USG Flex 50H - questions regarding migration to the new series

Hi @mlik,

Thank you for reaching out to the Zyxel Community. I understand you're looking into migrating from USG FLEX 100 models to the USG FLEX 50H and have several questions regarding the new series and your existing devices.

Here's some information to address your concerns:

Initial Solution

• Configuration Migration Tool: Zyxel offers a Configuration Migration Tool to help transfer settings from older Zyxel firewalls (including USG FLEX) to the USG FLEX H-Series. You can access this tool at convert.cloud.zyxel.com. This tool automates the process, aiming to reduce manual reconfiguration.

  • Limitations: While the tool simplifies migration, not all features map 1:1 between old and new firewalls. If a feature isn't supported on the target model, the tool will log it as failed. Some settings may be adjusted or removed, and you can review a detailed log file to check what was successfully migrated.
  • Partial Configuration Import: Zyxel devices generally require a complete configuration file to be imported; partial configurations are not supported for direct import. However, you can edit the converted configuration file to include specific sections, such as IPsec VPN tunnel configurations, by downloading the new firewall's configuration, copying the relevant sections from the converted file, and then importing the modified file.
  • IPsec VPN Conversion: If you are using IKEv1 VPN configurations, direct conversion to IKEv2 on the H-series is not supported, and manual reconfiguration will be required.

• GEO IP Service: The USG FLEX H series supports the GeoIP feature, and you can update the Geo-IP DB manually via the Web GUI by navigating to Object > Address > GeoIP and clicking "Update Now".

• Interface: The USG FLEX H series introduces a new interface (uOS). Several GUI enhancements have been made to improve usability, functionality, and overall user experience, including changes to the menu tree layout, frozen headers for viewing large datasets, and enhanced port details.

• Subscription Requirements:

  • The USG FLEX H series can operate as a standalone device. However, to utilize advanced security features like Reputation Filter and to gain access to Priority Support, an active subscription such as the Entry Defense Pack or Gold Security Pack is required.
  • When you register your device on the Nebula Control Center (NCC), you receive a 30-day trial of the Gold Security Pack and a 366-day Entry Defense Pack.

• End-of-Life (EoL) for Older Models: Information regarding the EoL status for specific older models like USG FLEX 100, 100AX, and USG20W-VPN is not immediately available in the provided search results.

Information Collection Guide

To help us provide more specific guidance, please provide the following:

• Exact models and current firmware versions of your existing USG FLEX 100 devices.
• Screenshots of any error messages you encounter during the configuration migration process.

If you plan to manage your USG FLEX 50H via Zyxel Nebula, please enable Zyxel Support Access via Help > Support Request in the Nebula console and provide your Organization and Site name. This allows the Zyxel support team to directly view your cloud environment configuration, significantly shortening troubleshooting time.