Download Library | Zyxel Networks
www.zyxel.com
Release Note
USG FLEX 50W (USG20W-VPN)
Version 5.37(ABAR.2)C0
January 22, 2024
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
1/151
www.zyxel.com
Contents
Release Note ................................................................................................................... 1 Supported Platforms:....................................................................................................... 5 Versions:........................................................................................................................... 5 Files lists contains in the Release ZIP file ....................................................................... 5 Read Me First ................................................................................................................... 6 Design Limitations: .......................................................................................................... 8
Build in Service.......................................................................................................................8 DNS ............................................................................................................................................8 GUI .............................................................................................................................................8 Interface ..................................................................................................................................9 IPSec VPN ................................................................................................................................9 SSL VPN...................................................................................................................................11 L2TP VPN.................................................................................................................................11 User Aware ............................................................................................................................11 IPv6 ..........................................................................................................................................12 Anti-Spam .............................................................................................................................. 12 MAC Authentication...........................................................................................................12 SecuExtender SSL VPN Client...........................................................................................12 Known Issues: ................................................................................................................ 13 IPSec VPN ..............................................................................................................................13 IPv6 ..........................................................................................................................................14 SSL VPN...................................................................................................................................14 System ....................................................................................................................................15 GUI ...........................................................................................................................................15 3G Dongle .............................................................................................................................16 Remote Access VPN wizard.............................................................................................16 Web Content Filter...............................................................................................................17 Features: V5.37(ABAR.2)C0 .......................................................................................... 18 Features: V5.37(ABAR.1)C0 .......................................................................................... 19 Features: V5.37(ABAR.0)C0 .......................................................................................... 23 Features: V5.36(ABAR.2)C0 .......................................................................................... 27 Features: V5.36(ABAR.1)C0 .......................................................................................... 28 Features: V5.36(ABAR.0)C0 .......................................................................................... 29 Features: V5.35(ABAR.0)C0 .......................................................................................... 32 Features: V5.32(ABAR.0)C0 .......................................................................................... 35
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
2/151
www.zyxel.com
Features: V5.31(ABAR.0)C0 .......................................................................................... 38 Features: V5.30(ABAR.0)C0 .......................................................................................... 41 Features: V5.21(ABAR.1)E1 ........................................................................................... 44 Features: V5.21(ABAR.1)C0 .......................................................................................... 45 Features: V5.21(ABAR.0)C0 .......................................................................................... 46 Features: V5.20(ABAR.0)C0 .......................................................................................... 47 Features: V5.10(ABAR.0)C0 .......................................................................................... 51 Features: V4.65(ABAR.1)C0 .......................................................................................... 55 Features: V4.65(ABAR.0)C0 .......................................................................................... 56 Features: V4.64(ABAR.0)C0 .......................................................................................... 57 Features: V4.63(ABAR.0)C0 .......................................................................................... 58 Features: V4.62(ABAR.0)C0 .......................................................................................... 59 Features: V4.60(ABAR.1)C0 .......................................................................................... 60 Features: V4.60(ABAR.0)C0 .......................................................................................... 61 Features: V4.39(ABAR.0)C0 .......................................................................................... 65 Features: V4.38(ABAR.0)C0 .......................................................................................... 66 Features: V4.35(ABAR.3)C0 .......................................................................................... 68 Features: V4.35(ABAR.2)C0 .......................................................................................... 69 Features: V4.35(ABAR.0)C0 .......................................................................................... 70 Features: V4.33(ABAR.0)C0 .......................................................................................... 78 Features: V4.31(ABAR.1)C0 .......................................................................................... 80 Features: V4.31(ABAR.0)C0 .......................................................................................... 81 Features: V4.30(ABAR.0)C0 .......................................................................................... 84 Features: V4.25(ABAR.1)C0 .......................................................................................... 94 Features: V4.25(ABAR.0)C0 .......................................................................................... 96 Features: V4.20(ABAR.2)C0 ........................................................................................ 104 Features: V4.20(ABAR.1)C0 ........................................................................................ 105 Features: V4.20(ABAR.0)C0 ........................................................................................ 107 Features: V4.15(ABAR.3)C0 ........................................................................................ 118 Features: V4.15(ABAR.2)C0 ........................................................................................ 119 Features: V4.15(ABAR.1)C0 ........................................................................................ 120 Features: V4.15(ABAR.0)C0 ........................................................................................ 121 Features: V4.13(ABAR.1)C0 ........................................................................................ 124 Features: V4.13(ABAR.0)C0 ........................................................................................ 125 Features: V4.11(ABAR.2)C0 ........................................................................................ 132 Features: V4.11(ABAR.1)C0 ........................................................................................ 133 Features: V4.11(ABAR.0)C0 ........................................................................................ 134
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
3/151
www.zyxel.com
Features: V4.10(ABAR.2)C0 ........................................................................................ 139 Features: V4.10(ABAR.0)C0 ........................................................................................ 144 Appendix 1.Firmware upgrade / downgrade procedure ...................................... 145 Appendix 2. SNMPv2 private MIBS support .............................................................. 146 Appendix 3. Firmware Recovery ............................................................................... 147
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
4/151
www.zyxel.com
USG FLEX 50W (USG20W-VPN)
Release V5.37(ABAR.2)C0
Date: January 22, 2024
Release Note
Supported Platforms:
USG FLEX 50W (USG20W-VPN)
Versions:
ZLD Version: V5.37(ABAR.2) | 2024-01-20 05:34:31
Files lists contains in the Release ZIP file
File name: 537ABAR2C0.bin Purpose: This binary firmware image file is for normal system update. Note: The firmware update may take five or more minutes depending on the scale of device configuration. The more complex the configuration, the longer the update time. Do not turn off or reset the ZyWALL/USG while the firmware update is in progress. The firmware might damage, if device loses power or you reset the device during the firmware upload. You might need to refer to Appendix 3 of this document to recover the firmware.
File name: 537ABAR2C0.conf Purpose: This ASCII file contains default system configuration commands.
File name: 537ABAR2C0.pdf Purpose: This release file.
File name: 537ABAR2C0.ri Purpose: This binary firmware recovery image file is for emergent system firmware damage recovery only.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
5/151
www.zyxel.com
Note: The ZyWALL/USG firmware could be damaged, for example by the power going off or pressing Reset button during a firmware update.
File name: 537ABAR2C0-MIB.zip Purpose: The MIBs are to collect information on device. The focus of the MIBs is to let administrators collect statistical data and monitor status and performance. The zip file includes several files: ZYXEL-ZW-SMI.MIB, ZYXEL-ZW-COMMON.MIB, ZYXEL-ES-SMI.MIB, ZYXEL-ES-CAPWAP.MIB, ZYXEL-ES-COMMON.MIB and ZYXEL-ESProWLAN.MIB. Please import ZYXEL-ES-SMI.MIB first.
File name: 537ABAR2C0-opensource-list.xls Purpose: This file lists the open source packages.
File name: 3G dongle compatibility table v109.xlsx, 3G patch file v106.wwan Purpose: Mobile broadband dongle support list.
Read Me First
1. The system default configuration is summarized as below: The default device administration username is "admin", password is "1234". The default LAN interface is lan1, which are P3 port on the front panel. The default IP address of ge4 is 192.168.1.1/24.-->1 By default, WWW/SSH/SNMP service can only be accessed from LAN subnet. The default WAN interface is wan, the interfaces will automatically get IP address using DHCP by default. For new model, requires connecting to myZyxel to complete device registration and Security Service activation.
2. It is recommended that user backs up "startup-config.conf" file first before upgrading firmware. The backup configuration file can be used if user wants to downgrade to a previous firmware version.
3. Please DO NOT turn off the power during the firmware upgrade. Please wait until the device reboots and the SYS light stays on
4. We recommended upgrade to ZLD5.35C0 or later version to Standby partition first before upgrading to ZLD5.37.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
6/151
www.zyxel.com
5. When getting troubles in configuring via GUI (popup java script error, etc.), it is recommended to clear browser's cache first and try to configure again.
6. To reset device to system default, user could press RESET button for 5 seconds and the device would reset itself to system default configuration and then reboot. Note: After resetting, the original configuration would be removed. It is recommended to back up the configuration before this operation.
