Zywall USG FLEX H Series - V1.20 patch0 Firmware Release

Zyxel_Melen
Zyxel_Melen Posts: 2,406  Zyxel Employee
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

Zywall USG FLEX H Series Release Note 

April 2024

Firmware Version on all models

  • Please use the cloud firmware upgrade function to upgrade USG FLEX H Series
USG FLEX H SeriesFirmware version
FLEX100HV1.20(ABXF.0)
FLEX100HPV1.20(ACII.0)
FLEX200HV1.20(ABWV.0)
FLEX200HPV1.20(ABXE.0)
FLEX500HV1.20(ABZH.0)
FLEX700HV1.20(ABZI.0)

Note: For the initial installation of the USG FLEX H Series firewall, please using the firmware wizard to upgrade to uOS 1.08 Patch 1 firmware first, and then proceed with the upgrade to uOS1.10 firmware. The device becomes unreachable if you upgrade USG FLEX H directly from factory default version to 1.10 P1 or later firmware version directly.

New Feature and Enhancements

1. [Enhancement][eITS#230701372] Support External Block List for Reputation Filter. (ZNGA-1125,1126,1127,4023)

2. [Enhancement] Support ARP Spoofing Protection.

3. [Enhancement] Reputation Filter supports the Allow List push from SecuReporter portal. (ZNGA-3267, 3268, 3269)

4. [Enhancement] Support VPN failover. (ZNGA-3456,2883,2819,1700,532)

5. [Enhancement] Support Bandwidth Management (BWM). (ZNGA-3705, 4548, 4366)

6. [Enhancement] Add Copy function for Security Policy. (ZNGA-3723)

7. [Enhancement] Support Microsoft AD Authentication for IPsec/SSL Remote Access VPN. (ZNGA-1134,3163,3272,4373)

8. [Enhancement] Support LDAP external Authentication for SSL Remote Access VPN. (ZNGA-1565)

9. [Enhancement] Allow conversion from Wizard-type to Custom-type on the VPN Wizard edit page.

10. [Enhancement] VPN Wizard edit page: add 'Go to Static Route' link when edit route-based rule. (ZNGA-4660)

11. [Enhancement] Support SSL VPN add to Zone. (ZNGA-4138,4492)

12. [Enhancement] Support two-factor authentication for VPN access using Google/Microsoft Authenticator. (ZNGA-4162,442)

13. [Enhancement] Site-to-Site VPN Wizard and Custom type add Routes conflict check.

14. [Enhancement] Support failover for Static Route and Policy Route through ping-check. (ZNGA-1705)

15. [Enhancement] [eITS#230801176] Support VTI in Policy Route. (ZNGA- 2393,3445,3456,3678)

16. [Enhancement] [eITS#230801177] Support policy route health check. (ZNGA- 3744,4186)

17. [Enhancement] Implement rule-based hit count information for Security Policy and Policy Route. (ZNGA-3142,3487)

18. [Enhancement][eITS#230700790] Add disable option for Global Zone Forwarder. (ZNGA-3680)

19. [Enhancement][eITS#240101556] Add Services Port conflict check and message. (ZNGA-4612,4712,4487)

20. [Enhancement] Add status column and Routes conflict check in Static Router page. (ZNGA-4614)

21. [Enhancement][eITS#230700934] Support modify MAC address for Ethernet Interface & VLAN Interface. (ZNGA-3291, 923)

22. [Enhancement] DHCP enhancement:
a. DHCP Table add Edit action and Description column. (ZNGA-3695)
b. DHCP Table add Host Name duplicated check in Static IP.
c. [eITS#230800272, 231200626] Support DHCP extended options to internal interfaces. (ZNGA-3740,4793)
d. On the Network > Interface page, automatically fill in the Start IP field in the DHCP Server section when editing or adding LAN settings. (ZNGA- 3702)

23. [Enhancement] [eITS#230800732] DDNS supports behind NAT scenario that will update the public IP. (ZNGA-3743)

24. [Enhancement] Implement DDNS failover based on the connection status of the interface. (ZNGA-4176)

25. [Enhancement] Support Session Control function. (ZNGA-419)

26. [Enhancement] Bridge interface add "Role" setting (ZNGA-4338)

27. [Enhancement] add "VLAN ID" column in the Interface page. (ZNGA-4009)

28. [Enhancement] Implement automatic update functionality for the GeoIP database and Certificates. (ZNGA-3790,4670)

29. [Enhancement] Support CIDR Notation. (ZNGA-3396, Seeding#1278)

30. [Enhancement] Add GeoIP country information in the Log/Events page. (ZNGA-3520)

