What are the main reasons for replacing a usg40-Firewall with a tyxel Flex 100

WGLAN

We still still use a usg40 firewall (behind a DSL modem) to filter and block incoming traffic into our office network, constisting of 12 PCs..

What are the main reasons why we should migrate to a Zyxel FLEX 100?

Is the migration using the migration tool simple enough, that a normal windows IT Admin can perform it, or do you need to be of have access to a Zyxel specialist?

Thank you for your advice and recommendation.

Gerhard (wglan)

Zyxel_Barry

Hi @WGLAN,

Migrating from a Zyxel USG40 to a USG FLEX 100 is a beneficial upgrade for several reasons, and while a migration tool exists, its effectiveness can vary.

Here are the main reasons to consider migrating to a Zyxel USG FLEX 100:

• End-of-Life (EOL) Status of USG40: The USG40 model has reached its End-of-Life status, meaning it no longer receives new firmware developments, feature enhancements, or bug fixes. Crucially, it will no longer receive updates to patch security vulnerabilities, which can compromise your network's security over time.
• Enhanced Security Features: The USG FLEX 100 offers significantly advanced security features compared to the USG40. It includes comprehensive security services like ransomware/malware prevention, intrusion blocking, dark web blocking, and phishing protection.
• Cloud Management ability: The USG FLEX series, including the 100, can be managed by the Nebula Control Center - full cloud management mode and cloud monitor mode, offering centralized cloud management for easier network control.
• Improved Performance: The USG FLEX 100 offers higher performance capabilities, such as a SPI firewall throughput of 900 Mbps, which is a substantial upgrade and better suited for current and future internet speeds.

Regarding the migration process:

• Migration Tool Limitations: Zyxel has a Configuration Migration Tool; however, direct and seamless migration from a USG40 to a USG FLEX 100 using this tool might have limitations. Some users have reported that the converter automatically enabled paid services, causing issues in the end configuration. It's also noted that while the tool supports converting configurations between certain USG FLEX models, migration across models with different hardware specifications or older USG series might require manual configuration.
• Complexity: If your USG40 configuration is not complex, rebuilding it from scratch on the USG FLEX 100 might be a more straightforward approach. For more intricate configurations, using the CLI to restore parts of the backup file has been suggested. Due to potential complexities and the need to verify settings, having access to a Zyxel specialist or someone with networking expertise is highly recommended for a smooth migration.

To help us provide more specific advice, please provide the following information:

• Screenshots of your current USG40 configuration, particularly firewall rules and any VPN settings.
• Your desired network topology with the new USG FLEX 100.

PeterUK

It is said in reading that the EOL date is 2030 for FLEX models that are ZLD may by 2030 it is recommend you move to the FLEX H uOS however you my find the odd feature missing, yet to be implemented or never going to happen or is a on going problem Zyxel needs to address at some point.

I have a Zywall 110 which runs the same patch level as the USG40 for the most part its safe till reports say other wise I have VPN open for testing on the Zywall 110 which may be unsafe to do so but in your care you may not have a need for VPN or if you do try to limit what is allowed like setting up DDNS with FQDN source from WAN to Zywall or if UI needs to be access externally limit that and so on.

But if all from WAN to Zywall is blocked and if the firewall works as expected for from LAN to WAN it is most likely your safe. Its even possible by many other bands too and models that on newer kit has a vulnerability that old kit with old code does not have.