7. If ZyWALL Firewall can't reboot successfully after firmware upgrade, please refer to Appendix 3: Firmware Recovery.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
7/151
www.zyxel.com
Design Limitations:
Note: Design Limitations described the system behavior or limitations in current version. They will be created into knowledge base.
Build in Service
1. [SPR: 061208575] [Symptom] If users change port for built-in services (FTP/HTTP/SSH/TELNET) and the port conflicts with other service or internal service, the service might not be brought up successfully. The internal service ports include 53/179/953/1723/2158/2601-2605/10443/10444/11080/50001. Users should avoid using these internal ports for built-in services. [Workaround] Users should avoid using these internal ports for built-in services.
DNS
1. [SPR: 150122977] [Symptom] DNS security option will deny device local out DNS query [Condition] 1. Edit the customize rule of DNS security option, and set the query recursion as deny. 2. If device's WAN IP address is in the customize address range, device local-out DNS query will be denying.
GUI
1. Following are the table list for supporting GUI browser:
Operating System Windows 10 (X64)
Linux OS (Ubuntu)
For Administrator Login Browsers
Safari 5.1.7(7534.57.2) or later Edge 20.10240.16384.0 or later Firefox 50.0.2 or later Opera 47.0.2631.55 or later Chrome latest version 60.0.3112.101 Safari latest version 10.1.2(12603.3.8) Firefox latest version 50.0.2 9 latest version 9.3.3 (Safari)
For User Login Browsers
Safari 5.1.7(7534.57.2) or later Edge 20.10240.16384.0 or later Firefox 50.0.2 or later Opera 47.0.2631.55 or later Chrome latest version 60.0.3112.101 Safari latest version 10.1.2(12603.3.8) Firefox latest version 50.0.2 Safari 9 latest version 9.3.3
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
8/151
www.zyxel.com
10 latest version 10.3.2 (Safari) Apple MAC OS X latest version 5.0 (Chrome)
Firefox latest version Latest Safari version 13.1.2/ 14.1/15.0 Apple iOS (Tablet) latest version 5.0 (Chrome) Android (Tablet) Chrome 59.0.3071.115 or later
* Not support Opera browser 10.6x * Not support Mobile OS
Safari10 latest version 10.3.2 latest version 5.0 (Chrome)
Firefox latest version Latest Safari version 13.1.2/ 14.1/15.0 latest version 5.0 (Chrome) Chrome 59.0.3071.115 or later
2. [SPR: 171030438] [Symptom] IE browser will download the privacy statement when accessing the related page, instead of reading on browser.
Interface
1. [SPR: 170628894] [Symptom] [LAG] The active slave may always switch to each other between ge1 and ge2 with active-backup mode and link-monitoring method is ARP. [Workaround] Suggest using MII monitoring method.
IPSec VPN
1. [SPR: 070814168]
[Symptom] VPN tunnel could not be established when:
a. a non ZyWALL/USG peer gateway reboot and b. ZyWALL/USG has a previous established Phase 1 with peer gateway,
and the Phase 1 has not expired yet. Under those conditions, ZyWALL/USG will continue to use the previous phase 1 SA to negotiate the Phase 2 SA. It would result in phase 2 negotiation to fail. [Workaround] User could disable and re-enable phase 1 rule in ZyWALL/USG or turn on DPD function to resolve problem. 2. [SPR: 100429119]
[Symptom] VPN tunnel might be established with incorrect VPN Gateway [Condition]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
9/151
www.zyxel.com
a. Prepare 2 ZyWALL/USG and reset to factory default configuration on both ZyWALL/USGs
b. On ZyWALL/USG-A: Create 2 WAN interfaces and configure WAN1 as DHCP Client Create 2 VPN Gateways. The "My Address" is configured as Interface type and select WAN1 and WAN2 respectively Create 2 VPN Connections named VPN-A and VPN-B accordingly which bind on the VPN Gateways we just created
c. On ZyWALL/USG-B Create one WAN interface Create one VPN Gateway. The Primary Peer Gateway Address is configured as WAN1 IP address of ZyWALL/USG-A and the Secondary Peer Gateway Address is configured as WAN2 IP address of ZyWALL/USG-A
d. Connect the VPN tunnel from ZyWALL/USG-B to ZyWALL/USG-A and we can see VPN-A is connected on ZyWALL/USG-A
e. Unplug WAN1 cable on ZyWALL/USG-A f. After DPD triggered on ZyWALL/USG-B, the VPN Connection will be
established again g. On ZyWALL/USG-A, VPN-A is connected. But actually ZyWALL/USG-B
should connect to VPN-B after step 5. [Workaround]
Change the WAN1 setting of ZyWALL/USG-A to Static IP 3. [SPR: 140304057]
[Symptom] After inactivating GRE over IPSec, old connection may remain if the traffic flows continuously. This may cause by traffic bounded with old connection. [Workaround] Stop traffic for 180 seconds and the internal connection record will time out. 4. [SPR: 140416738] [Symptom] Ignore don't fragment setting cannot take effect immediately if there already existed the same connection. [Workaround] Stop traffic for 180 seconds and the internal connection record will time out.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
10/151
www.zyxel.com
5. The following VPN Gateway rules configured on the ZyWALL/USG cannot be provisioned to the IPSec VPN Client: a. IPv4 rules with IKEv2 version b. IPv4 rules with User-based PSK authentication
6. Not support site to site VPN behind NAT scenario both in On-Premises mode and On-Cloud mode
SSL VPN
1. Following are the list for SSL VPN supporting applications and operating systems: SecuExtender SSL VPN Client support: Windows 10/11 (32- and 64-bit) and macOS 10.15 or later version.
L2TP VPN
1. Following are the table list for L2TP VPN supporting L2TP client and operating systems:
L2TP Client
OS type
Windows L2TP client
Windows 10/11 (32- and 64-bit)
iPhone/iPad L2TP client Mac L2TP client
iOS 15 or later macOS 10.15 or later
2. [SPR: N/A] [Symptom] L2TP connection will break sometimes with Android device. This issue comes from the L2TP Hollow packet will not by replied by Android system.
User Aware
1. [SPR: 070813119] [Symptom] Device supports authenticating user remotely by creating AAA method which includes AAA servers (LDAP/AD/Radius). If a user uses an account which exists in 2 AAA server and supplies correct password for the latter AAA server in AAA method, the authentication result depends on what the former AAA server is. If the former server is Radius, the authentication would be granted, otherwise, it would be rejected. [Workaround]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
11/151
www.zyxel.com
Avoid having the same account in AAA servers within a method.
IPv6
1. HTTP/HTTPS not support IPv6 link local address in IE7 and IE8. 2. Windows XP default MS-DOS FTP client cannot connection to device's FTP
server via iPv6 link-local address. 3. [SPR: 110803280]
[Symptom] Safari cannot log in web with HTTPS when using IPv6 4. [SPR: 110803293] [Symptom] Safari fails to redirect http to https when using IPv6 5. [SPR: 110803301] [Symptom] Safari with IPv6 http login when change web to System > WWW, it pops up a logout message. (HTTP redirect to HTTPS must enable)
Anti-Spam
1. Not support SMTPs , STARTTLS, POP3s, SMTP Extension command BDAT
MAC Authentication
1. [SPR: 150127103] [Symptom] Client use Internal MAC-Auth. connection Auth. Server can't get IP successful. [Workaround] Set short ARP timeout value on monitored interface's switch and gateway side.
SecuExtender SSL VPN Client
1. Windows 7 users have not done Windows update before may have SecuExtender virtual Network interface card detection issue. [Workaround] Recommend installing all windows security patches before installing SecuExtender. One of reference: https://support.microsoft.com/en-us/kb/3033929
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
12/151
www.zyxel.com
Known Issues:
Note: These known issues represent current release so far unfix issues. And we already plan to fix them on the future release.
