Zyxel uOS Firmware Update 1.35: Unified Simultaneous Admin Login Policy Across All H-Series Models
Zyxel Employee
In our continued effort to streamline system management and enforce better security practices, uOS firmware version 1.35 introduces a key change to how simultaneous admin logins are handled across all H-Series models.
Previous Behavior: Login Limits Varied by Model
Previously, the maximum number of simultaneous admin user logins varied depending on the hardware tier of your firewall. For example:
- Entry-level models allowed between 1 to 64 concurrent admin sessions.
- Mid-tier devices supported up to 128 sessions.
- High-end models, such as the USG FLEX 700H, could allow up to 256 or even 2,000 simultaneous logins.
While this scale seemed appropriate based on hardware capabilities, it posed a security concern and potential for misuse—particularly when multiple users shared a single admin account.
What's New in uOS Firmware Version 1.35?
With the new update, all H-Series models will now adhere to a uniform limit of 64 simultaneous admin user logins per account, regardless of device model or previous configuration.
Key Highlights:
- Uniform Policy: No matter which H-Series firewall you use (from the entry-level USG FLEX 58 to the high-end USG FLEX 700H), the maximum number of simultaneous logins per admin account is now capped at 64.
- Post-Upgrade Adjustment: If your current firmware allows more than 64 logins (e.g., 100 or 2,000), updating to v1.35 will automatically adjust the setting down to 64.
- Session Handling Behavior:
- When the login limit is reached, any new login attempt can either be blocked or result in the termination of an existing session, depending on your configured policy.
Why the Change?
The main rationale is rooted in security and practicality. It’s highly uncommon—and typically unnecessary—for more than 64 clients to simultaneously access the same admin account. Having such high thresholds opened up potential security risks and did not align with best practices in account management.
Standardizing to 64 not only simplifies management but also aligns with the highest limit supported by the smallest H-Series device, ensuring consistent behavior across all deployments.
Separate Policies for Admin and General User Accounts
Another notable improvement is the policy separation between admin accounts and general users (e.g., captive portal or remote access users).
- Prior to v1.35: The same login limit policy applied to both admin and general user sessions.
- In v1.35 and beyond: You can now configure distinct policies:
- One specifically for admin accounts
- Another for general user accounts
This separation allows for more granular control and better management of user sessions across different services.
Categories
- All Categories
- 441 Beta Program
- 2.9K Nebula
- 208 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.4K Security
- 530 USG FLEX H Series
- 332 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 51 Wireless Ideas
- 6.9K Consumer Product
- 294 Service & License
- 461 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.7K FAQ
- 34 Documents
- 86 About Community
- 99 Security Highlight