FIRMWARE UPDATE???

Ricardo_ITS
Ricardo_ITS Posts: 8
edited July 20 in Security Ideas
Good afternoon,
In the section of my myzyxel devices it appears that there are new firmware updates for several of my devices. USGVPN20W, USG40, USG60 ... But in the administration page of the firewall it does not give the option to perform the update, it does not mark that there are pending updates.
0 votes

Active · Last Updated

Comments

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 931  Zyxel Employee

    Hi @Ricardo_ITS

    Sorry to inform you that we have been reported 4.60 got one critical vulnerability disclosed by security expertise, so we decided to remove all the FWs from cloud and website right away (except for USG FLEX 100W/700 due to base FW upgrade).

    4.60 patch 1 is planned to release at around E/Dec, including this vulnerability fix and another issues. Once the 4.60 patch 1 is released, you can download firmware from https://portal.myzyxel.com/

    Please also note, if you have configured FQDN object in your current setting, please be sure that you’re able to cold reboot your device after upgrading.

  • itxnc
    itxnc Posts: 65  Ally Member
    edited December 2020
    Will be well worth the wait for the custom block page:
    [ENHANCEMENT] Support customized block page of Content Filtering and URL Threat Filter at Notification > Response Message

    And this!! 
    10. [ENHANCEMENT] Support Google Authenticator two-factor authentication for administrator access.

    UPDATE: Where is it? 


    Only options are Email and SMS. Bummer.

    Not cool to be locked out of client routers when their internet connection is down and you're trying to check the WAN DHCP status!

    Plus really like seeing so many security enhancements like ECDSA certs, TLS 1.3, DH19-21 

    And config backup by email. My CNA100 just got nervous.

    And fast forwarding - can't wait to see how that affects remote security camera viewing...


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 931  Zyxel Employee
    edited December 2020

    Hi @itxnc  

    (1) Customized block page of Content Filtering and URL Threat Filter

    You can find customize page at Configuration > System > Notification > Response Message

    (2) Google Authenticator two-factor authentication for administrator access.

    You can setup the Google Authenticator after saved admin type user.(Configuration > Object > User/Group) After Google Authenticator is configured successfully, USG & App are able to generate/authenticate code without Internet connection.


  • itxnc
    itxnc Posts: 65  Ally Member
    Excellent - was looking in the wrong 2FA tab. Thank you!
  • CoreSG
    CoreSG Posts: 33  Freshman Member
    So this "BIG" announcement for 2FA is *no* different than what we already had: Google Authenticator for ADMIN account logins to the Zyxel device, only. IIRC that's been available for a while now.

    In 2012, we need to be able to have 2FA for VPN access, that does not require punching a HUGE HOLE in our firewall to allow access to the device itself ... Come on Zyxel team, we need this.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 931  Zyxel Employee
    Hi CoreSG
    At currently, SSL VPN/L2TP VPN/ IPSec VPN already support 2FA with SMS or Email.
    We will move Google Auth in VPN scenario as idea section.