[On Premises mode]
IPSec VPN
1. [SPR: 120110586] [Symptom] When set IPSec VPN with certificate and enable x.509 with LDAP, the VPN session must dial over two times and the session will connect successfully
2. [SPR: 140818615] [Symptom] After Enable and Disable NAT rule, IPSec VPN traffic cannot forward to LAN subnet immediately. [Condition] a. Topology: PC1 ---LAN1 USG60W WAN1 ---- WAN1 USG60 LAN1 --- PC2 & PC3 b. USG60W WAN1: 10.1.4.45/24 WAN2: 192.168.9.x/24 (Can reach to 172.23.x.x network through NAT router.) LAN1: 192.168.181.x/24 PC1: 192.168.181.33 c. USG60 WAN1: 10.1.6.79/24 LAN1: 192.168.1.1/24 PC2: 192.168.1.33 PC3: 192.168.1.34 d. USG60 sets a policy route, src=192.168.1.0/24, dst=172.0.0.0/8, nexthop=VPN tunnel USG60W sets 1. policy route, src= 172.0.0.0/8, dst=192.168.1.0/24, next-hop=VPN tunnel 2. policy route, src=192.168.1.0/24, dst=172.0.0.0/8, next-hop=WAN2 e. PC2 ping 172.23.x.x is OK
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
13/151
www.zyxel.com
f. Add a 1:1NAT rule which is from WAN1 10.1.6.79 mapping to 192.168.1.34 (PC3) on USG60.
g. PC2 ping 172.23.x.x will fail now. h. Disable 1:1 NAT rule. i. PC2 still cannot ping to 172.23.x.x.
*Need to reboot device or wait several minutes, it works. 3. [SPR: 141209575]
[Symptom] IPSec VPN tunnel sometimes can be built up while initiator and responder devices use CA with the same subject name in IKE authentication. This tunnel should not be allowed to build. 4. [SPR: 171108122] [Symptom] The number of VPN connected tunnels in VPN Dashboard may display incorrectly under stress with Zyxel VPN client 5. [SPR: 210917118] [Symptom] The VPN authentication failed with external user which is not in the first order of authentication method profile [Workaround] Move AAA server stores external user to the first order of authentication method profile.
IPv6
1. [SPR: 131226738] [Symptom] Only one prefix delegation can be added in IPv6 address assignment.
SSL VPN
1. [SPR: N/A] [Symptom] Windows 7 users cannot use SSL cipher suite selection as AES256. [Workaround] You can configure Windows cipher with following information http://support.microsoft.com/kb/980868/en-us
2. [SPR: 160309776] [Symptom]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
14/151
www.zyxel.com
GUI login can't auto connect/disconnect new SecuExtender tool in windows. 3. [SPR: 170517424] [Symptom] SecuExtender after ZLD4.30 will not support Windows XP due to strong cipher suite activated by default. Please upgrade client OS or allow ZLD with unsecure cipher suite via CLI, "no ip http secure-server strong-cipher".
System
1. [SPR: 160420343] [Symptom] USG310/1100/1900 and ZyWALL 310/1100 Interface up time counter will not reset after link down. For example, the ge1 port uptime shows 41 second and inactive ge1 port (link down). The next link up time should re-count from 00:00:00, but after link up, the uptime continues count from 41 second.
GUI
1. [SPR: 160411770] [Symptom] Go to Configuration > UTM Profile IDP Profile page, add a profile (e.g. name:2016USG) then back to the profile list select this rule and click "clone" you will find the background GUI profile name become the same as Clone Profile name before you apply.
2. [SPR: 160503266] [Symptom] It doesn't show logout IP after upgrade firmware to ZLD4.20.
3. [SPR: 170328262] [Symptom] Network risk warning information show null on ZyWALL series device
4. [SPR: 171016187] [Symptom] Easy mode click Network Client list button may cause page always loading status
5. [eITS: 170300826] [Symptom]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
15/151
www.zyxel.com
With feature "Link Aggregation Group", it no longer provide the field "none" on link-monitoring, balanced-alb and active-backup due to useless. 6. [SPR: 190329412] [Symptom] [GUI] When PC login admin then login useradmin user have some page always was loading. 7. [SPR: 190329413] [Symptom] [GUI] After remove policy route rule, routing table still has this rule. 8. [SPR: N/A] [Symptom] Sometimes GDPR dialog will be blocked by device dashboard loading mask. Please move the dialog to usable place for advanced operations or wait for the loading mask finished. 9. [SPR: N/A] [Symptom] GUI displays wrong firmware version, for example 4.35(VVVV.0)/4.35(WWWW.0)/4.35(ZZZZ.0)/4.35(YYYY.0), if uploaded ZLD4.35 or above firmware to standby partition without reboot. It'll auto recover after reboot device. 10. [SPR: 220302038] [Symptom] The description field does not support "," symbol and a warning message will be displayed to notify the user to modify.
3G Dongle
1. [SPR: 161215667] [Symptom] Budget set only download, action upload still has budget logs.
Remote Access VPN wizard
1. [Symptom] When IP address pool subnet is not /24 it will conflicts with VLAN interface
and will not auto change IP pool subnet. [Workaround]
Manually change the IP pool in the Remote Access VPN Wizard.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
16/151
www.zyxel.com
Web Content Filter
1. [SPR: 210324205, 210324206] [Symptom] [VPN][L2TP] Remote access VPN_The html picture is broken on warning page (Content Filter/URL threat filter) for http website.
2. [SPR: 211103043] [Symptom] The picture at URL Threat Filter block page cannot be displayed when using Google Chrome (version 95 or above) or Microsoft Edge (version 95 or above) browser.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
17/151
www.zyxel.com
Features: V5.37(ABAR.2)C0
Modifications in V5.37(ABAR.2)C0 - 2024/01/22 [On Premises mode] 1. [Bug Fix] eITS#231101413, 231101432
a. Fix: 802.1X wireless station authentication failure. 2. [Bug Fix] eITS#231101439
a. Fix: Failed to apply configuration file due to certificate. 3. [Bug Fix] eITS#231200479
a. Fix: Import pkcs12 certificate fail 4. [Bug Fix] eITS#231200577
a. Fix: some debug information missing in diagnostics collection. 5. [Bug Fix] eITS#231200592
a. Fix: IDP system protect causes the device reboot unexpectedly. 6. [Bug Fix] eITS#231201567
a. Fix: WAN PPPoE cannot be established once the device is upgraded to 5.37P1. You need to edit the PPPoE username or password on Nebula and save it again to make PPPoE work.
[On Cloud mode] 1. [Bug Fix] eITS#231200717
a. Fix: High CPU load on cloud mode.
[AP Controller] 1. [Bug Fix] eITS#231100445
a. Fix: APC abnormally displays 6GHz wireless client count while there is no 6GHz client connected.
[Common vulnerabilities and Exposures] ZLD5.37 Patch2 is no longer vulnerable to the following CVE References:
CVE-2023-6397 CVE-2023-6398 CVE-2023-6399 CVE-2023-6764
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
18/151
www.zyxel.com
Features: V5.37(ABAR.1)C0
Modifications in V5.37(ABAR.1)C0 - 2023/11/10 [On Premises mode] 1. [ENHANCEMENT]: IP Reputation to scan device local in/out traffic. 2. [ENHANCEMENT]: Show allow action from SecuReporter including IP
Reputation, DNS & URL Threat Filter. 3. [ENHANCEMENT]: New network tools - Speed Test. 4. [Feature Change]: Update OpenSSL package to 3.0.10 and not support
TLS1.0/1.1 protocol anymore for these features: a. AAA Server b. SSL inspection c. Web GUI d. SecuManager e. Certificate 5. [Feature Change]: To ensure the highest level of security, after the first login, it is not possible to set the password to "1234". 6. [Feature Change]: To increase session control "default session limit" to 20,000 and "create new object session limit" to 40,000. 7. [Feature Change]: [eITS#230501617] Fine tune the CEF log format. 8. [Feature Change] User Interface/Description change: a. Remove "Cloud Email Security" icon in Email Security page. 9. [Bug Fix] eITS#221001398 a. Fix: Stability issue when "Failback to Primary Peer Gateway when possible" is
enabled. 10. [Bug Fix] eITS#221001970
a. Fix: Many duplicated dynamic VPN routing entries are on the MAINTENANCE > Packet Flow Explore > Dynamic VPN > Routing Table.
11. [Bug Fix] eITS#230500501 a. Fix: Web authentication using External Web Portal with 3rd party App doesn't work.
12. [Bug Fix] eITS#230501662 a. Fix: Device reboots unexpectedly.
13. [Bug Fix] eITS#230600461 a. Fix: HA failover doesn't work.
14. [Bug Fix] eITS#230601375 a. Fix: The device lost all SSL Inspection Exclude List after it rebooted.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
19/151
www.zyxel.com
15. [Bug Fix] eITS#230700228 a. Fix: Move "Radius Server is enable" log to debug level.
