USG_User  Master Member

@Zyxel_Tobias Thanks Tobias. We are missing such important information. Then we will switch back to standard V5.39(ABWD.1) to remove the "a new firmware is available" popup everytime when logging-in.

We are currently on the same App Patrol Signature Version 1.0.0.20241205.0. I keep it on automatic update. But I'm also still interested in an official new FW 5.39(ABWD.2) or 5.40 to replace the "quick & dirty" FW "V5.39(ABWD.1)-sig-20250124". Is this planned for the next days?

With us (USG FLEX 700) IKEv2 works with the fixed recovery firmware "V5.39(ABWD.1)-sig-20250124". But the USG is notifying me that a newer FW is available for download. But this leads still only to the V5.39(ABWD.1). I take for granted that Zyxel will release an ABWD.2 soon. Or should we finally go back to the standard…

HI Guys, Our FLEX 700 is alive again 😅. It took about one hour weekend time. Our invoice goes to the big "Z". OK, where human beings are working, mistakes will be made. Insofar you get one for free. 👉️ 😉 But by the way, it seems your above mentioned recovery description contains one error or misunderstanding at least. It's…

Since today we are not able to login to our USG FLEX 700 (5.39 ABWD.1) via Web Interface. The USG login window is presented but when trying to login the browser retuns a 504 Gateway Timeout. Further any SSL VPN Logins via SecuExtender fail as well. Only VPN via IPSec is still available. Other services are still operable.…

Hi Jeff, Thanks for your reply. I've already read the linked Zyxel article. Unfortunately, beside a short list of advantages of IPSec in opposition to SSLVPN, this article do not mention IPSec SecuExtender as alternative client for Windows PCs. Further it's not clearly described under which circumstances the new…

Despite the EOL of the SSL VPN SecuExtender Client Software for all clients, Will the IPSec SecuExtender still be supported? Or is it recommended to forget all SecuExtender client software and move to build-in VPN clients of the different OS?

Thanks Peter, In the meantime our ISP has not longer follow that issue. It seems that the problem is gone. However, nice to know that the USG is able to capture also its own outgoing packets. This is not clearly described in the manual (or I was too blind to find it 😎) Greetings from Germany

I reactivate this old thread. We tried to release an assigned IP address on our USG Flex 700 (v5.38). Therefore we went to CONFIG > Network > Interface > Ethernet > Static DHCP Table and tried to remove the corresponding MAC/IP entry from static DHCP table of the affected subnet. Unfortunately this was not possible and USG…

Hi Kay, A PM has been sent.

Hi Ivan, Thanks a lot for the explanations. Now I've found the little, light grey "edit" button for changing the licence type. From my point of view the entire licence selection and purchasing procedure is not enough intuitiv, especially when we use it once a year only, when the licence needs to be renewed. Additionally I…

Hi Gerhard, At the first glance it looks similar to mine, including the same Security Policy rules from WAN to ZyWall, from SSLVPN to LAN1 and from LAN1 to SSLVPN. Only one difference … we are not using IPs from the LAN1 subnet also for the SSLVPN clients. For example, our LAN1 subnet is 192.168.21.x and we assign IPs from…

Moin Gerhard, Properly adjusted, there are no problems with RDP over SSL-VPN. In past we used it on an USG110, and this time over an USG Flex 700. If you are not able to solve the problem, taking into account Jeff's hints, please let us know and we go through our config step by step. Gruss aus Rostock

I've done it and it works. Thanks But I'm a little bit concerned that we have to set this threat ID to the allow list since this ID is originally intended for "VLC Media Player RTSP Plugin Stack Buffer-Overflow" and not for ordinary RTSP camera streams.

After further investigation we found a Custom Signature Rule named "Cs" with this ID. But we cannot remember established this custom rule by ourselves: Has anybody an idea whether this has been added automatically by the last FW updates, or what sense such a rule should have? Therein is nothing ticked.