue"

To upgrade the On-Cloud mode devices, please follow the procedure below
Upgrading flow