16. [Bug Fix] eITS#230700420 a. Fix: DHCP server cannot release IP address.
17. [Bug Fix] eITS#230700642 a. Fix: Go to CONFIGURATION > Mgmt. & Analytics > Nebula but the page keeps loading.
18. [Bug Fix] eITS#230700646 a. Fix: The device rebooted unexpectedly.
19. [Bug Fix] eITS#230701080 a. Fix: When the VPN client uses domain user to login in, it can still be established without 2FA authentication even if the authentication is expired.
20. [Bug Fix] eITS#230701237 a. Fix: The SFP port with DHCP IP sometimes will lost WAN connection unless you manually release DHCP IP from Web-GUI or re-activate the SFP interface.
21. [Bug Fix] eITS#230701499 a. Fix: iOS device is not redirected to authentication page automatically.
22. [Bug Fix] eITS#230800292 a. Fix: The CSV file is not fully imported to the static DHCP table. Weird three lines appear at the bottom of the DHCP table and prevent saving any changes.
23. [Bug Fix] eITS#230800764 a. Fix: Incorrect status on login users page when SSH client closed the session.
24. [Bug Fix] eITS#230801489 a. Fix: The HTTPS Service control filter to access the administration interface from a particular Public IP does not work.
25. [Bug Fix] eITS#230900423 a. Fix: Once the based port of the VLAN interface is modified, the device will get stuck and need a reboot to recover.
26. [Bug Fix] eITS#230901380 a. Fix: The character comma is not supported in the log settings of email password but the i-note says it is supported.
27. [Bug Fix] eITS#231000246 a. Fix: DHCP lease time is expired but the expired IP address still exists in the DHCP table.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
20/151
www.zyxel.com
28. [Bug Fix] eITS#231000270 a. Fix: Configure a security policy rule to block devices with device insight but all devices are still able to access Internet.
29. [Bug Fix] eITS#231000905 a. Fix: Content Filter does not work correctly in certain condition.
[On Cloud mode] 1. [Feature Change] Remove ZTP from ZLD5.37 Patch1:
a. For USG FLEX/ATP series, please go to Nebula Control Center deployment method and choose the "Nebula native mode".
2. [Bug Fix] eITS#230601419 a. Fix: Connectivity Status always shows "Success" even no IP is on wan interface.
3. [Bug Fix] eITS#230801049 a. Fix: The device is nebula mode but the web GUI shows on-premises style.
4. [Bug Fix] eITS#230801380 a. Fix: When web authentication is disabled, client is not able to query walled garden list domain via external DNS server.
[AP Controller] N/A
[Common vulnerabilities and Exposures] ZLD5.37 Patch1 is no longer vulnerable to the following CVE References:
CVE-2021-25217 CVE-2022-44792 CVE-2022-44793 CVE-2023-35136 CVE-2023-35139 CVE-2023-37925 CVE-2023-37926 CVE-2023-4397 CVE-2023-4398 CVE-2023-5650
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
21/151
www.zyxel.com
CVE-2023-5797 CVE-2023-5960
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
22/151
www.zyxel.com
Features: V5.37(ABAR.0)C0
Modifications in V5.37(ABAR.0)C0 - 2023/06/30 [On Premises mode] 1. [ENHANCEMENT] Support management with Nebula Cloud Monitoring Mode 2. [ENHANCEMENT] Enable VPN Service switch in VPN Connection 3. [ENHANCEMENT] DNS Content Filter support Google/ YouTube/ Microsoft Bing
Safe Search 4. [ENHANCEMENT] [eITS#230100967] Add test site & feedback link to Content
Filter and URL Threat Filter page. 5. [ENHANCEMENT] Support Single sign-on feature included in Network Premium
license 6. [Feature Change] Change ATP100 and ATP100W max. VTI / VPN Tunnels
number to 50 7. [Feature Change] Remove Facebook Wi-Fi Portal Authentication feature due
to Meta had end of the Facebook Wi-Fi service by June 12, 2023 8. [Feature Change] Remove "Continuously capture and overwrite old ones"
setting at Packet Capture page 9. [Bug Fix] eITS#230100260
a. Fix: App Patrol signature failed to update if you use external update server. 10. [Bug Fix] eITS#230100530
a. Fix: GUI wording remove "Google Authenticator" for Guess user /Ext-user /Ext-group-user because MFA Google Authenticator only support Local User.
11. [Bug Fix] eITS#230100675 a. Fix: Enable "User" category in E-mail server 2 only but the E-mail server 2 still receives the same email logs as E-mail server 1.
12. [Bug Fix] eITS#230101190 a. Enhancement: Improve web-auth force auth redirect.
13. [Bug Fix] eITS#230200165 a. Fix: Reference incorrect for address object.
14. [Bug Fix] eITS#230300454 a. Fix: Stability issue for hotspot feature.
15. [Bug Fix] eITS#230300761 a. Fix: The device always uses the first IP of the local subnet to run connectivity check in VPN Phase 2.
16. [Bug Fix] eITS#230301073
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
23/151
www.zyxel.com
a. Fix: It shows "Your device is managed by nebula" in Initial Setup Wizard but the device is not registered on nebula.
17. [Bug Fix] eITS#230301243 a. Fix: On iOS, only one VPN profile can be installed. Once the new vpn profile is installed, the old one is overwritten.
18. [Bug Fix] eITS#230301453 a. Fix: The Device Insight page shows only 50 entries initially. The page displays the correct number of hosts after "Show Advanced Settings" is clicked.
19. [Bug Fix] eITS#230301541 a. Fix: After a pfx certificate is imported to "My Certificates", the existing certificates disappeared.
20. [Bug Fix] eITS#230400133 a. Fix: Device reboots unexpectedly.
21. [Bug Fix] eITS#230400136 a. Fix: Anti-Malware Threat Intelligence Machine Learning signature was stuck with the version 2017-12-11.
22. [Bug Fix] eITS#230400523 a. Fix: Site-to-site VPN can be established when authentication of one site is Pre-Shared Key and the remote site is certificate.
23. [Bug Fix] eITS#230400756 a. Fix: Visit an unrated web site and you receive UNRATED alert from firewall. After clicking on the button "Continue", you will see "Blocked".
24. [Bug Fix] eITS#230401085 a. Fix: AAA server ad profile always remains case-sensitive enabled after a reboot.
25. [Bug Fix] eITS#230401149 a. Fix: PCI compliance failure.
26. [Bug Fix] eITS#230401189 a. Fix: System name displays incompletely on IPSec Monitor page.
27. [Bug Fix] eITS#230401252 a. Fix: Wrong status of connectivity check of policy route rule when a routing rule with higher priority is deleted.
28. [Bug Fix] eITS#230401358 a. Fix: Apply configuration file failed.
29. [Bug Fix] eITS#230401397 a. Fix: App Patrol log messages show javascript.
30. [Bug Fix] eITS#230401486
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
24/151
www.zyxel.com
a. Fix: On USG20W-VPN, unable to modify SSID settings directly on this page by clicking "Edit".
31. [Bug Fix] eITS#230500682 a. Fix: HA Pro sync issue.
32. [Bug Fix] eITS#230500913 a. Fix: Session monitor service display issue when searching for service type.
33. [Bug Fix] eITS#230501004 a. Fix: Some local users cannot receive 2FA mail.
34. [Bug Fix] eITS#230501063 a. Fix: SecuManager rpc cannot get the device status.
35. [Bug Fix] eITS#230501341 a. Fix: Abnormal link change log.
36. [Bug Fix] eITS#230501549 a. Fix: Fail to apply configuration file when the device boots up.
37. [Bug Fix] eITS#230501570 a. Fix: IP Reputation and URL Threat Filter signatures cannot be updated when external update server is configured.
38. [Bug Fix] eITS#230600177 a. Fix: There is no user info in the Traffic Statistics. It shows IP address only without username.
39. [Bug Fix] eITS#230600769 a. Enhancement: Check local default certificate's integrity.
40. Common vulnerabilities and Exposures: ZLD5.37 Patch0 is no longer vulnerable to the following CVE References: CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVE-2023-34138 CVE-2023-34139
[On Cloud mode] 2. [ENHANCEMENT] VPN policy support DH Group 19, 20, 21 3. [Bug Fix] eITS#221201018
a. Fix: The client page shows two hosts with the same IP address for two different MAC addresses.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
25/151
www.zyxel.com
4. [Bug Fix] eITS#230100095 a. Fix: DNS address records are not resolved to the internal IP address.
