USG FLEX H Series - V1.35Patch 0 Firmware Release

Zyxel_Melen
Zyxel_Melen Posts: 3,616  Zyxel Employee
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
edited July 28 in Security Gateway New Release

Zywall USG FLEX H Series Release Note 

July 2025

Firmware Version on all models

  • Please use the cloud firmware upgrade function to upgrade USG FLEX H Series
USG FLEX H SeriesFirmware Version
FLEX50HV1.35(ACLO.0)C0
FLEX50HPV1.35(ACLP.0)C0
FLEX100HV1.35(ABXF.0)C0
FLEX100HPV1.35(ACII.0)C0
FLEX200HV1.35(ABWV.0)C0
FLEX200HPV1.35(ABXE.0)C0
FLEX500HV1.35(ABZH.0)C0
FLEX700HV1.35(ABZI.0)C0

Note: For the initial installation of the USG FLEX H Series firewall, please use the firmware wizard to upgrade (Cloud upgrade).

New Feature and Enhancements

1. [Enhancement] Support Pre-configure Settings in Nebula- Set up your firewall even before it’s online

2. [Enhancement] Support DNS Content Filter Safe Search. [eITS#240501656, 241000432]

3. [Enhancement] IP Reputation allow/block list supports on local-in traffic. [eITS#240900032]

4. [Enhancement] Integration with Avast SMB- Endpoint Management with Avast Business Hub

5. [Enhancement] Support Microsoft Exchange SMTP OAuth 2.0 [eITS#241100638]

6. [Enhancement] Support IPsec VPN Connectivity Check

7. [Enhancement] Support added for external user groups in Remote Access VPN authentication privileges. [eITS#241000271]

8. [Enhancement] Support scheduled backup rotation for configuration files. [eITS#240901439]

9. [Enhancement] Increased the maximum configuration file upload limit to 65 (including the default 3).

10. [Enhancement] Added support for logging SNAT/DNAT details in CEF traffic logs.

11. [Enhancement] Enhanced WAN Trunk Fallback with automatic connection termination on passive interface during failover for seamless transition. [eITS#250302339]

12. [Enhancement] Support for "BaseDN" and "BindDN" configuration settings for AD authentication. [eITS#250200416, 250300826]

13. [Enhancement] Packet Flow Explorer > Routing Status: Add Tailscale packet flow static route information

14. [Feature Change] Authed IP sets are now separated for Management GUI and Captive Portal.

15. [Enhancement] Separate the SSH port from Device HA and other usage.

16. [Enhancement] Device HA enhancements:
      a. Synchronize UAM events to the passive device
      b. The passive device will always upgrade the firmware on the standby partition.
      c. Supports an automatic full synchronization operation to ensure seamless updates in the following situations:
          i. Device reboot
          ii. Firmware upgrade
          iii. Disabling or pausing HA
          iv. Heartbeat interface reconnection or heartbeat conflict
      d. Enhanced "Show State" functionality to include failover-count information

17. [Enhancement] GUI and User experience enhancements:
      a. IPsec VPN displays DES decryption for Russia country
      b. Log filter now supports space characters in keyword filtering.
      c. Stronger color contrast and bolder text for improved readability.[eITS#250301509]
      d. Display all interface references –Shows where each interface is used or referenced across settings.
      e. When the DHCP pool size is set incorrectly, a warning message will pop up. [eITS#250401121]
      f. Add a hyperlink on the Tailscale configuration page to redirect users to the Tailscale Portal.
      g. Replaced “Logout” with “Revoke” on the Tailscale configuration page, and updated the associated iNote accordingly.
      h. Support for the Nebula pre-configuration scenario by enabling the device to process the conversion of the "support" account name and password
      i. Added the "External Group User" option to the Default Authentication Timeout Settings
      j. Change the inline editing style to default in editing mode
      k. Network > Interface table add "MAC Address" column/information
      l. Added an iNote to inform users that 2FA for VPN access is not supported when accessed directly from the WAN interface. [eITS#240901645]

18. [Enhancement] Updated the Web Help and User’s Guide to include VLAN interface notifications in the Interface chapter for better clarity and guidance. [eITS#250601363]

19. [Feature Change] WAN Trunk can only support 1 passive interface.

