-
💬 Your Firewall Story Could Earn You $50 Across Two Platforms!
This discussion has been moved.
-
Secure Start with Zyxel x Tailscale 🎁 Get 6 Months of Tailscale VPN Free, Before Oct.!
This discussion has been moved.
-
[Trade-Up Program] 🔄 Time to Trade Up: Say Goodbye to Legacy USG, Hello to Next-Level Securi…
Time to Trade Up: Upgrade Your Legacy USG and Unlock a Powerful New Experience.
-
Recovery Steps for USG FLEX/ATP Series Application Patrol Signature Issue (Jan. 2025)
Symptom: The App Patrol signature release V1.0.0.20250123.0 may create parsing error on device for On-premises mode, application patrol daemon will not work well after updating this new signature though the rest of UTM features keep running. However, the worst case is that device may get stuck if device did rebooting…
-
Zyxel USG FLEX and ATP series – Upgrading your device and ALL credentials to avoid hackers' attack
Zyxel team has been tracking the recent activity of threat actors targeting Zyxel security appliances that were previously subject to vulnerabilities and admin passwords have not been changed since then. Users are advised to update ALL administrators accounts for optimal protection. Based on our investigation, the threat…
-
Important Reminder for your Content Filter Service
At Zyxel, we are committed to providing you with the most advanced and secure services possible. In line with this commitment, we continuously enhance our Content Filter service to ensure top-notch security detection from Trellix. To ensure your service running stable and efficiently, please upgrade firmware to the latest…
-
How to solve the issue "ZTP is already enabled" on VPN series?
Symptom: Unable to access the web GUI. Access the web GUI but the page "ZTP is already enabled" appears. The device is on-premises mode and never deployed using ZTP. Q1. What are the impact model and version for this issue? Affected model Affected version VPN50 5.00 through 5.36(ABHL2)C0 VPN100 5.00 through 5.36(ABFV.2)C0…
-
What should I do if the device failed to be upgraded to the latest firmware?
Please follow the procedure to upgrade the firmware Step 1. Make sure you have on-site local support that able to reach the device Step 2. Unplug all WAN connections. Step 3. Access the device via LAN IP. Step 4. Copy startup-config.conf to recover.conf. Download "recover.conf" to your PC. Step 5. Switch to standby…
-
How to run two IKEv2 tunnels (full + split) on the same router?
We have external staff accessing company resources via smartphones and laptops. Previously we used IPSec IKEv1 tunnels, but now we’re moving to IKEv2. Smartphones are already set up with an IKEv2 “all traffic” tunnel (EAP auth with username/password, config payload works fine). Now we want laptops/PCs to connect via IKEv2…
-
download file .ovpn whith ATP 200
Buongiorno sto cercando disperatamente, il file .ovpn da passare a openVPN Connect per connettermi alla vpn del mio Zyxel ATP 200 con un pc ARM ho letto molte guide anche ufficiali ma non trovo il tasto per scaricare il file. Come fare ? : { Procedura Dettagliata: Accesso alla GUI Web Collegati all’interfaccia web del…
-
Problems with the content filter ATP100
Hello, I'm from Russia. Knowing that many security services are not working, I set up a VPN with a European server a year ago to use security services. Today, I discovered that they have stopped working. I think the server has changed. It was rest.gtiservice.trellix.akadns.net. Can you tell me the current address to enable…
-
USG LITE 60AX and IPv6 support
I have an AVM FRITZ!Box 6890 LTE that worked marvellous with both IPv4 + IPv6 on a German Telekom VDSL incl. port forwarding and am quite shocked that our new USG LITE 60AX does not seem to support IPv6 to the internet or even DNS forwarding. nslookup anysite.xy is not answered but ping is working, however only with IPv4.…
-
Issue with File Transfer Speeds using an ATP800
Hello, I have a question about performance with regard to an ATP800. The question is due to only getting file transfers speeds of about 40 MB/s on the network. In looking into this, the weak link appears to be the uplink to the ATP. We have 10G fiber throughout the company connecting all the switches and speeds on the same…
-
USG 500 - Act as stand alone Radius server - eliminate external Radius Server possible?
Can the USG 500 Firewall be its own radius server? All articles point to it working with an external Radius server. Is it possible to eliminate the external Radius server and have the USG 500 handle the 801.X authentication by itself, thus eliminating the need for an external Radius server?
