Discussions - Zyxel Community

Support "Login IP Ranges" at MSP Level
Currently, the "Login IP Ranges" security feature is restricted to the Pro Pack and must be configured individually for each organization. For MSP users managing multiple organizations and sites, this process is repetitive and inefficient. User @nielsscheldeman propose making this feature available at the MSP level. This…
Feature Request: Add per-client custom nicknames in standalone mode
Hello Zyxel team, First, thank you for continuing to improve the NWA series. The standalone interface is already quite solid and practical, which is exactly why this missing piece stands out so much in everyday use. I’d like to request a feature for the standalone web interface of Zyxel APs such as the NWA50BE PRO: Request…
[USG Flex H] - Multiple Tailscale/Wireguard VPNs
Hello everyone, I've been using Tailscale VPN lately to reach my devices from the outside. At the same time, I'd like to use a VPN in exit mode as well. I thought it would be useful and convenient to be able to manage two VPNs, one that only routes internal resources and one that uses routing and an exit node (this is…
[USG Flex H] - FIDO2 Auth Keys
Hello everyone, I finally got in my hands a Yubikey that supports the FIDO2 authentication standard. Actually, I'm using it to log into my Raspberry Pi, configuring it into SSH, and it doesn't seem to be bad. Is it possible to implement FIDO2 authentication? My keys are generated from ED25519-SK key type that are based on…
[USG Flex H] - WireGuard VPN
Hello everyone, I see that our Firewall USG Flex H Series, implement Tailscale, only a user-friendly VPN based on WireGuard protocol. My idea is to convert the Tailscale third party service, with the real WireGuard solution. As also explained by Tailscale (https://tailscale.com/compare/wireguard) is more complex to…
[USG Flex H Series] - Two Factor Auth with Mobile Auth notification
Hello everyone, I've enabled the Two-Factor Auth, but every time that I would like to login into the Web Admin Portal, the interface ask to me to enter the 6-digit MFA code. It's possible to change this behavior for receive a notification on the Mobile Auth App and accept/decline? If is not possible or this is a missing…
Restrict access on this special switch port to only some MAC-Addresses on Nebula
User @Venta hopes that we can restrict access on this special switch port to only some MAC-Addresses on Nebula. Anyone who likes this idea, please leave your comment and give it a vote! Orignal post
[Mobile Router] Per-Client Bandwidth Usage Statistics
Currently, Zyxel mobile routers do not provide functionality to view per-client traffic or bandwidth consumption in the device interface. User @Slvbbnd requests support for this in future. It would be helpful to add a feature that allows administrators to see per-client traffic statistics, enabling them to identify…
USG FLEX H BWM support FQDN object
User @PeterUK requires BWM function can support FQDN object for USG FLEX H series model. Anyone who likes this idea, please leave your comments below and vote up for this idea post. original link
Support FQDN for BWM on USG FLEX H Series
@PeterUK proposes that the USG FLEX H series should support adding Fully Qualified Domain Names (FQDN) to Bandwidth Management (BWM) rules. This feature would enhance flexibility in managing traffic by domain name rather than IP address, allowing for more targeted and effective bandwidth control. This topic was raised in…
MSP portal supports to display the alert status of the devices
User @nielsscheldeman requests that MSP portal should support to display the alert status of the devices. The alert status represents the device has "10/100Mbps link speed", and other organe/alert status from the device status. Anyone likes this idea, please leave you comment below and give it a vote. Original link
clients
I think the naming of clients can be a little bit more easy. there are some places where you fill in mac addresses. (cloud authentication / MAC, dhcp reservations, but also you can give clients (visable as mac addresses) names. Why not combine this information. When i use cloud authentication, directly use the…
Set passive on more then one interface on a trunk
I would really like to set passive on more then one interface on a trunk.
2FA authentication by EMail
2FA authentication by EMail on FLEX H models allow 2FA authentication from other IP then the connecting VPN IP is from allow 2FA authentication by WAN
PSA Integrations for MSP
User @asriggs proposes that An official integration between Zyxel Nebula and popular PSA tools such as HaloPSA, ConnectWise Manage, and Autotask. While they’re aware that Nebula offers an Open API, they prefer a native or out-of-the-box solution — possibly via direct integration or collaboration with third-party platforms…
Change Send the packet to the mirror port
Currently Send the packet to the mirror port only sends to the set mirroring monitor port but whats needed is to set the port in parameters for a policy. So the mirror port this traffic goes to is usable as well as the traffic being mirrored is too usable.
Export topology as flow chart
Hi all, It would be nice to be able to export the network topology as a flow chart or in a format which could be manipulated to easily produce a manual or poster to include in customer documentation.
SAML integration to Microsoft Entra ID with VPN authentication
We would like to request the implementation of SAML 2.0 support in the Zyxel USG H Series firewalls to enable Client VPN authentication via Microsoft Entra ID. Currently, achieving this setup requires our customers to deploy a costly Site-to-Site VPN to Azure and maintain Microsoft Entra Domain Services, which adds…
Enhance NCC Topology LACP Display: Show Actual Link Speed
Current Behavior In NCC Topology, LACP speed displays configured port count × individual port speed, regardless of actual link-up status. This suggestion originated from the post found here: Topology error when calculating LACP speed — Zyxel Community If you find this idea useful, please show your support by leaving a…
IPS - detect DNS data exfiltration
Hi, I just tested if my Flex 50H IPS would recognize DNS side channel data exfiltration. It does not. This really isn't good, because, and you can prove me wrong on this, most people who want an "air gapped network" still allow the devices to access the ZyWalls DNS server, for convenience. The problem is, that in most…

Welcome!

It looks like you're new here. Sign in or register to get started.