5. [Bug Fix] eITS#230301050 a. Fix: L2TP VPN suddenly stopped working.
6. Common vulnerabilities and Exposures: ZLD5.37 Patch0 is no longer vulnerable to the following CVE References: CVE-2023-28767 CVE-2023-33011 CVE-2023-33012
[AP Controller] 2. [ENHANCEMENT] Update AP version to V6.55(.1) 3. [ENHANCEMENT] Korea country code can support 6GHz for WAX620D-6E and
WAX640S-6E 4. [ENHANCEMENT] DCS now enhancement 5. [ENHANCEMENT] APC now supports WAX300H new Access point 6. [ENHANCEMENT] APC now supports WAX655 wireless-bridge feature 7. [Feature Change] GUI warning message enhanced for Secure WiFi license
expired 8. Common vulnerabilities and Exposures:
ZLD5.37 Patch0 is no longer vulnerable to the following CVE References: CVE-2023-34140 CVE-2023-34141
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
26/151
www.zyxel.com
Features: V5.36(ABAR.2)C0
Modifications in V5.36(ABAR.2)C0 - 2023/05/24 [On Premises mode/On Cloud mode] 1. Common vulnerabilities and Exposures:
ZLD5.36 Patch2 is no longer vulnerable to the following CVE References: CVE-2023-33009 CVE-2023-33010
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
27/151
www.zyxel.com
Features: V5.36(ABAR.1)C0
Modifications in V5.36(ABAR.1)C0 - 2023/05/09 [On Premises mode] 1. [Bug Fix] eITS#230401495
Fix: If IKEv2 VPN with 2FA authentication is configured, it may cause device cease to function. a. Fix: IKEv2 initiator cause memory leak 2. [Bug Fix] eITS#230401438 a. The device does not send 2FA by email for VPN connections when Twofactor Authentication > VPN Access > User/Group > Selected User/Group contains user object.
[On Cloud mode] 1. [Bug Fix] eITS# 230401284
a. Fix: PPPoE failed to dial up if PPPoE account contains the character %.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
28/151
www.zyxel.com
Features: V5.36(ABAR.0)C0
Modifications in V5.36(ABAR.0)C0 - 2023/03/31 [On Premises mode] 1. [Feature Change] User Interface/Description change:
a. GUI remove "Note 1 register and get firmware notification" for firmware management page
b. GUI add "Note 2 try cloud-based Anti-Spam Cloud Email Security information" for service page
2. [Feature Change] Build-in WiFi APC initial wizard default radio profile change to 11ax
3. [Bug Fix] eITS#221000888 a. Fix: The device stops sending SMS via a SMS gateway after several days and also becomes unresponsive.
4. [Bug Fix] eITS#221201004 a. Fix: 2FA authorization mail receiver and mail content name are not identical.
5. [Bug Fix] eITS#221201009 a. Fix: SNMP get incorrect value after the interface is disconnected.
6. [Bug Fix] eITS#221201374 a. Fix: Customer can access port 8008 page even if 2FA for VPN access is not enabled.
7. [Bug Fix] eITS#230100962 a. Fix: Lots of message "An IP address conflict is detected at MAC 00:00:00:00:00:00" appear in the log.
8. [Bug Fix] eITS#230101199 a. Fix: The graph on dashboard and port statistics are not identical when the language is Russian.
9. [Bug Fix] eITS#230101534, 230101202 a. Fix: Unable to open default-group in Configuration > Wireless > AP Management > AP Group.
10. [Bug Fix] eITS#230200237 a. Fix: Nebula register QR code should be hidden when user uses limitedadmin.
11. [Bug Fix] eITS#230201027 a. Fix: Unable to see Remote AP VPN status in General > VPN Status on dashboard.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
29/151
www.zyxel.com
12. [Bug Fix] eITS#230201090 a. Fix: Unable to replace any interface IP and subnet with 192.168.5.1/24 on USG FLEX 50.
13. [Bug Fix] eITS#230201128 a. Fix: License sync failed in device HA Pro configuration sync process.
14. [Bug Fix] eITS#230201388 a. Fix: The 'Enable Two-factor Authentication' checkbox in VPN gateway gets disabled upon every reboot.
15. [Bug Fix] eITS#230300352 a. Fix: Password is transmitted in clear text in the trace log when HA is syncing.
16. [Bug Fix] eITS#230300393 a. Fix: Unable to open the authentication page https://lan IP:8008/2FAaccess.cgi when using 2FA with Google Authenticator.
17. [Bug Fix] eITS#230300453 a. Fix: If a backup configuration file is encrypted using special characters such as '%' or '+', the ZIP archive cannot be opened.
18. [Bug Fix] eITS#230300467 a. Fix: Getting error when trying to edit static DHCP table.
19. [Bug Fix] eITS#230300678 a. Fix: Abnormal amount of DHCP IP table.
20. [Bug Fix] eITS#230300846 b. Fix: Email security page displays red notification about license expired, but the email security service is already activated by bundle license.
21. Common vulnerabilities and Exposures: ZLD5.36 is no longer vulnerable to the following CVE References: CVE-2023-22913 CVE-2023-22914 CVE-2023-22915 CVE-2023-22916 CVE-2023-22917 CVE-2023-22918 CVE-2023-27990 CVE-2023-27991 CVE-2023-28771
[On Cloud mode]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
30/151
www.zyxel.com
1. [Bug Fix] eITS#230300025 a. Fix: SecuReporter stops working when the syslog server is set in NCC.
2. [Bug Fix] eITS#230300035 a. Fix: VPN disconnects unexpectedly. (sdwan_interface issue)
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
31/151
www.zyxel.com
Features: V5.35(ABAR.0)C0
Modifications in V5.35(ABAR.0)C0 - 2023/01/03 [On Premises mode] 1. [ENHANCEMENT] Configuration files download with password protection 2. [ENHANCEMENT] Custom DDNS support auto update when public IP changed 3. [ENHANCEMENT] Automatically update DDNS IP address at DDNS monitor
page 4. [ENHANCEMENT] System Log support DHCP IP conflict detection 5. [ENHANCEMENT] Support traffic log rotate on USB storage 6. [ENHANCEMENT] Support Sensitive Data Protection to protect management
password 7. [Feature Change] [eITS#220600529] Response Message remove customization
page layout change to default block page design. 8. [Feature Change] The default radio profile under AP controller in Wireless setup
wizard change from 11ac to 11ax 9. [Feature Change] Modify the wording at 5G Radio page:
a. Change the wording "Enable 5 GHz DFS Aware" to "Avoid 5 GHz DFS Channel"
10. [Bug Fix] eITS#221000888 / 221200149 a. Fix: The device stops sending SMS via a SMS gateway after several days and also becomes unresponsive.
11. [Bug Fix] eITS#221001336 a. Fix: In the policy route rule, select interface/gateway as the next hop and enable connectivity check. After you change the next hop from interface/gateway to trunk, connectivity check becomes greyed out but the previous connectivity check settings are still applied to the policy route rule.
12. [Bug Fix] eITS#221100576 a. Fix: USG FLEX 50 virtual device in the dashboard is incorrect
13. [Bug Fix] eITS# 221100935 a. Fix: Support fast recovery
14. [Bug Fix] eITS# 221101130 a. Fix: the boot up console warning message and SYS red light issue.
15. [Bug Fix] eITS# 221101139 a. Fix: Security policy is not working when 2FA is enabled
16. [Bug Fix] eITS#221101280
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
32/151
www.zyxel.com
a. Fix: NAT port forwarding data transfer rate is unstable 17. [Bug Fix] eITS#221101428
a. Fix: Since the device is upgraded to firmware to V5.32, the warning message "Unverified Firmware Installed" pops up in the dashboard.
18. [Bug Fix] eITS#221101628 / 220301602 a. Fix: USG FLEX unexpected reboot
19. [Bug Fix] eITS#221201009 a. Fix: SNMP get incorrect value after the interface is disconnected.
20. Common vulnerabilities and Exposures: ZLD5.35 is no longer vulnerable to the following CVE References: CVE-2022-38547 CVE-2022-40603
[On Cloud mode] 1. [ENHANCEMENT] Support captive portal logout via 6.6.6.6 2. [ENHANCEMENT] SecuReporter traffic log support client MAC address 3. [ENHANCEMENT] Event Log support DHCP IP conflict detection 4. [Bug Fix] eITS#221000144
a. Fix: CPU and memory usage don't display in Monitor > Firewall > Status. Event log is also empty.
