-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
What's New: uOS1.30 Patch 1Firmware Update for USG FLEX H Series
This discussion has been moved.
-
What's New ZLD5.39
Enjoy stronger traffic control with a new CLI command to drop TCP SYN packets with data, faster filtering, and a fix for Chrome’s TLS 1.3 content filter bug. Update today for seamless protection. Zyxel is committed to continuously updating your devices for important maintenance information. This latest release also…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
Production Status USG20W-VPN (USG FLEX 50W): Discontinued?
Greetings, I was looking to purchase another USG20W-VPN (USG FLEX 50W) for a client and have been told by vendor it has been discontinued. Is this indeed the case?
-
ATP500 - Avast antivirus block, anti-botnet log
Hi there, we have the problem that since the last firmware update in November our ATP500 blocks the Avast antivirus and the message “BLOCK anti-botnet” appears in the log. We have configured under: Security Service > Reputation Filter > Types of Cyber Threats Coming From The Internet And Local Networks, deactivated the…
-
Router DMZ to Flex 500H
Hi, we are trying to configure the Flex 500H behind a Router with DMZ. The router has IP 192.168.2.1 configured and has a DMZ configured to 192.168.2.2.2 which is the Zywall. The problem is that we do not see anything in the log, opening port 21 for example to test. Is there anything else to configure?
-
Zyxel USG20W-VPN primary and backup link setup and IPSEC VPN
Hello guys, I have USG20W-VPN with latest firmware installed and just need little bit help with setuping my primary and backup link WAN connection. Firstly - I am using the DSL WAN connection that will work as primary link (WAN) and if this connection will fail automatically backup link will go active (Cellular, Brovi 4G…
-
out of production usg flex 200
Today i heard the usg flex 200 is out of production, and the EOL date is 2030. Is that correct. Wondering what's the follow up product of the flex 200. Off course you have the flex 200h, but that one is much more expensive, and maybe difficult to sell to our customers. 5 years and then EOL? that's a little quickly in my…
-
Bug report (availability/stability) on Flex 500: network range overlap mismatch
The following steps produce a faulty configuration file, that however runs sucessfully. Only after a reboot the faulty file is rolled back (which can be many months later, making it very hard to find what the issue was in the first place): Have a subnet, i.e. 192.168.2.1/24 configured on interface LAN2 Disable the subnet…
-
USG FLEX 500 VPN Server EAP-MSChapv2 vs EAP-TLS/PEAP on Radius
Hello, i've got some trouble setting up remote user connection with certificate instead of user/password, and i don't find much documentation about this on Zyxel networks. I've setup VPN gateway & tunnel for remote user connection with radius authentification EAP-MSChapv2 successfully, but when i'm trying to change Windows…
-
SecuReporter is often unreachable over the weekends from all across Europe
SecuReporter cannot be reached over the weekends from all across Europe. The internet connections are good from where the access over the weekend is tried. Same machines, same configurations which can instantly access the SecuReporter servers cannot connect over the weekend. Accessing other infrastructure in the Asia area…
-
zywall atp100w - external captive + radius
Hi all. I really need help from the community on setting up zywall atp100w. I read a lot of information on setting up, but I still couldn’t set it up correctly. Task: I have an atp100w router on which an open wifi network is configured on LAN1. Internet access is configured via WAN. NAT is configured. Wifi users access the…
-
DHCP server setup on ATP500 shows "Error -4027 : DHCP network setting conflict"
I want to setup DHCP server function on one of the LAN interface on the ATP500 device (firmware version being "V5.39(ABFU.1) / 2024-11-16 03:14:26"). After entering the parameters of : DHCP (server), IP pool start address (192.168.1.130), pool size (10), First DNS server (ZyWALL), default router (ge4 IP) with rest…
-
No entries in device insight
Hi, I have configured one device insight profile. Inside this only the criteria for OS "Windows" is selected. I would have now expected, that my laptops and desktops are listed in the device insight table of monitoring, but this table is always empty. I'm sure I have misunderstood or done something wrong. Kind regards SB
-
DNS lookup issue
We've got a really weird issue with a FLEX100. So a client reported that they can't access their website from their office network. On any device. If they turn WiFi off on their phones, they can acces it fine. Sure enough, the FLEX100 is not returning ANY address for their primary domain. But every public DNS server…
-
redirecting http
Hi! I have a webserver behind a zyxel 200H (frimware: V1.30) and I cant reach its website with its domain name/url, and instead of the website all I get is the zyxel 200H login screen. I looked up the problem, and I should find a "HTTP Redirect" instruction on…
-
Source NAT through vpn tunnels
Let's say we have three sites: Site A (USG Flex 50) - Policy based vpn - Site B (USG Flex 200) - Policy based vpn - site C (other device, managed by others) Note: between A and B it's simple routing, hosts keep their IP. Between B and C it's different: all B lan address reach C site SNATted (in B-C vpn policy) to a single…
-
url check
-
Error while trying to import a certificate. P12 certificate "errno: -17011"
Hi. When trying to import a certificate to UGL Flex 700 I get the error errno: -17011 errmsg: PKI certificate type is not supported I am on version V5.39(ABWD.1)
-
P12 Certificate "errno:-17011"
I have been importing P12 certificates for years. It is scripted openssl to generate pkcs12 from PEM files. openssl has not updated on linux since 2020. Now the "import" under "certificates" gets error 'error -17011'. "errmsg: PKI certificate type is not supported" Tried a different browser, chrome and firefox both error.…
-
usg20-vpn and surfshark
is there anybody able to share a configuration to connect my old usg20-vpn with surfshark? Actually looks like they provide a certificate for an ikev2 that i cannot import because they provide no secret key with it, and also no shared key. I think i should use the username and password system through ms chap, but it seems…
-
SCR50AXE sending internal ARP requests on WAN interface
Hello, I've just captured some traffic from the WAN interface of my SCR50AXE device. One thing seems very odd and that is that the device is sending ARP requests of internal VLANs on the WAN interface. Sending ARP requests on a completely different Subnet makes no sense in itself, but sending all ARP requests from all…
-
Advice on policy control issue
Hi Zyxel world, I wonder if you can help please - We've 3x USG60, connecting IPSEC to an Azure VPN Gateway, all 3x VPNs connect and remain connected but only 2x pass traffic (pings) and one does not. The key settings look identical as far as I can tell, having compared them side-by-side, aside from the expected network…
