USG FLEX H Series - V1.32Patch 0 Firmware Release
Zyxel Employee
Zywall USG FLEX H Series Release Note
April 2025
Firmware Version on all models
- Please use the cloud firmware upgrade function to upgrade USG FLEX H Series
| USG FLEX H Series | Firmware Version |
| FLEX50H | V1.32(ACLO.0)C0 |
| FLEX50HP | V1.32(ACLP.0)C0 |
| FLEX100H | V1.32(ABXF.0)C0 |
| FLEX100HP | V1.32(ACII.0)C0 |
| FLEX200H | V1.32(ABWV.0)C0 |
| FLEX200HP | V1.32(ABXE.0)C0 |
| FLEX500H | V1.32(ABZH.0)C0 |
| FLEX700H | V1.32(ABZI.0)C0 |
New Feature and Enhancements
1. [Enhancement] Support DoT/DoH Blocking.
2. [Enhancement] Support Application Patrol allow list to allow only specified applications. [eITS#240900222].
3. [Enhancement] Support Sign-on Captive Portal (Web authentication policy).
Behavior change notice: Since uOS 1.32, only users listed in the Captive Portal authentication policy can log in and access the Internet through the device.
Parameter:
Maximum Authentication Policy 10
Maximum Exempt List per Policy 50
Maximum Walled Garden per Policy 30
4. [Enhancement] Support Tailscale VPN.
5. [Enhancement] IPsec VPN support Bridge interface.
6. [Enhancement] Support LAG (Link Aggregation) interface.
7. [Enhancement] Support external user group.
8. [Enhancement] Bandwidth Management support schedule, rule type per- user and per-source-ip.
9. [Enhancement] Support AP Controller with Secure WiFi service.
Special Notice: Remote AP and Tunnel AP are not supported yet; support is planned for the October 2025 release.
a. Managed AP Numbers:
|
Model Name |
Default Manageable AP Numbers |
Maximum Manageable AP Numbers |
|
USG FLEX 50H/50HP |
8 |
12 |
|
USG FLEX 100H/100HP |
8 |
24 |
|
USG FLEX 200H/200HP |
8 |
40 |
|
USG FLEX 500H |
8 |
72 |
|
USG FLEX 700H |
8 |
520 |
b. Wireless configuration for AP Controller and AP management.
c. Support AP Controller and AP Log settings and events.
d. Support AP Controller SNMP.
e. Unmask SSID pre-shared key. [eITS#220200760, 230101321]
f. Gold Security Pack add Secure WiFi service and Support a-la-carte Secure WiFi license.
g. Support IEEE 802.1x authentication.
h. Support APC smart mesh.
10. [Enhancement] Support Route Trace. [eITS#230900984]
11. [Enhancement] Device HA enhancement:
a. Device SYS LED to display Device HA pairing status.
b. Support virtual MAC algorithm.
c. Device HA status display full sync. information config/file lists.
d. Support Pause Device HA function for troubleshooting.
e. For a better user experience, a prompt will appear when uploading firmware via the GUI on a Device-HA setup.
12. [Enhancement] Support Smart Sync.: Nebula and Device local configuration synchronization.
13. [Enhancement] Support Nebula Auto-link VPN (non-nebula VPN).
14. [Enhancement] Support Nebula NAT, Routing, Security Policy and Firewall settings.
15. [Enhancement] Support Nebula Application/Client usage monitoring.
16. [Enhancement] User experience enhancements:
a. Add “Renew” button in Network status > Interface when wan is DHCP client. [eITS#250100625]
b. Update the “Release” icon at Network Status > DHCP Table.
c. On the Interface Configuration page, add a mechanism to check for Static IP and subnet overlap.
d. Update the i-note at Remote Access IPsec and SSL VPN, to make it more clearly.
e. Device reboot event email content fine tune and more information.
17. [Feature Change] "My Certificates" and "Trust Certificates" are each limited to a maximum of 10 certificates.