5. [Bug Fix] eITS#221000422 a. Fix: WiFi clients have no internet access due to IPS customized signatures that are created in the previous on-premises mode.
6. [Bug Fix] eITS#221100122 a. Fix: USG FLEX becomes offline on Nebula when the number of Firewall clients exceed 2048.
7. [Bug Fix] eITS#221200797 a. Fix: In the Monitor > Clients > Firewall page only the clients connected to lan1 will be displayed and the clients connected to other ports such as SFP port will not be displayed.
[AP Controller] 1. [ENHANCEMENT] Update AP images V6.45(.0) 2. [ENHANCEMENT] DCS Client Aware default setting changed to disable. 3. [ENHANCEMENT] DFS channel behavior enhance for better UX.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
33/151
www.zyxel.com
4. [ENHANCEMENT] APC changed multicast to unicast default setting. 5. [ENHANCEMENT] Refine default AMPDU size. 6. [ENHANCEMENT] Support WiFi6E settings on APC. 7. [ENHANCEMENT] Support WAX655E Ethernet setting. 8. [ENHANCEMENT] Hostname supported in wireless station info. 9. [ENHANCEMENT] CAPWAP online/offline does not kick STA. 10. [ENHANCEMENT] Top-N supports 6GHz radio information. 11. [ENHANCEMENT] ZLD 5.3x APC fully support WiFi6E AP. 12. [ENHANCEMENT] ZyMesh support WiFi 6E (6GHz).
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
34/151
www.zyxel.com
Features: V5.32(ABAR.0)C0
Modifications in V5.32(ABAR.0)C0 - 2022/10/04 [On Premises mode] 1. [ENHANCEMENT] USG FLEX support DNS Threat Filter, IP Reputation and
Sandboxing with Gold Security Pack 2. [ENHANCEMENT] Support System Protection and signature update 3. [ENHANCEMENT] ZLD firmware integrity 4. [ENHANCEMENT][eITS#200700296, 220700648] When DNS TTL of FQDN object
for destination IP timeout, the video stream will lag 5. [ENHANCEMENT][eITS#220701026] 2FA window should pop up before
password change window pops up 6. [ENHANCEMENT] User Interface/Description change:
a. Refine SecuReporter Premium to standard license for consistency b. Adjust SecuReporter banner in device GUI more user friendly c. Update Note information in the bottom at Configuration service page 7. [Feature Change] Change CDR Malware detected default occurrence value from 2 to 5 8. [Bug Fix] eITS#220101543 a. Fix: IKEv2 with pre-shared key on Samsung mobile phone (Android 12)
cannot be connected. 9. [Bug Fix] eITS#220600781
a. Fix: NAT forward to DMZ not working 10. [Bug Fix] eITS#220601116
a. Fix: Multiple DH issue in IKEv2 connection 11. [Bug Fix] eITS#200601255 / 220700030
a. Fix: After Device HA failover, clients in vlan subnet have no interface access
12. [Bug Fix] eITS#220700735 a. Fix: Configuration in HTTPS Admin Service Control is not working.
13. [Bug Fix] eITS#220700760 a. Fix: Specific object name causes device to roll back to lastgood configuration file.
14. [Bug Fix] eITS#220700981 a. Fix: Second wan connection issue with wan trunk.
15. [Bug Fix] eITS#220700986 a. Fix: Renaming object name causes object name display issue on web GUI
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
35/151
www.zyxel.com
16. [Bug Fix] eITS#220701020 a. Fix: SSL VPN client for macOS is not connected if HTTPS port and SSL VPN server port are not identical.
17. [Bug Fix] eITS#220701048 a. Fix: Duplicate host name display issue on DHCP table
18. [Bug Fix] eITS#220701078 a. Fix: URL threat filter signature is not updated to the latest version.
19. [Bug Fix] eITS#220701082 a. Fix: 2FA authentication via mail is not working on AD users.
20. [Bug Fix] eITS#220800169 a. Fix: DNS threat filter category query issue
21. [Bug Fix] eITS#220800428 a. Fix: Schedule Backup doesn't work with complex password
22. [Bug Fix] eITS#220800881 a. Fix: SSL VPN is not connected with LDAP authentication
23. [Bug Fix] eITS#220800994 a. Fix: Device doesn't follow the schedule in Auto Update to update signature version.
24. [Bug Fix] eITS#220801346 a. Fix: Unable to see Firewall's event log and topology on nebula
25. [Bug Fix] eITS#220900270 a. Fix: When invalid NAT rule is configured (port mapping type: ports, start port 1 and end port 65535), the browser pops up weird message.
26. [Bug Fix] eITS#220900336 a. Fix: The command "debug system show conntrack" is not allowed.
27. [Vulnerability Fix] Zyxel-SI-1430 Fix XSS (Cross Site Scripting) vulnerability
[On Cloud mode] 1. [ENHANCEMENT] USG FLEX support DNS Threat Filter, IP Reputation and
Sandboxing with Gold Security Pack 2. [ENHANCEMENT] In Hub and spoke VPN topology, the Hub VPN gateway will
be a responder role during IKE negotiation 3. [ENHANCEMENT] Support DDNS peer address for non-Nebula Site2site VPN 4. [ENHANCEMENT] Live tool ping check support "Auto" interface 5. [ENHANCEMENT] Support TIML signature update
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
36/151
www.zyxel.com
6. [ENHANCEMENT] Support System Protection and signature update 7. [Bug Fix] eITS#220700128
b. Fix: The static route on nebula firewall to the peer site Microsoft Azure is not working anymore once the peer site Microsoft Azure VPN disconnects.
[AP Controller] 1. [ENHANCEMENT] Update AP images V6.40(.6)
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
37/151
www.zyxel.com
Features: V5.31(ABAR.0)C0
Modifications in V5.31(ABAR.0)C0 - 2022/07/05 [On Premises mode] 1. [ENHANCEMENT] In the initial setup stage to detect LAN subnet if conflict with
192.168.1.1 then auto change to 192.168.10.1 redirect to myrouter.local 2. [ENHANCEMENT] Login Users table add Created Date column as same as User
Object 3. [ENHANCEMENT] Device GUI add Astra cloud portal URL 4. [ENHANCEMENT] [eITS#211100981] Email Security Blocklist add i-note
information 5. [ENHANCEMENT] [eITS#220101060, 220101420, 220200439] Enhanced the
information in the CDR logs 6. [ENHANCEMENT] [eITS#220500069] Monitor > Log > View Log > "Email Log Now"
error message is not clear to us 7. [Feature Change] USG FLEX100 and USG FLEX 100W max. VPN tunnels number
upgrade to 50 8. [Feature Change] SSO feature enter maintenance mode and end of software
service. 9. [Bug Fix] eITS#211200767
a. Fix: Incorrect SSL VPN dashboard statistics information 10. [Bug Fix] eITS#220100656
a. USG FLEX 200 / DNS Content filter functional Issue 11. [Bug Fix] eITS#220101259
a. Fix: IP malfunctioning when the VLAN wan interface is configured with specific subnet mask
12. [Bug Fix] eITS#220200044 a. Fix: Error message when visiting Sandboxing page.
13. [Bug Fix] eITS#220300054 a. Fix: Virtual Server LB disconnected issue
14. [Bug Fix] eITS#220400122 a. Fix: Address Object manipulation issue
15. [Bug Fix] eITS#220400688 a. Fix: Malfunctioning on IPSec Connectivity check button
16. [Bug Fix] eITS#220400957 a. Fix: Incorrect wireless monitoring data
17. [Bug Fix] eITS#220401137
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
38/151
www.zyxel.com
a. Fix: DNSBL malfunctioning issue 18. [Bug Fix] eITS#220401321
a. Fix: Wildcard FQDN object issue which may affect the system stability 19. [Bug Fix] eITS#220500188
a. Fix: Packet forwarding issue on Trunk interface 20. [Bug Fix] eITS#220500690
a. Fix: SSLVPN service port keeps using the original port after manually customized it
21. [Bug Fix] eITS#220500701 a. Fix: GUI information correction
22. [Bug Fix] eITS#220500751 a. Fix: SSLVPN connectivity issue
23. [Bug Fix] eITS#220500939 a. Fix: DHCP service stability issue
24. [Bug Fix] eITS#220501025 a. Fix: AAA radius COA will be turned on after firmware update to V5.30
25. [Bug Fix] eITS#220501052 a. Fix: VPN connectivity issue between Nebula and Non-Nebula VPN gateways
26. [Bug Fix] eITS#220501182 a. Fix: VPN wizard malfunctioning issue
27. [Bug Fix] eITS#220501267 a. Fix: Incorrect dashboard Virtual device Rear Panel wlan led status
28. [Bug Fix] eITS#220501309 a. Fix: Static DHCP table importing issue
29. [Bug Fix] eITS#220600336 a. Fix: Device stability enhancement
30. [Bug Fix] eITS#220600447 a. Fix: What's new notification in the GUI malfunctioning.
