What's New for ZLD4.60 patch 1 (available on Dec. 15)

Zyxel_Stanley
Zyxel_Stanley Posts: 1,361  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Thank you for choosing ZyWALL ATP and USG FLEX series. Zyxel is committed to continuously updating your devices for the most advanced features. This latest release enhances all-round functions of ZyWALL products including:

SSL inspection and performance enhancements

To prevent advanced masqueraded attacks, we elevated security with TLS 1.3, while the enhanced SSL inspection performance has gained up to 3-5 times faster.

Enhanced account security by Two-Factor Authentication

Added an extra 2FA protection for admin and VPN connection by SMS, email, and Google Authentication. Safely let users use their personal devices to log in to the private network for increased productivity.

DNS Reputation, powered by McAfee (ATP only)

DNS Filter prevents reaching those known domains hosting malicious content and reduces the risk of phishing attacks, obfuscate source IPs using hijacked domain names.

APC 3.60 supports new WiFi6 APs and provides more comprehensive features

WAX510D, WAX650S will be supported for full management, while the WPA3 support is added on 11AX AP, CAPWAP enhancement, and more features will escalate the security and manageability.

Great news to all our USG FLEX users, we've developed a new USG FLEX 100W/700 for a comprehensive solution. USG FLEX 100W* integrates dual-radio WiFi for solid wireless performance. USG FLEX 700 brings a complete suite of security subscription with seamless, scalable gateway connectivity to SMBs.

*: Availability may vary by countries.


Resolved Issues in ZLD4.60 Patch 1 Release

1.   The resolved issues table listed below does not list every bug that has been corrected with ZLD4.60 Patch 1;

for inquiries about a particular bug, please contact Customer Service & Support.

Table 1: Enhancement


Table 2: Resolved issues


«1

Comments

  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    Hi Stanley

    Is the new FW published?
    I don't find it on the "online check" of the device and also not at portal.myzyxel.com.

    Thanks for an update.
    Mario

  • Asgatlat
    Asgatlat Posts: 81  Ally Member
    First Anniversary 10 Comments Friend Collector
    and is the FQDN objet bug always present ? (need to hard reboot after the update ?)
  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    @Asgatlat I belive the problem is on the old/broken firmware and you have this problem until your on a fixed firmware level :/

  • dkyeager
    dkyeager Posts: 69  Ally Member
    First Anniversary 10 Comments Friend Collector

    Thank you for choosing ZyWALL ATP and USG FLEX series. Zyxel is committed to continuously updating your devices for the most advanced features. This latest release enhances all-round functions of ZyWALL products including:

    SSL inspection and performance enhancements

    To prevent advanced masqueraded attacks, we elevated security with TLS 1.3, while the enhanced SSL inspection performance has gained up to 3-5 times faster.

    Enhanced account security by Two-Factor Authentication

    Added an extra 2FA protection for admin and VPN connection by SMS, email, and Google Authentication. Safely let users use their personal devices to log in to the private network for increased productivity.

    DNS Reputation, powered by McAfee (ATP only)

    DNS Filter prevents reaching those known domains hosting malicious content and reduces the risk of phishing attacks, obfuscate source IPs using hijacked domain names.

    APC 3.60 supports new WiFi6 APs and provides more comprehensive features

    WAX510D, WAX650S will be supported for full management, while the WPA3 support is added on 11AX AP, CAPWAP enhancement, and more features will escalate the security and manageability.

    Great news to all our USG FLEX users, we've developed a new USG FLEX 100W/700 for a comprehensive solution. USG FLEX 100W* integrates dual-radio WiFi for solid wireless performance. USG FLEX 700 brings a complete suite of security subscription with seamless, scalable gateway connectivity to SMBs.

    *: Availability may vary by countries.


    Resolved Issues in ZLD4.60 Patch 1 Release

    1.   The resolved issues table listed below does not list every bug that has been corrected with ZLD4.60 Patch 1;

    for inquiries about a particular bug, please contact Customer Service & Support.

    Table 1: Enhancement


    Table 2: Resolved issues




    Mario said:
    Hi Stanley

    Is the new FW published?
    I don't find it on the "online check" of the device and also not at portal.myzyxel.com.

    Thanks for an update.
    Mario


    It is available now.  I put it on my home system and it fixed an issue with L2TP/IPSEC VPN introduced with the last update. I have not had a chance to explore it much further yet.
  • Is there any information about 2-Factor Authentication with Google Authentication?

    I only found information about usage for enhanced security to login in the Zyxel account webpage. The information above however could give the impression that this is also available for VPN connections.
  • I'm getting the following error on my VPN50:

    port: p2led has undefined status:orange

    anyone ?


  • bind
    bind Posts: 5
    First Comment
    Is the ssl VPN performance also better in ZLD4.60?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @bind

     

    The ZLD4.60 patch1 purpose is to fix Vulnerability of CVE-2020-29583 and doesn’t enhance VPN performance than ZLD4.60 patch 0.

    You can refer to the following link about CVE-2020-29583: https://businessforum.zyxel.com/discussion/5400/what-you-should-know-about-cve-2020-29583-and-actions-to-take-to-mitigate-the-risk#latest


  • bind
    bind Posts: 5
    First Comment
    Thanks jeff, yes I know this about patch 1.
    But does zld4.60 patch 0 enhance performance for SSL VPN (not ssl inspection)?