USG FLEX H Series - Routing Enhancements

Zyxel_Richard Posts: 249  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited May 17 in Networking

USG FLEX H Series - Routing Enhancements

With the release of firmware version 1.20, the USG FLEX H Series introduces several significant enhancements to routing capabilities, particularly focusing on routing auto-disable and auto-recovery features. These enhancements aim to improve network reliability and ensure seamless failover in the event of link failures. This article will guide you through the new features and how to configure them.

Policy Routing Auto-Disable and Auto-Recovery


The routing auto-disable and auto-recovery features are designed to automatically disable routes when a link fails and re-enable them once the link is restored. This ensures that traffic is rerouted through alternative paths, maintaining network connectivity.

Use Case

Consider a scenario where you have two policy routes, one directing traffic to ISP1 and another to ISP2. If ISP1's link fails, the auto-disable feature will deactivate the route to ISP1, causing all traffic to be routed through ISP2. Once ISP1's link is restored, the auto-recovery feature will re-enable the route to ISP1, and traffic will resume its original path.

Configuration Steps

Navigate to Policy Routing:
  • Go to the Network section in your firewall’s configuration interface.
  • Select Routing and then Policy Route.
Create a Policy Route:
  • Click on the Add button to create a new policy route.
  • Define the policy name and criteria.
Enable Advanced Settings:
  • Scroll down to the Advanced Settings section.
  • Select Interface or Gateway as the next hop type (do not use Auto).
Configure Health Check:
  • Enable the Health Check option.
  • Choose the health check method: Disable policy route automatically when interface is link down or ICMP Ping Check.
  • If using ICMP Ping Check, specify the IP address to ping (e.g.,
Apply Configuration:
  • Click Apply to save the policy route.

Status Indicators

  • Green: The policy route is active.
  • Gray: The policy route is temporarily disabled by auto-disable or connectivity check.
  • Red: The policy route is manually disabled.

Log Verification

You can verify the status of your policy routes and connectivity checks through the event logs:

  • Navigate to Event Logs:
    • Go to Logs and Reports > Event Logs.
  • Filter Logs:
    • Look for events related to Connectivity Check or Policy Route.
    • Logs will indicate if a policy route was disabled or re-enabled due to connectivity check results.

Static Routes with Auto-Disable and Auto-Recovery


Static routes can also benefit from auto-disable and auto-recovery features. Similar to policy routes, static routes will be disabled if the next hop interface goes down and re-enabled once the link is restored.

Configuration Steps

Navigate to Static Routes:
  • Go to Network and then Routing > Static Route.
Create a Static Route:
  • Click on the Add button to create a new static route.
  • Define the route name, destination, and next hop interface.
Enable Connectivity Check:
  • To enable connectivity checks for static routes, navigate to the WAN interface settings.
  • Select the WAN interface and enable Connectivity Check.
  • Specify the method (e.g., ICMP Ping Check) and target IP address.

VPN and Policy Routing Integration

Route-Based VPN

Route-based VPNs can also leverage auto-disable and auto-recovery features to ensure continuous connectivity. By configuring policy routes with VPN tunnel interfaces, you can ensure that traffic is rerouted through backup tunnels if the primary tunnel fails.

Configuration Steps

Create VPN Tunnel:
  • Go to VPN and create a route-based VPN tunnel.
  • Define the VTI (Virtual Tunnel Interface).
Configure Policy Route with VTI:
  • Navigate to Network > Routing > Policy Route.
  • Add a new policy route and select the VTI as the next hop interface.
  • Enable Health Check and specify the criteria.


The routing enhancements in USG FLEX H Series firmware version 1.20 provide robust solutions for ensuring network reliability and seamless failover. By leveraging auto-disable and auto-recovery features, administrators can maintain continuous connectivity and optimize network performance.