18. [Feature Change] The GUI will no longer auto-generate Ethernet interfaces upon removal, instead prompting a warning; "eth" interfaces will now be displayed in the Interface Summary, auto-removal behavior is removed, and a new warning will appear if a VLAN interface exists without a corresponding Ethernet interface. [eITS#250200421]
19. [Feature Change] System > Settings Remove the 'HTTP/HTTPS Auth Server' section.
Bug Fix
1. [eITS#160200757] HA Certificate sync. Issue.
2. [eITS#210800986] Enhancement: Auto whitelisting source IP in backend when VPN tunnels phase 1 is done.
3. [eITS#221200441] When Slave device becomes Active, then in the top icon bar SecuReporter icon is missing.
4. [eITS#240500400] SNMP query is not responding.
5. [eITS#240601358] Missing service group member after device reboots.
6. [eITS#241001254, 241200549] VPN Pre-shared key is not working when the character " is included.
7. [eITS#241200131] Sending the email report takes over 15 minutes.
8. [eITS#241200902] SSL/TLS DoS vulnerabilities (disable DHE).
9. [eITS#241200916] Enhancement: Support consumption mode by default and support multiple PoE devices.
10. [eITS#250100196] Enhancement: When using Nebula mode to upgrade firmware, the firmware will be updated in the standby partition.
11. [eITS#250100275] Security Policy User filter does not work for OpenVPN SSL user account.
12. [eITS#250100382] The sandboxing feature causes the firewall reboot unexpectedly.
13. [eITS#250100489] Remove the unused DOMPurify package.
14. [eITS#250100640, 250201503] Need to remove unsupported settings before using converter.
15. [eITS#250201503, 250300781] Need to remove unsupported settings before using converter.
16. [eITS#250100845, 250101359] After logging to firewall, the dashboard is not loading and an error message pops up.
17. [eITS#250100862] The file still exists on the page of System Log Archives in USB Storage unless you refresh the page.
18. [eITS#250101171] Test Web Site Category feature is not working.
19. [eITS#250101226] After updating the PFS in Phase2 and saving it, the VPN script does not update the new PFS value (DH5).
20. [eITS#250101289] When User “Any” is selected, it is not able to authenticate RADIUS users in IKEv2 Remote Access VPN.
21. [eITS#250101306] The event log shows multiple "Category query fail-open" messages.
22. [eITS#250101367] Once the console speed is set to 9600 in PuTTY, the firewall generates noise characters in the console output.
23. [eITS#250101511] Port 13 and port 14 LED light are not working on USG FLEX 700H.
24. [eITS#250101598] After logging to firewall, the dashboard is not loading and an error message pops up.
25. [eITS#250101643] The event log shows multiple "Category query fail-open" messages.
26. [eITS#250101686] Test Web Site Category feature not working.
27. [eITS#250101765] Get config fail message when edit config.
28. [eITS#250101835] The size of Nebula certificate on firewall is 0 (Null) that causes firewall not able to get license status.
29. [eITS#250200057] DNS Content Filter and DNS Threat Filter services cause device reboot.
30. [eITS#250200097] The event log shows multiple "Category query fail-open" messages.
31. [eITS#250200141] The DNS filter feature causes the firewall reboot unexpectedly.
32. [eITS#250200161] DNS Content Filter and DNS Threat Filter services cause network slow.
33. [eITS#250200309] The DNS content filter feature causes the firewall to unexpectedly reboot.
34. [eITS#250200344] Receiving empty alert content when using Office 365 as SMTP server.
35. [eITS#250200466] The routing status incorrectly displays the local and remote policies by swapping them around.
36. [eITS#250200608] Bridge interface and member disappear.
37. [eITS#250201019] GUI shows unable to save/write the startup configuration.
38. [eITS#250201655] USG FLEX 700H reboots randomly.
39. [eITS#250301115] USG Flex 700H rebooted unexpectedly.
40. [eITS#250301533] Login User show "-1".
⚫ Upgrade your devices to uOS1.32 for enhanced protection against the CVE references listed, as uOS1.32 is no longer vulnerable to them.
- CVE-2025-1731
- CVE-2025-1732
Please refer to the Download Link for more details.
Categories
- All Categories
- 424 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 5.9K Security
- 342 USG FLEX H Series
- 288 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 404 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight