Fw: Bug Firmware V5.42(ABUH.1) / Zyxel USGFLEX 100

nicolas2ker

Hello,

Except my mistake, I would like to inform you that there is an email notification bug since the new Firmware Version V5.42(ABUH.1) / 2026-02-08 02:18:35 update, affecting only the USGFLEX 100 model. The USGFLEX 100W model does not have this issue !

Specifically, when I receive emails, the sender and recipient addresses do not display their UDP/TCP ports on the 100 model, while they do display correctly on the 100W model.

Here is a concrete example:

USGFLEX 100 (no port)	No: 1 Date/Time: 2026-03-26 05:54:33 Category: secure-policy Priority: alert Source: 82.66.201.65 Destination: 192.168.1.xx Note: ACCESS FORWARD Message: priority:60, from WAN to ZyWALL, service Default_Allow_WAN_To_ZyWALL, ACCEPT
USGFLEX 100W	No: 1 Date/Time: 2026-03-26 02:18:03 Category: secure-policy Priority: alert Source: 85.217.140.3:41454 Destination: 192.168.1.xx:11444 Note: ACCESS FORWARD Message: priority:30, from WAN to ZyWALL, TCP, service VPN_ZYXEL_Svc, ACCEPT

Could you confirm whether this is a firewall bug or a configuration error, given that it worked perfectly for years, including up to version 5.40? Is there a quick fix that can be implemented, as we don't know which TCP/UDP service it's trying to connect to?


Sincerely,

Nicolas

Zyxel_Melen

Hi @nicolas2ker

To investigate this issue, I will send a private message to get your configuration and replicate.

Please help to share your configuration. Thanks.

nicolas2ker

Hello Melen,

I just respond on https://community.zyxel.com/en/discussion/comment/84250#Comment_84250

Move the comment to here for better reviewing. By Melen

Regarding the secure-policy alert notification, I can assure you that I haven't made any changes to the rules, and it's related to versions 5.40 to 5.42 because 5.41 was unstable on the 100W. It no longer displays ports on the 100 model. I had hoped that the 100 firmware would be almost identical to the 100W, apart from the hardware.

Furthermore, for cybersecurity monitoring, the current method of retrieving emails is clearly not optimal. But with the automation program (local FTP/SFTP), to be reliable, I'm unable to retrieve files from, for example, /usbstorage/centralized_log/2026-03-28.log. For me, this is very inconvenient.

Furthermore, I analyzed this log specifically regarding the missing port issue, but it's displayed further down, outside the scope, with the label: ,others:47.

So, all of this becomes convoluted and requires compilation for security analysis. Do you have a reliable and secure solution for downloading the logs without using a GUI?

Router(config)# dir /usbstorage/centralized_log/2026-03-28.log

File Name Size Modified Time

===============================================================================

2026-03-28.log 55869571 2026-03-28 23:59:57

Router(config)# Router(config)# copy /usbstorage/centralized_log/2026-03-28.log /tmp/2026-03-28_000000.log

% copy across different directories prohibitretval = -39001ERROR: Operation is prohibited.Router(config)#

Zyxel_Melen

Hi @nicolas2ker

Thanks for the update.

1. The log stored in USB can only be got via device's GUI. Although this might not a safe way, but setup a syslog server might help for your automation.
2. Since the USB log can only be got from the GUI, we can use AI to create a script/program to download. Hint: check the browser console network activity to find the specific action for download.
3. If possible, please share the related log for us to fix this issue.

nicolas2ker

Hello everyone,

I’ve completely changed my strategy. I’ve set up and configured a new syslog server using TCP and CEF format as a home-based SIEM.

I’ve also installed Wazuh (deployment still in progress). Additionally, I implemented a bridge between the two sites, where traffic flows through a VTI tunnel secured by VPN IPsec with end-to-end certificate-based authentication.

Furthermore, I'm receiving a lot of attacks from NL and it's still happening, he's abusing it but oh well... 😤 !

IP address range: 85.217.140.*, Today's date: 20260408, Number of hosts: 50, Number of ports: 3256, Number of rejections: 3287, Number of acceptances: 0

Kg,

Nicolas