uOS Section – GUI and Feature Enhancements Overview
Zyxel Employee
Overview
This section introduces a collection of graphical user interface (GUI) and functionality enhancements made to the Zyxel USG FLEX H Series Firewalls in the latest firmware release.
The improvements aim to simplify configuration, improve clarity, and prevent common misconfigurations across trunk interfaces, routing, NAT, and object management.
1. Trunk Interface Enhancements
1.1. Updated Warning Text for Fallback Behavior
Previous wording: “Disconnect connection before falling back”
New wording: “Force reconnect on active WAN”
This modification clarifies that when WAN failback occurs, the device will disconnect the existing session and reconnect through the newly active WAN interface. The functionality itself remains unchanged — only the message is made clearer to avoid confusion.
1.2. Preventing Empty Trunk Configuration
In previous versions, administrators could create a trunk without any member interfaces, which could lead to traffic forwarding issues.
Enhancement:
- A warning message now appears when you attempt to create a trunk with no member interfaces.
- The message states:
“No interface member assigned to this WAN trunk. Please ensure at least one interface is added to ensure proper operation.”
- For existing configurations that were created before this change, entering the Trunk menu after upgrade will trigger this warning until the user corrects it.
2. Event Log Enhancement
Country Name Tooltip on Flag
Previously, the Event Log only showed a flag icon for detected IP locations. Users who were unfamiliar with certain flags couldn’t easily identify the country.
Enhancement:
- When hovering the mouse over the flag icon, a tooltip now displays the country name.
This small UX improvement provides better clarity during event analysis.
3. Geo IP Search Improvement
Search by Keyword (Country Name)
Previously, Geo IP object creation required searching by country abbreviations (e.g., TW, US, FR).
Enhancement:
- Now supports keyword-based search using full country names (e.g., Taiwan, France, Japan).
- The new search logic aligns with the ZLD / NCC Geo search.
This makes it easier for administrators to quickly locate and configure countries without memorizing ISO codes.
4. Routing Interface Description Display
When creating static or policy routes, users previously had difficulty identifying which WAN interface corresponded to which ISP link.
Enhancement:
- The interface description field (from Interface settings) is now displayed in the Policy Route and Static Route configuration pages.
- This helps identify WANs such as ISP1, Backup Line, etc.
- Descriptions also apply to VPN virtual interfaces, making it easier to recognize branch connections in multi-site deployments.
- Display limitation: Approximately 20 English characters are supported (length varies depending on language width).
5. NAT Configuration Enhancements
5.1. Default External IP Behavior for Virtual Server
- Previous default: “User-defined” (required manual IP entry).
- New default: “Any” (no manual IP needed).
This change simplifies virtual server setup for single-IP environments.
5.2. NAT Loopback Default Set to “Off”
Since NAT loopback is not compatible when the external IP is set to “Any”, it is now disabled by default for all mapping types. Users who need NAT loopback must manually enable it after configuration.
6. Simplified Edit-and-Save Process
In prior firmware, many configurations required users to click “Edit” > “OK” > “Apply” twice to complete setup.
Enhancement:
- Most configuration pages now support direct “Apply” saving (no double confirmation).
- Applies to:
- Network settings
- VPN
- Security services
- User authentication
- System configuration
Exception: IPS signature settings still require additional confirmation for signature ID validation.
7. Object Group Management
7.1. Maximum Object Limit Enforcement
Each firewall model has a hardware-specific limit on the number of objects per group (e.g., 64, 128, etc.).In previous versions, exceeding the limit caused silent truncation during policy application.
Enhancement:
- The system now displays a warning if an object group exceeds the supported limit.
Example:
“Cannot add more than 128 objects to this group. Please reduce members to within the limit.”
- The Member Count column has been added to the GUI to show how many objects are currently in each group.
- This applies to:
- Address Group
- Service Group
- Schedule Group
- User Group
If a legacy configuration already exceeds the limit, the system displays a warning icon after upgrade, prompting users to adjust.
8. Dashboard Storage Display
Previously, clicking on the Storage Usage in the dashboard showed only a single usage percentage with no breakdown, which caused confusion.
Enhancement:
- The storage usage panel now shows both local and USB storage details.
- Clicking on the storage indicator provides detailed usage information for each storage type, improving visibility and consistency.
9. Summary of GUI Enhancements
Area | Enhancement | Benefit |
|---|---|---|
Trunk | Clearer warning and prevention of empty trunk setup | Avoids connectivity issues |
Event Log | Tooltip with country name | Easier event interpretation |
Geo IP Search | Keyword search by country name | Simplified rule creation |
Routing | Show interface description | Easier WAN/VPN identification |
NAT | Default external IP = Any; loopback off | Simplifies setup, avoids conflict |
Edit Behavior | One-click Apply | Faster configuration |
Object Grouping | Member limit validation + count column | Prevents policy misapplication |
Dashboard Storage | Detailed local/USB breakdown | Clearer capacity tracking |
10. Key Takeaways
- Improved clarity: Interface, country, and storage details are now easier to identify.
- Better safety: Misconfigurations (like empty trunks or oversized groups) are now prevented.
- Simplified workflow: Fewer clicks and smarter defaults streamline administration.
- Consistent behavior: NAT, object limits, and Geo IP align with other product series for unified operation.
In short, this firmware release focuses on usability and precision — minimizing misconfiguration risks while improving clarity across the firewall’s web interface, NAT behavior, object management, and routing visualization.
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 202 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.3K Security
- 515 USG FLEX H Series
- 328 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.9K Consumer Product
- 288 Service & License
- 458 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 85 About Community
- 97 Security Highlight