31. [Enhancement] Add address object range hint message at Address Object. (ZNGA-4377)

32. [Enhancement] New Add Traffic Statistics > Application Usage. (ZNGA- 22,4183)

33. [Enhancement] Device Insight enhancement:
a. Add Astra data source to Device Insight. (ZNGA-3266, 3965, 4285)
b. Gray out the 'Remove' button when a Blocked client is selected. (ZNGA- 4734)

34. [Enhancement] [eITS#230701224] Stop username from being capitalized when Login. (ZNGA-3359)

35. [Enhancement] Display boot up status at System Dashboard. (ZNGA-3538)

36. [Enhancement] [eITS#230800348] Double-click to enter Edit mode. (ZNGA- 3540)

37. [Enhancement] Display session duration in the format of hh:mm:ss in the Session Monitor. (ZNGA-3691)

38. [Enhancement] Add Export function at Log page (Export to Excel file). (ZNGA-2971)

39. [Enhancement] Enhance the configuration backup feature to only perform a backup when there are changes to the configuration. (ZNGA-3734)

40. [Enhancement][eITS#230800053] Add description field to Allow/Block list for the security services. (ZNGA-3738)

41. [Enhancement] [eITS#230800351] Revise the GUI grid table resizing behavior, introducing a new 'Fit View' functionality. (ZNGA-3741)

42. [Enhancement] [eITS#230801252] Add the system language setting to the top right corner. (ZNGA-3745)

43. [Enhancement] Add an 'Advanced' page within the System category. This 'Advanced' page allows users to adjust System Parameters, such as UDP/ICMP timeout, and includes toggles for enabling or disabling Additional Features. (ZNGA-3941)

44. [Enhancement] Log event add Src. Port (Source Port) and Dst. Port (Destination Port) information. (ZNGA-4003)

45. [Enhancement] Implement hover effects on action icons. (ZNGA-4087)

46. [Enhancement] Initial Setup Wizard refine the Nebula onboarding flow. (ZNGA-4093)

47. [Enhancement] Support Configuration File test/verify function. (ZNGA-4337)

48. [Enhancement] Troubleshooting enhancement:
a. Display error message at Console when apply configuration failed. (ZNGA-3797)
b. Display boot up status and message at Console. (ZNGA-3799)
c. Allow copying the configuration to a USB drive using the command-line interface (CLI). (ZNGA-3892)
d. Diagnostic content add a file of Boot & Apply process logs. (ZNGA-4165)
e. Add file header to the configuration file. (ZNGA-4364)

49. [Enhancement] Click "The latest log" title in System Dashboard will redirect to the Log/Event page. (ZNGA-4250)

50. [Enhancement] Implement the new filter style on the Log page and Session Monitor. (ZNGA-4355,4542)

51. [Enhancement] Change address object type 'CIDR' to 'SUBNET' (ZNGA-4375)

52. [Enhancement] Object pages to add ‘Description’ column. (ZNGA-4376)

53. [Enhancement] Add URL report link at Content Filter General and URL Threat Filter General page. (ZNGA-4552)

54. [Enhancement] Email Daily Report add Application Usage. (ZNGA- 4554,4591)

55. [Feature Change] DoS Prevention is turned off by default. (ZNGA-4444)

56. [Feature Change] Default enable the "Auto Reboot" function when doing Firmware Auto Update and Remove the on/off from GUI (ZNGA-4751)

57. [Feature Change] By default, PoE power is disabled on Port 3 and Port 4 for USG FLEX 700H. (ZNGA-4360)

58. [Feature Change] Menu Tree adjustment (ZNGA-4371):
a. Change 'System Statistics' to 'Traffic Statistics'
b. Move out "Session Monitor" to 'Traffic Statistics'
c. Remove "Resource" from 'Traffic Statistics'. Resource data can be read at System Dashboard.
d. New add "Application Usage" to 'Traffic Statistics'
e. Move Device Insight on/off to "Advanced" page

Bug Fix

1. [Bug Fix][eITS#230700936][ZNGA-3339] Interface setting is ineffective after interface type is changed.

2. [Bug Fix][eITS#230701023][ZNGA-3309] NAT rule is not working.

3. [Bug Fix][eITS#230701149][ZNGA-3333] Add static DHCP reservation entries in Network > Interface.

4. [Bug Fix][eITS#230800882][ZNGA-3478] Devices should not respond to DNS queries originating from the WAN interface when a security policy with content filtering is applied between the WAN and WAN interfaces.

5. [Bug Fix][eITS#230801575][ZNGA-3593] Firewall local-out SNAT does not work.

6. [Bug Fix][eITS#230900765][ZNGA-3755] Firewall do Destination NAT even if TCP first packet is not SYN.

7. [Bug Fix][eITS#230900864][ZNGA-3776] Unable to disable DHCP server of all interfaces.

8. [Bug Fix][eITS#230901363][ZNGA-3862] Under the EEE feature, the AP may encounter compatibility issues with certain devices.

9. [Bug Fix][eITS#230901052][ZNGA-3812] DNAT cannot work.

10. [Bug Fix][eITS#231000138][ZNGA-3872] With AES128/SHA256 with DH14/DH2 groups, IPSec VPN on iPhone cannot be established.

11. [Bug Fix][eITS#231000224][ZNGA-3889,3890] Inactivate VPN profile but the status still shows connected.

12. [Bug Fix][eITS#231000238][ZNGA-3883] If the VPN profile name exceeds 19 characters, it always in loading status when clicking "connect" button.

13. [Bug Fix][eITS#231000350][ZNGA-3894] In PPPoE, the settings should not be saved when the retype password field of is empty.

14. [Bug Fix][eITS#231000557][ZNGA-3915] The extension .conf should be added automatically while users backup configuration.

15. [Bug Fix][eITS#231000599][ZNGA-3918] Unable to edit Default Trunk.

16. [Bug Fix][eITS#231000601][ZNGA-3919] In the Initial Wizard, it should not allow users to configure different subnets in WAN IP and default gateway.

17. [Bug Fix][eITS#231000868][ZNGA-3940] Unable to set the static DHCP IP in the DHCP server option. Users need to navigate to Network Status > DHCP Table to configure.

18. [Bug Fix][eITS#231001044][ZNGA-3957] Anti-malware causes network slowness.

19. [Bug Fix][eITS#231001922][ZNGA-4005] Skip the second connection test when the device passes the first connection test.

20. [Bug Fix][eITS#231001962][ZNGA-4010] Unable to access the internet the device becomes unresponsive.

21. [Bug Fix][eITS#231001978][ZNGA-3994] USG Flex 700H is experiencing unexpected reboots when a USB flash drive is plugged in.

22. [Bug Fix][eITS#231001989][ZNGA-4060] The connection port statistics traffic graph displays abnormally.

23. [Bug Fix][eITS#231001990][ZNGA-3989] Graph of the same port are duplicated in System Statistics > Port > Monitor Port.

24. [Bug Fix][eITS#231002035][ZNGA-4011] Unable to assign the DHCP IP because the device becomes unresponsive.

25. [Bug Fix][eITS#231002151][ZNGA-4027] Poor SSL Inspection performance and Teams is not usable.

26. [Bug Fix][eITS#231100108][ZNGA-4014] Firewall does not assign IP address to the connected host, and even cannot be connected with static IP.

27. [Bug Fix][eITS#231100792][ZNGA-4065] NAT rule doesn't work if one of wan connections is lost.

28. [Bug Fix][eITS#231101152][ZNGA-4114] The page for Trunk is stuck in loading.

29. [Bug Fix][eITS#231101272][ZNGA-4090] Sometimes the NAT and routing settings disappear.

30. [Bug Fix][eITS#231101418][ZNGA-4151] When enabling/disabling remote access VPN function, an error message pops up on GUI.

31. [Bug Fix][eITS#231200178][ZNGA-4161] Once the firewall rule applied user profile, the rule cannot detect VPN related session.

32. [Bug Fix][eITS#231200349][ZNGA-4170] When disabling DHCP server on GE3, you cannot make any changes in the GE4.

33. [Bug Fix][eITS#231200357][ZNGA-4168] SNAT entry in policy route becomes "none" after IP address is configured and saved.

34. [Bug Fix][eITS#231200715][ZNGA-4206] The firewall rule cannot detect the SSL VPN connection established from the OpenVPN Connect with user ID.

35. [Bug Fix][eITS#231200716][ZNGA-4196] Network > Interface > Trunk fails to load.

36. [Bug Fix][eITS#231200802][ZNGA-4198] Unable to control user by remote VPN by firewall rule

37. [Bug Fix][eITS#231200991][ZNGA-4317] After firewall reboots, you need to inactivate/activate the NAT profile again to make NAT work again.

38. [Bug Fix][eITS#231201025][ZNGA-4233] If you create more continent GeoIP objects, some Geo IP addresses are not correctly assigned. After these continent GeoIP objects are removed, these Geo IP addresses can be correctly assigned.

39. [Bug Fix][eITS#231201089][ZNGA-4259] The device doesn't generate sys log into USB storage immediately.

