Security - Zyxel Community

USG FLEX H Series
Security Ideas
Your ideas could be new features for Security!

Secure Start with Zyxel x Tailscale 🎁 Get 6 Months of Tailscale VPN Free, Before Oct.!
This discussion has been moved.
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
ATP100W wpa ssid not working
Hi all I have configured some atp100w and never encounter wifi problems. But on one of them I setup two ssid one for guest which is open and it works well. Device like phone and computer connect to them and got an ip adress on another lan (pool). The second one is a pro ssid. Used to be internal of the office Lan to have…
IKEv2 fragmentation support in ATP firewalls
Hi everyone, I have a weird problem setting up an IKEv2 VPN on a ATP firewall using a self signed certificate from the same ATP. Some users from some places can connect to the IKEv2 VPN and some others from other places don't. All client are using the same Windows build. I think the problem have to do with the IKEv2…
USG authentication against Cisco ISE
Hi community, anyone can advice how to setup Radius attribute on Cisco ISE so that when login with my RAdius credentials my privilidge is correctly assigned to user type admin? i have tried to follow AD/LDAP/Radius Admin Authentication — Zyxel Community ATTRIBUTE Zyxel-User-Type 64 string with direction BOTH and i can…
Typo on description for USG 50AX
Hello everyone, I see this: on this page: I think there is a typo on that page
Changing a VPN user's password on your own
We are currently using Flex200. I've read through many threads regarding the topic of allowing VPN users to change their own passwords, but none of them led me to a working solution — in fact, I’m now even more confused. Since many of these discussions are outdated, I would like to know what options are currently…
I have forgotten my password to Zyxel8751-2,4ghz
Use an Static + Dynamic IP Adress together (if the ISP support it!).
Hi "By accident" i found out that with my current config of the ATP my ISP give me 2 different IP Adress. The first IP Adress get signt via DHCP from the Modem. The can be found in: Network → Interface → Ethernet → WAN Port In my case as mention before the get assign via DHCP Automatic and change every ~24h. Than for my…
UTM Bundle License Refund or Upgrade Option Inquiry
I hope this message finds you well. I would like to inquire about the possibility of returning or exchanging a license from the equipment. I recently purchased and activated a UTM Bundle license for my USG FLEX 100 firewall. However, I later realized that I actually need it the Gold Security Pack, which includes additional…
AD Authentication Failed after upgrade to 5.40 on USGFLEX700 model only
hi everybody, after upgrading to ZLD 5.40 on USGFLEX700 (Standalone mode) we got systematic authentication failure using AD Authentication against windows server 2019 Domain Controllers (so this shouldn't have nothing to do with the Windows Server 2025's problem as of Zyxel's advisory of last April) We've verified that on…
ATP200, SFP to Lan Port?
Hi My Home Server is hooked directly to the SFP Port on my ATP. The ATP is the DHCP Server for a bunch of Virtual Machines. Now I have to move them somehow to an Server who is connect lets say Lan Port 1 (= P4). For that reason I set up LAN2 and under "DHCP Setting" I choose DHCP Relay and in "Relay Server 1" I put in the…
Weird Problem with WAN?!
Well I dont know how but since my ISP Upgradet my Internet to an higher speed everything is weird… No HW changed. I also use the Zyxel Modem from my ISP. The "Dial In" does my ATP. When I go to Ethernet i see this: The show me an 100.X.X.X IP Adress as WAN IP. When I go to PPP I see this: Here I see my fix Wan IP Adress…
USG FLEX 500H SSL VPN How How to set up two user groups for split and full tunnel?
Hy, we need to create two user groups for SSL VPN (OpenVPN Client), one using split tunnel and one using full tunnel, but the GUI doesn't seem to allow it. On the old USG firewall we could do it instead. Do you have some tips? Thank you.
Server 2025 Std. as AD autentication server
A Zyxel Flex500 worked as an AD authentication server with a server 2012 std. After updating the server to 2025 it does not work, the error is Wrong Base DN or Bind DN. What could be the problem?
IKEv2 causes USG to crash
We’ve been running several USG devices (110 and 210) without issues for years. However, our USG110 recently started hanging every three days. By "hang," I mean it completely stops responding and becomes inaccessible by any means. To rule out hardware or configuration issues, we replaced it with a brand-new USG210 from…
Incorrect RADIUS client behavior on USG devices
We’ve been running several USG devices (110 and 210) without issues for years but recently discovered few issues that seem are persisting on newest FLEX H devices as well. RADIUS Framed-MTU Issue The Zyxel RADIUS client (AAA Server) hardcodes Framed-MTU=1400, which is incorrect and not configurable (Microsoft…
VPN client-to-site settings for MacOS 15 (Sequoia)
Hi, I'm currently using these settings for a working VPN connection from Windows native clients: Gateway: - SA Lifetime: 86400 - Negotiation mode: Main - Proposal (enc/auth): 3DES/SHA1 - Key Group: DH2 Connection: - SA Lifetime: 3600 - Active Protocol: ESP - Encapsulation: Transport (L2TP/IPSec) or Tunnel (IKEv2) -…
Zyxel firewall categorizing Let's Encrypt CRL as malware
I work at Let's Encrypt, a widely used Certificate Authority - including by some Zyxel websites like support.zyxel.eu. We've received reports that our CRL (Certificate Revocation List) URL r10.c.lencr.org arise being categorized as malware by Zyxel firewalls. I am not familiar with Zyxel products, but I do see it shows as…
Request help to convert configuration file
Hello, I'd like to request help to convert USG Flex 200 to USG Flex 200H configuration file. When I try it on the convert.cloud.zyxel.com website, I get the error conversion failed and to contact support for assistance. Thank you.
ZLD 5.x firmware development status
According to this page https://support.zyxel.eu/hc/en-us/articles/360005438274-Weekly-Firmware-Support-Version-Lab-Version latest pubblication of Lab Firmware for ZLD 5.x is dated november 2024, 1 month after 5.39P1, roughly 20 weeks ago. Is there a new way for access Lab Firmwares? Is Lab Firmware release suspended? Is…
my flex 200 doesn't recognize my usb storage
i reformatted the usb stick to fat32, and restarted the router. any suggestions i think this post is in the wrong place, but i can't move it.

Welcome!

It looks like you're new here. Sign in or register to get started.

Security Highlight

[2025 July Tips & Tricks] ⚙Set up your USG FLEX H before it’s online
Starting from firmware uOS1.35, Zyxel’s USG FLEX H series supports remote pre-configuration directly from Nebula—even before the device is powered on. To use this feature, make sure your device is running the required firmware: Newly purchased units must complete the initial setup wizard to keep the firmware up to date.…
[2025 March Spotlight] USG LITE 60AX Shines Bright with Media Acclaim and Awards 🌟
The Zyxel USG LITE 60AX has quickly risen to prominence, earning enthusiastic praise from tech media and prestigious industry awards 🏆. Designed for small businesses and teleworkers, this WiFi 6 security router has struck a chord with reviewers and experts alike. We deeply thank the following media and organizations for…
[2025 July Notification] SecuExtender Perpetual Version Vulnerability
Dear Valued Users, We would like to inform you that the SecuExtender VPN client with the perpetual version IPSec_3.8.204.61.32 will soon be removed from our official website due to a reported security vulnerability related to legacy Windows 7 environments. Under certain conditions, this vulnerability may allow unauthorized…

View All