31. [Bug Fix] eITS#220600465 a. Fix: DHCP service stability issue
32. Common vulnerabilities and Exposures: a. Local privilege escalation vulnerability fix (CVE-2022-30526) b. Authenticated directory traversal vulnerability fix (CVE-2022-2030) c. Security update of OpenSSL package (CVE-2022-0778)
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
39/151
www.zyxel.com
[On Cloud mode] 1. [ENHANCEMENT] In the initial setup stage to detect LAN subnet if conflict with
192.168.1.1 then auto change to 192.168.10.1 redirect to myrouter.local 2. [ENHANCEMENT] Support access SNMP service from WAN interface 3. [Bug Fix] eITS#220200349
a. Fix: Microsoft AD authentication not work 4. [Bug Fix] eITS#220301020
a. Fix: BWM functional issue on USG FLEX 50(W) when the device is managed by NCC
5. [Bug Fix] eITS#220500277 a. Fix: Google Authentication Bypass
6. [Bug Fix] eITS#220600408 a. Fix: Nebula bwm cannot work on ftp active mode.
[AP Controller] 1. [ENHANCEMENT] Update AP images V6.30(.4) 2. [ENHANCEMENT] AP can connect to passive APC immediately
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
40/151
www.zyxel.com
Features: V5.30(ABAR.0)C0
Modifications in V5.30(ABAR.0)C0 - 2022/04/20 [On Premises mode] 1. [ENHANCEMENT] Support DNS Threat Filter DoH and DoT blocking for ATP series. 2. [ENHANCEMENT] eITS#211101424
Extends the maximum blocking periods of rate based IPS signatures. 3. [ENHANCEMENT] Remote Access VPN Wizard for SecuExtender IPsec VPN
supports Multiple DH Group. 4. [ENHANCEMENT] Support Multi-Language update mechanism 5. [ENHANCEMENT] User Interface/Description enhancements:
a. Fine tune reboot message at firmware upgrade page b. Add License transfer notification for Device HA scenario c. eITS#220101135: Fine tune Remote Access VPN Wizard descriptions 6. [ENHANCEMENT] eITS#211100100
Prevent misconfiguration when enable mode configure in L2TP VPN rules. 7. [Bug Fix] eITS#211000711
a. Fix: Abnormal memory usage issue 8. [Bug Fix] eITS#211101507
a. Fix: Log information adjustment 9. [Bug Fix] eITS#211200301
a. Fix: WeChat file transfer may be affected by Content Filter 10. [Bug Fix] eITS#211200520
a. Fix: LAN interface subnet mask settings cannot be modified 11. [Bug Fix] eITS#211200767
a. Fix: VPN dashboard statistics displaying issue 12. [Bug Fix] eITS#211201047
a. Abnormal memory usage leads to firewall stability issue 13. [Bug Fix] eITS#211227250
a. Fix: Throughput enhancement when URL Threat filter is enabled 14. [Bug Fix] eITS#220100445
a. Fix: Logs to USB storage malfunctioning after device rebooting 15. [Bug Fix] eITS#220100448
a. Fix: Device stability issue due to Wildcard FQDN group implementation 16. [Bug Fix] eITS#220100565
a. Fix: Stability issue caused by device insight operations 17. [Bug Fix] eITS#220100644
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
41/151
www.zyxel.com
a. Fix: Abnormal CPU usage 18. [Bug Fix] eITS#220101039
a. Fix: Wording modification 19. [Bug Fix] eITS#220101098
a. Fix: USG20(W)-VPN/USG FLEX 50(W) configuration backward compatibility issue
20. [Bug Fix] eITS#220200348 a. Fix: 2FA mechanism
21. [Bug Fix] eITS#220200412 a. Fix: Russian GUI issue
22. [Bug Fix] eITS#220200468 a. Fix: In GUI displaying issue on VPN monitoring page
23. [Bug Fix] eITS#220200487 a. Fix: When the admin limit was set to "1", the password can't be changed when it was expired
24. [Bug Fix] eITS#220200501 a. Fix: Log category adjustment
25. [Bug Fix] eITS#220200553 a. Fix: Can not ping via LAG IPv6 interface
26. [Bug Fix] eITS#220201162 a. Fix: Wifi client layer 2 packets forwarding issue when deploying LAG+VLAN interface with managed AP running on tunnel mode
27. [Bug Fix] eITS#220301001 a. Fix: Cloud Firmware update issue in device HA scenario
28. [Bug Fix] eITS#220301252 a. Event log wording correction
29. [Bug Fix] eITS#220400118 a. Fix: Device HA Pro synchronization issue with specific setting conditions.
30. [Bug Fix] eITS#220400247 a. Fix: Incomplete 2FA SMS message issue
31. [Bug Fix] eITS#220201115 a. Fix: Windows IKEv2 VPN connection issue.
32. [Bug Fix] eITS#211100603 a. Fix: CNC reboot command can't trigger the device rebooting.
33. Common vulnerabilities and Exposures: ZLD5.21 is no longer vulnerable to the following CVE References: CVE-2022-0342
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
42/151
www.zyxel.com
[On Cloud mode] 1. [Bug Fix] eITS#211101707
a. Fix: turn of unnecessary NCC query when the device is running in "onpremises" mode
2. [Bug Fix] eITS#220100087 a. Fix: The diaginfo file cannot be opened from nebula debug local gui
3. [Bug Fix] eITS#220100357 a. Fix: Incorrect WAN setting detection mechanism
4. [Bug Fix] eITS#220100368 a. Fix: Device overload when users log into debug local gui.
5. [Bug Fix] eITS#220100519 a. Fix: Captive Portal may overloading and delay when multiple users trying to login concurrently
6. [Bug Fix] eITS#220100817 a. Fix: Some VPN tunnels may not be established automatically in large Huband-Spoke scale topology
7. [Bug Fix] eITS#220101549 a. Fix: Traffic can't passthrough the established VPN tunnel occasionally due to applied incomplete VTI settings
8. [Bug Fix] eITS#220300971 a. Fix: 1:1 NAT functional issue
[AP Controller] N/A
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
43/151
www.zyxel.com
Features: V5.21(ABAR.1)E1
Modifications in V5.21(ABAR.1)E1 - 2022/03/22 [On Premises mode]
N/A
[On Cloud mode] 1. [Bug Fix]
a. Fix: USG20-VPN/USG20W-VPN Firmware upgrade issue.
[AP Controller] N/A
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
44/151
www.zyxel.com
Features: V5.21(ABAR.1)C0
Modifications in V5.21(ABAR.1)C0 - 2022/03/15 [On Premises mode]
N/A
[On Cloud mode] 1. [Bug Fix] eITS#220100368
a. Fix CPU abnormal loading issue 2. [Bug Fix]
a. Fix: A parsing error in Application signature v1.0.0.20220310.0 that may drive an error condition led to connective disruption.