-
Possible or not? 1USG20W-VPN together with a Zyxel AP,so that end devices seamlessly roam same WiFi
Hello, I have an USG20W-VPN, and its WiFi6 is not enough to cover all the intended areas. Now, I evaluate an additional Access Point with WiFi7 and WPA3 to extend the wireless access where is needed, namely an NWA50BE Pro. Now, I haven't received yet the new AP, but I assume that it will cover the existing area better, so…
-
port forwarding problem
I have a USG Flex 500 and if i connect a server behind this device i noticed that several ports won't open while i did setup this up in NAT and policy control. If i connect the server directly on the internet without the Flex 500 in between then i don't have any problems and all the necessary ports are open.
-
Static ARP Table
Hi, With the USG series I used a little CLI script to set up static ARP table entries (these entries are required to forward WoL packets from VPN connected management stations). Example: configure terminal arp 10.1.1.1 12:23:34:56:67:78 exit write How can I achieve a static ARP table entry with the current USG Flex H…
-
NAT rule "allow remote IP" on USG LITE 60AX no subnets?
First go around with the USG LITE 60AX. NAT rules "allow remote IP" doesn't seem to support a subnet, only a single IP (unless I'm doing something wrong). Is the only option to leave it at Any, the create firewall rules to limit allowed inbound subnets? Do NAT rules in this case also implicitly create the matching firewall…
-
WAN and VLANS
Hey everyone, how are you? I need some more help. Look, I have two WANs, WAN1 and WAN2, and I also have two VLANs, VLAN40 and VLAN50. VLAN40 goes through WAN1, and VLAN50 goes through WAN2. I'd like to create a rule that when WAN1 goes down, VLAN40 automatically switches to WAN2, and when it comes back up, VLAN40 returns…
-
Why is the logfile full of source IPs which are mapped to the wrong countries?
I have an USG firewall, the logfile is full of source IPs which show the wrong country of domain registration / origin. When I look these IPs up with different tools, they may show different partially incomplete or even wrong answers, that is true as well. But using specific tools, the answer is correct. I refer to IP…
-
IKEv2 fragmentation support in ATP firewalls
Hi everyone, I have a weird problem setting up an IKEv2 VPN on a ATP firewall using a self signed certificate from the same ATP. Some users from some places can connect to the IKEv2 VPN and some others from other places don't. All client are using the same Windows build. I think the problem have to do with the IKEv2…
-
Problem with VPN Configuration of USG Flex 100
Hello, today I tried to set up VPN access for my iPhone and my Windows PC on my new USG Flex 100 firewall. I used the Wizard and selected the L2TP connection. After that I downloaded the profiles and installed them on my iPhone and my Windows laptop. The iPhone connected successfully, but the Windows PC did not. I get the…
-
VPN routing between three sites with new H series and legacy Flex and third party firewall
Hi! Scenario, where we have site-to-site tunnel between site 1 (USG Flex 200) and 3rd party site. Now we would want to have vpn-connection from new site 2 (USG Flex 50H) to 3rd party site via site 1. With two USG FLEX firewall's this routing is possible with Policy routes. I have tried similar setup, so that between site 1…
-
SSL VPN SecuExtender Retirement / Licenses for IPSec SecuExtender needed?
Since the SSL VPN SecuExtender Client will be retired soon (or is already retired?), we have to seach for an alternative. The Windows build-in IKEv2 Client works so far with our USG 700 Flex and could be used, but is not so comfortable for us due to different reasons. Does Zyxel offers limited IPSec SecuExtender licences…
-
DHCP Option 61?
Hi all, Is there any way to set DHCP Option 61 on a USG Flex 100H
-
Flex 200 to 100H Migration
Hello! Attempting to migrate from a Flex200 to a Flex 100H, I've encountered a few problems. No template migration. This is a big one, there is not any ability to define multiple peer gateway addresses in an IPSEC tunnel. I needed this feature in the Flex 200, and it was there. I wanted to use Nebula with the 200, but I…
-
Windows server AD trough IPSec VPN
Hello, We've got 2 sites linked trough an IPSec VPN. We used USG Flex at each side. In the simpliest way, what can i do for users to be able to login on the domain, whatever site it is on? Many thank's L.
-
Problems with "non-default WAN IP address" and domain name in VPN gateway setting.
Hi all, I have a Zyxel USG FLEX 500. I have public IP addresses in the range 8.14.19.210/255.255.255.240, the default public IP address of the USG is 8.14.19.210. How to properly set up VPN on a "non-default IP address"? What I have described below works for me, but is it correct? If I want to set up VPN so that clients…