[AP Controller]

1. [Enhancement] Support MAC authentication with local database

2. [Enhancement] Support UTF-8 SSID

3. [Enhancement] Support LED suppress (Override/Group Setting)

4. [Enhancement] LAN Provision (Override Setting)

5. [Enhancement] Wireless bridge (Override Setting)

Bug Fix

1. [eITS#240501768, 240700730] The automatic MAC address assignment for interface is assigning wrong MAC addresses, leading to abnormal behavior in network traffic transfer.

2. [eITS#240901725, 250401491] Resolved issues in the traffic flow process that could cause system instability during spoofing prevention and anti-malware operations.

3. [eITS#250200887] After PPPoE is reconnected, policy routing cannot be automatically enabled.

4. [eITS#250201234] Resolved an issue where USG FLEX H users were unable to configure remote access VPN due to a missing provision CLI in the Convert Tool.

5. [eITS#250201553] Creating multiple IPSec VPN Phase policies with user-defined Local/Remote policies continuously causes error message.

6. [eITS#250400138] Resolved two issues in device HA scenarios:
(1) the Syslog server could stop functioning unexpectedly.
(2) Addressed a problem where the HA passive device encountered errors due to applying an incomplete configuration file.

7. [eITS#250400363] USG FLEX H keeps send ARP broadcast that is not triggered by ping-check.

8. [eITS#250400596] The password of the DDNS profile cannot be set to '_' underscore character.

9. [eITS#250400848] Adjust the following logs to debug level:
(1) abnormal tcp traffic detected, source port is zero, DROP.
(2) abnormal tcp traffic detected, destination port is zero, DROP.
(3) abnormal udp traffic detected, source port is zero, DROP.
(4) abnormal udp traffic detected, destination port is zero, DROP.

10. [eITS#250401058] Modifying VPN settings causes PPPoE to keep redialing.

11. [eITS#250401127, 250401228] Firewall offline due to PPPoE is changed.

12. [eITS#250401204] Translation issues in the user interface. Improved accuracy and clarity of translations, especially in German.

13. [eITS#250401353] PPPoE Interface did not request DNS IP after dial up the connection.

14. [eITS#250401416, 250600069] GUI doesn't allow interface IP/network overlaps with Secondary IP.

15. [eITS#250401513] Translation issues in the user interface. Improved accuracy and clarity of translations, especially in Traditional Chinese translation of Virtual Server Port(s).

16. [eITS#250401516] The certificate was not generated when switching from Manual to Auto with NAT Traversal not empty.

17. [eITS#250401534, 250401613, 250501069] The firewall is unable to get correct license status from MZC server after working for a while, and caused firewall is unable to send data to SecuReporter.

18. [eITS#250401557] Device is unable to start up due to an internal system error during boot.

19. [eITS#250401917, 250500833] PPPoE Interface connection is unstable, and caused firewall online/offline from NCC.

20. [eITS#250500077] When the certificate list is empty, the manual selection field is marked in red to indicate a missing certificate.

21. [eITS#250500308] Resolved an issue related to user account queries that caused inefficient memory usage.

22. [eITS#250500336] Translation issues in the user interface. Improved accuracy and clarity of translations.

23. [eITS#250501361] Unable to use "-" in Content filter redirect URL issue.

24. [eITS#250501496] MacBook is not able to get configuration from server with SecuExtender VPN client.

25. [eITS#250600290] The DHCP Option code 43 cannot be configured on the web GUI.

26. [eITS#250600376] Admin login fail event is not correct.

27. [eITS#250600378] The Mail Alert feature did not support multiple selections.

28. [eITS#250600733] The client did not appear in the NCC client list as expected.

29. [eITS#250601347] GUI Note for email: valid character does not show [0-9].

30. [eITS#250601674, 250700954] SSL VPN is not able to be connected.

31. [eITS#250700034] Revise the VPN configuration saving method to prevent user errors.

[AP Controller]

1. [eITS #250400906] SSID Settings Page Stuck in Continuous Loading Loop

2. [eITS #250701103, eITS #250701190] WPA-Enterprise Default Authentication Certificate Expired

  • Upgrade your devices to uOS1.35 for enhanced protection against the CVE references listed, as uOS1.35 is no longer vulnerable to them.
    • CVE-2024-8176

Please refer to the Download Link for more details.

Zyxel Melen


Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)