40. [Bug Fix][eITS#231201247][ZNGA-4256] IKEv2 remote VPN connection cannot access internet.

41. [Bug Fix][eITS#231201457][ZNGA-4255] Firewall cannot obtain IP in specific condition

42. [Bug Fix][eITS#231201467][ZNGA-4281] Incorrect limitation for the IPSec VPN zone

43. [Bug Fix][eITS#240100145][ZNGA-4276] The nslookup tool cannot resolve the longer TLD domain name. The field should support the TLD length of 63 characters.

44. [Bug Fix][eITS#240100206][ZNGA-4453] NAT is not working.

45. [Bug Fix][eITS#240100211][ZNGA-4307] When a new user is created, GUI pops up an error message.

46. [Bug Fix][eITS#240100321][ZNGA-4339] Sometimes NAT rule and policy disappear. User needs to reboot device to recover it.

47. [Bug Fix][eITS#240100480][ZNGA-4320] Create several GeoIP in a address group and apply the group object to a security policy rule. Only the 1st entry is working. It does not go to the 2nd entry but jumps to the next security policy rule.

48. [Bug Fix][eITS#240100590][ZNGA-4343] On Dashboard > Security, the area of the threat filter is always loading.

49. [Bug Fix][eITS#240100647][ZNGA-4346] When trying to adjust the settings for ge1_PPP, an error pops out. But after clicking OK, the page shows the adjusted settings.

50. [Bug Fix][eITS#240100728][ZNGA-4347] Device reboots unexpectedly.

51. [Bug Fix][eITS#240100813][ZNGA-4409] The page of Log event is always loading.

52. [Bug Fix][eITS#240100875][ZNGA-4365] Relay server settings disappear after you click "Save".

53. [Bug Fix][eITS#240100884][ZNGA-4399] When disabling DHCP server on GE3, you cannot make any changes in the GE4.

54. [Bug Fix][eITS#240100980][ZNGA-4451] USG Flex H doesn't support IP in IP tunnel routing.

55. [Bug Fix][eITS#240101119][ZNGA-4397] All settings on web GUI are empty.

56. [Bug Fix][eITS#240101125][ZNGA-4452] The error message “Command failed: CHILD_SA config 'sec_policy1_VPN- HOME' not found” pops up when you connect site-to-site VPN.

57. [Bug Fix][eITS#240101192][ZNGA-4567,4685] The PPTP(TCP 1723 port) traffic cannot be NAT forwarded from WAN to LAN normally.

58. [Bug Fix][eITS#240101242][ZNGA-4517] An error message pops up when dialing PPPoE connection.

59. [Bug Fix][eITS#240101258][ZNGA-4446] The error "WebSocket KeepAlive failed." appears on Dashboard > System and Network > Interface.

60. [Bug Fix][eITS#240101639][ZNGA-4474] IKEv2 with Windows native client cannot be connected.

61. [Bug Fix][eITS#240200217][ZNGA-4541] The device becomes unresponsive.

62. [Bug Fix][eITS#240200307][ZNGA-4514] When WAN1 connectivity check is fail, the DDNS does not update to WAN2 automatically.

63. [Bug Fix][eITS#240201202][ZNGA-4561] Firewall rule is not working due to false address-object settings.

64. [Bug Fix][eITS#240201528][ZNGA-4655] PPTP VPN can’t build up when initialed from LAN side..

65. [Bug Fix][eITS#240300253][ZNGA-4616] The reserved DHCP IP is unable to release from DHCP table after changing the interface IP segment.

66. [Bug Fix][eITS#240300390][ZNGA-4765] NAT is not working.

67. [Bug Fix][ZNGA-2819, 3817] After manual disconnect tunnel the IPsec VPN with Nailed-up setting will not auto reconnect. 

68. Upgrade your devices to uOS1.20 for enhanced protection against the CVE references listed, as uOS1.20 is no longer vulnerable to them.
    - CVE-2023-6398

    - CVE-2023-6399

Please refer to the Download Link for more details.

Comments

  • There is no download link, I think I need the latest firmware of USG FLEX 500H.

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,406  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited June 20

    Hi @aaaaaaaaaaaaa,

    Please use the cloud firmware upgrade function to upgrade the USG FLEX H Series. Thanks.

    In addition, for the initial installation of the USG FLEX H Series firewall, please using the firmware wizard to upgrade to uOS 1.08 Patch 1 firmware first, and then proceed with the upgrade to uOS1.10 firmware. The device becomes unreachable if you upgrade USG FLEX H directly from factory default version to 1.10 P1 or later firmware version directly.