Zywall USG FLEX Series, ATP Series & VPN Series - V5.35 Firmware Release

Zyxel_Stanley Posts: 1,373  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Zywall USG FLEX Series, ATP Series & VPN Series Release Note Jan, 2023

Firmware Version on all models

USG FLEX 50V5.35(ABAQ.0)ATP100V5.35(ABPS.0)VPN50V5.35(ABHL.0)
USG FLEX 50WV5.35(ABAR.0)ATP100WV5.35(ABRW.0)VPN100V5.35(ABFV.0)
USG FLEX 100V5.35(ABUH.0)ATP200V5.35(ABFW.0)VPN300V5.35(ABFC.0)
USG FLEX 100WV5.35(ABWC.0)ATP500V5.35(ABFU.0)VPN1000V5.35(ABIP.0)
USG FLEX 200V5.35(ABUI.0)ATP700V5.35(ABTJ.0)
USG FLEX 500V5.35(ABUJ.0)ATP800V5.35(ABIQ.0)
USG FLEX 700V5.35(ABWD.0)

New Feature and Enhancements

CLD=Cloud mode, STD=Standalone mode
No.EnhancementCLD  STD  
1.Configuration files download with password protectionV
2.Custom DDNS support auto update when public IP changedV
3.Automatically update DDNS IP address at DDNS monitor pageV
4.System Log support DHCP IP conflict detectionV
5.Support traffic log rotate on USB storageV
6.Support Sensitive Data Protection to protect management passwordV
7.[AP Controller] Update AP images V6.45(.0)V
8.[AP Controller] DCS Client Aware default setting changed to disable.V
9.[AP Controller] DFS channel behavior enhance for better UX.V
10.[AP Controller] APC changed multicast to unicast default setting.V
11.[AP Controller] Refine default AMPDU size.V
12.[AP Controller] Support WiFi6E settings on APC.V
13.[AP Controller] Support WAX655E Ethernet setting.V
14.[AP Controller] Hostname supported in wireless station info.V
15.[AP Controller] CAPWAP online/offline does not kick STA.V
16.[AP Controller] Top-N supports 6GHz radio information.V
17.[AP Controller] ZLD 5.3x APC fully support WiFi6E AP.V
18.[AP Controller] ZyMesh support WiFi 6E (6GHz).V
19.[Feature Change] [eITS#220600529] Response Message remove customization page layout change to default block page design.V
20.[Feature Change] The default radio profile under AP controller in Wireless setup wizard change from 11ac to 11axV
21.[Feature Change] Modify the wording at 5G Radio page:
a.   Change the wording “Enable 5 GHz DFS Aware” to “Avoid 5 GHz DFS Channel”
22.Support captive portal logout via
23.SecuReporter traffic log support client MAC addressV
24.Event Log support DHCP IP conflict detectionV

Bug Fix

CLD=Cloud mode, STD=Standalone mode

No.     Bug FixCLD   STD   
1.     eITS#221000888 / 221200149
a.   Fix: The device stops sending SMS via a SMS gateway after several days and also becomes unresponsive.
2.     eITS#221001336
a.   Fix: In the policy route rule, select interface/gateway as the next hop and enable connectivity check. After you change the next hop from interface/gateway to trunk, connectivity check becomes greyed out but the previous connectivity check settings are still applied to the policy route rule.
3.     eITS#221100576
a.   Fix: USG FLEX 50 virtual device in the dashboard is incorrect
4.     eITS# 221100935
a.   Fix: Support fast recovery
5.     eITS# 221101130
a. Fix: the boot up console warning message and SYS red light issue.
6.     eITS# 221101139
a.   Fix: Security policy is not working when 2FA is enabled
7.     eITS#221101280
a.   Fix: NAT port forwarding data transfer rate is unstable
8.     eITS#221101428
a.   Fix: Since the device is upgraded to firmware to V5.32, the warning message “Unverified Firmware Installed” pops up in the dashboard.
9.     eITS#221101628 / 220301602
a.   Fix: USG FLEX unexpected reboot
10.     eITS#221201009
a.   Fix: SNMP get incorrect value after the interface is disconnected.
11.     eITS#221000144
a.   Fix: CPU and memory usage don't display in Monitor > Firewall > Status. Event log is also empty.
12.     eITS#221000422
a.   Fix: WiFi clients have no internet access due to IPS customized signatures that are created in the previous on-premises mode.
13.     eITS#221100122
a.   Fix: USG FLEX becomes offline on Nebula when the number of Firewall clients exceed 2048.
14.     eITS#221200797
a.   Fix: In the Monitor > Clients > Firewall page only the clients connected to lan1 will be displayed and the clients connected to other ports such as SFP port will not be displayed.
15.     Common vulnerabilities and Exposures:
ZLD5.35 is no longer vulnerable to the following CVE References: CVE-2022-40603