ZyWALL USG Series - V4.39 firmware has been released!

Zyxel_Emily
Zyxel_Emily Posts: 1,280  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited October 2022 in Security Gateway New Release

Thank you for choosing ZyWALL USG Series. Zyxel is committed to continuously update your devices for the most advanced features. This latest release further enhances ZyWALL USG Firewall's network protection including:

Enriched Web Security with Billions of Web Reputations

Introduce advanced web filtering functionality through its reputation and category-based filtering by adapting with new technology from McAfee, enabling more effective threat detection and response. It has granular categorizations for millions of websites across more than 100+ categories including CTIRU (Counter-Terrorism Internet Referral Unit) to restrict access to terrorism material online. Simply upgrade your device firmware – no configuration changes are required!

 

Please upgrade to 4.39 to continue your security services renewal.

For the purchase/renewal of USG licenses, you can visit our new e-commerce platform Zyxel Marketplace.


Release Date: August 11th, 2020

Supported Models: ZyWALL USG Series/ ZyWALL 110/310/1100

«1

Comments

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited August 2020

    Hi Zyxel Team,

    are the following, 5 fixes / enhancements all in the firmware 4.39

    1. [ENHANCEMENT]

    Adopt new Technology from Security Partner: McAfee for Content Filter, and Anti-Spam.

    2. [BUGFIX] eITS#200300829, 200301264, 200301372

    Fix: 2FA functional issue

    3. [BUGFIX] eITS#200603107

    Fix: Correct SSL VPN status information at Dashboard by update the SSL VPN Policy. (Update SSL VPN Policy, only allow remote user in “User” type to access the internal network.)

    4. [BUGFIX] eITS#200603170, 200603855

    Fix: Anti-Spam function may damage the mails in some circumstance

    5. [BUGFIX] eITS#200700662

    Fix: Hyperlink redirected pages correction


    Cause i'm thinking, is an update security relevant, if the USG is an office to DC and not an DC to ISP firewall ?

    Regards

    Christian

  • Ensto
    Ensto Posts: 20  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hi.

    I think this is great news and I keep my fingers crossed for a more efficient and updated filtering technique from now on.

    Unfortunately, we are experiencing an extreme performance degradation following this firmware update to our USG20W VPN. Content filtering on / off is like night and day in terms of performance. I do not remember it being like this before.

    We only filter security threats (no categories) as it is great for smart devices that do not support security software.


    Will performance be further optimized?


    // Ensto

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,280  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ChristianG,

    Yes, these five enhancement/bug fix are the modifications in firmware 4.39.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,280  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Ensto,

    Could you share the startup-config.conf and how you run the throughput test with us?

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited August 2020
    as described, my USG is placed between Offlice LAN/WLAN and central server services "server vLAN".

    Zyxel - Topic 1
    is on ISP Firewall by AviraAV and an different engine/pattern source on the user devices (Win/Mac).

    Zyxel - Topic 2
    2FA/MFA is also provided by Token-app for iPhone/Android devices (soft token).

    Zyxel - Topic 3
    SSLVPN on USG for Windows is working - but not enabed in the currect network zone ;)
    ISP Firwall support Windows Client incl. Config import automatically for Windows Devices.
    Android / iOS devices can download the config and import this to OpenVPN. ;)

    Zyxel - Topic 4
    Mailscan is running for TLS/SSL mail transfer right now ?

    Zyxel - Topic 5
    Redirection is placed on the ISP Router and redirect users to an authetication logon, if they want to use dedicated destinations (e.g. dropbox).

    Any security fixes placed in the new firmware or decommision of NWA35xx or NWA55xx managed APs support trough USG60W-WLC ?

    Thx and regards
    Christian
  • Ensto
    Ensto Posts: 20  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hi @Ensto,

    Could you share the startup-config.conf and how you run the throughput test with us?


    Hi Zyxel_Emily.

    I have sent you a PM containing the information as requested above.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,280  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    1. Mailscan is running for TLS/SSL mail transfer right now ?
    Only TCP port 25 and 110 are scanned by Anti-Spam. 

    2. Any security fixes placed in the new firmware or decommision of NWA35xx or NWA55xx managed APs support trough USG60W-WLC ?
    In 4.39, we implemented the McAfee as our new content filter engine and add some bug fixes.
    All fixes are listed on the release note.
    Here are APs which are able to be managed by USG60W.

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited August 2020
    the compatibility list .... there is no more the NWA3560-N and 5560-N in support by USG60W-WLC ?

    if this is correct, i've to stay on 4.38 (this is working with the APs well) until the zymesh infrastructure is changed to another WLC and mesh-APs  :s

    Regards
    Christian

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,280  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ChristianG,

    NWA3560-N and NW5560-N are not on the compatibility list of USG60W no matter in firmware 4.38 or 4.39.

  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    edited August 2020
    now you flashed me :open_mouth:
    the NWA3560-N is running in mesh mode on a USG60W several years very well ;)



    Device Information



    the following AP Firmware list is shown in v 4.38 and i'm not sure if they are also supported in 4.39.




    Regards
    Christian