[AP Controller] N/A
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
45/151
www.zyxel.com
Features: V5.21(ABAR.0)C0
Modifications in V5.21(ABAR.0)C0 - 2022/02/27 [On Premises mode] 1. [Vulnerability Fix]
Fix an authentication bypass vulnerability in the CGI program 2. [Vulnerability Fix]
Fix XSS (Cross Site Scripting) vulnerability
[On Cloud mode] N/A
[AP Controller] N/A
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
46/151
www.zyxel.com
Features: V5.20(ABAR.0)C0
Modifications in V5.20(ABAR.0)C0 - 2022/01/05 [On Premises mode] 1. [ENHANCEMENT] eITS#201201325
a. Adjust the Content Filter Log Level of Blocked/Warned web sites. 2. [ENHANCEMENT] Device Insight enhancement:
a. Allows user remove selected device client in the table. b. Check and display SecuExtender IPSec VPN Client online status. c. Change "Download" button to "Feedback" and support online feedback
the client device information. 3. [ENHANCEMENT] eITS#210101201
a. IKEv2 and Active Directory Users setting update. 4. [ENHANCEMENT] eITS#180900304, 180801037
a. Support VPN multiple Diffie Hellman groups. 5. [ENHANCEMENT] Support 2FA VPN access using Google Authenticator. 6. [ENHANCEMENT] Remote Access VPN Wizard of Zyxel SecuExtender VPN Client
(IPSec VPN) supports configure provisioning of: a. Native iOS / MacOS IKEv2 client. b. Windows IKEv2 client. c. Android IKEv2 client. (StrongSwan) 7. [ENHANCEMENT] Support One-click change to Nebula Mode a. Configuration menu tree: Change "Cloud CNM" to "Mgmt. & Analytics" b. Add "Nebula" User Interface 8. [ENHANCEMENT] SNMP MIB support: a. Shutdown device and turn off SYS LED. (eITS#210200993) b. License Service remaining days read by SNMP. (eITS#190200257) 9. [ENHANCEMENT] USG20(W)-VPN rename to USG FLEX 50(W). 10. [Bug Fix] eITS#210701694 a. Fix: Anti-Malware functional issue when scanning specific file format. 11. [Bug Fix] eITS#200900300 a. Fix: System stability issue 12. [Bug Fix] eITS#201101282 a. Fix: BWM rules malfunction after device rebooting 13. [Bug Fix] eITS#201211231 a. Fix: System stability issue 14. [Bug Fix] eITS#210700119
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
47/151
www.zyxel.com
a. Fix: IPv6 routing issue 15. [Bug Fix] eITS#210800257
a. Fix: L2TP VPN connecting issue 16. [Bug Fix] eITS#210800467
a. Fix: BWM functional issue 17. [Bug Fix] eITS#210900158
a. Fix: Device HA synchronization issue in specific condition 18. [Bug Fix] eITS#210900208
a. Fix: VPN may have connection issue after WAN trunk failover 19. [Bug Fix] eITS#210900589
a. Fix: Routing trace functional issue 20. [Bug Fix] eITS#210800467
a. Fix: BWM functional issue 21. [Bug Fix] eITS#210900805
a. Fix: The ReadMe.txt included in the certificate package should be ignored when calculating the certificate.
22. [Bug Fix] eITS#210901135 a. Fix: VApp Patrol display error message
23. [Bug Fix] eITS#210901142 a. Fix: Config backup sends mail every day, but no configuration change
24. [Bug Fix] eITS#210901150 a. Fix: SecuReporter connecting issue
25. [Bug Fix] eITS#210901248 a. Fix: WAN interface will not restart process after receiving DHCP-NAK.
26. [Bug Fix] eITS#210901260 a. Fix: Secure wifi feature may affect LAN users' network access
27. [Bug Fix] eITS#211000225 a. Fix: Resetted device GUI won't go through the initial witzard when the it is located in specific regions
28. [Bug Fix] eITS#211000428 a. Fix: ADP blocked specific traffic incorrectly
29. [Bug Fix] eITS#211000613 a. Fix: Enhancement: Improved the security mechanism in token handling
30. [Bug Fix] eITS#211000656 a. Fix: DDNS functional issue when multiple WAN are configured in specific way
31. [Bug Fix] eITS#211000763
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
48/151
www.zyxel.com
a. Fix: Device stability issue when IPS is enabled 32. [Bug Fix] eITS#211000798
a. Fix: IDP static GUI displaying issue 33. [Bug Fix] eITS#211001019
a. Fix: SSL VPN authentication issue when using numbers as username 34. [Bug Fix] eITS#211001461
a. Fix: Reset button may malfunction occasionally 35. [Bug Fix] eITS#211100195
a. Fix: Enhance: IP Reputation detection mechanism enhancement 36. [Bug Fix] eITS#211100198
a. Fix: Device Insight table displaying issue 37. [Bug Fix] eITS#211000455 / 211000666
a. Fix: When there's an account named "support", the config will rollback to default after upgrading the firmware to 5.10
38. [Bug Fix] eITS#211101344 a. Fix: Improvement: CPU optimization
39. [Bug Fix] eITS#211100613 a. Fix: L2TP VPN authentication issue
40. [Bug Fix] eITS#211100799 a. Fix: App Patrol application name sorting issue
41. [Bug Fix] eITS#211000701 a. Fix: MAC filter profile operation issue
42. [Bug Fix] eITS#211100512 a. Fix: Device Insight incorrect license information issue
43. [Bug Fix] eITS#211100870 a. Fix: Billing quota traffic displaying issue
44. [Bug Fix] eITS#211000455 a. Fix: Configuration file applying issue when upgrading the firmware
45. [Bug Fix] eITS#211101148 a. Fix: "IP/MAC Binding"
46. [Bug Fix] eITS#211100916 a. Fix: L2TP VPN authentication issue
47. [Bug Fix] eITS#211101070 a. Fix: Static DHCP table import issue
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
49/151
www.zyxel.com
[On Cloud mode] 1. [ENHANCEMENT] Support MSChapv2 authentication for external Active
Director Server. 2. [ENHANCEMENT] Nebula Portal and local GUI support to configure PPPoE
Authentication Type, static IP, and MTU settings. 3. [ENHANCEMENT] Support Campus AP. 4. [ENHANCEMENT] Support "User group" in the Security Policy. 5. [ENHANCEMENT] Support sending traffic log to SecuReporter with Nebula Pro
Pack License. 6. [ENHANCEMENT] Local GUI support QR code to register device to Nebula by
Nebula Mobile app. 7. [ENHANCEMENT] Local GUI Device Information page enhance. 8. [ENHANCEMENT] Nebula Ticket#211000318
a. Add the signature etag to detect signature version. 9. [Feature Change] Remove periodically system information log. 10. [Feature Change] Disable "Redirect HTTP to HTTPs" by default. 11. [Bug Fix] eITS#210900194
a. Fix: A record malfunction when device running on cloud mode 12. [Bug Fix] eITS#211000191
a. Fix: L2TP VPN connecting issue 13. [Bug Fix] eITS#211100218
a. Fix: Device stability issue 14. [Bug Fix] eITS#211100628
a. Fix: PPPoE connection issue when username has special character 15. [Bug Fix] eITS#211100502
a. Fix: Captive Portal authentication issue
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
50/151
www.zyxel.com
Features: V5.10(ABAR.0)C0
Modifications in V5.10(ABAR.0)C0 - 2021/09/28 [On Premises mode] 1. [ENHANCEMENT] DNS Content Filter support. 2. [ENHANCEMENT] Support BWM setting in Remote Access IPsec VPN
Configuration Provisioning with SecuExtender IPSec VPN Client. 3. [ENHANCEMENT] Remote Access VPN Wizard add bandwidth limit
configuration. 4. [ENHANCEMENT] Support 2FA on IPsec per IKE rule. 5. [ENHANCEMENT] Remote Access VPN Log add user login/logout information. 6. [ENHANCEMENT] Add "user info" at IPsec Monitoring page. 7. [ENHANCEMENT] Add one more check address for VPN connectivity check. 8. [ENHANCEMENT] Initial Setup Wizard support Nebula mode choice. 9. [ENHANCEMENT] Device Insight support.
a. Role-based Access Policy by user/device contextual. b. Device Insight monitoring. 10. [ENHANCEMENT] Black/White list rename to Block/Allow list. 11. [ENHANCEMENT] Add security policy name in Content Filter log. 12. [ENHANCEMENT] Content Filter command line support TTL configuration. 13. [ENHANCEMENT] Support CLI to disable weak cipher for SSH/HTTP service. 14. [ENHANCEMENT] Support advance option to prevent SNMP 'GETBULK' Reflection DDoS. 15. [ENHANCEMENT] eITS#210600320, 210701277 a. FTP upgrade to TLSv1.2. b. Add option for Strict-Transport-Security http header. c. Add option for X-XSS-Protection http header. 16. [ENHANCEMENT] eITS#210100688 Strength password in web form mechanism. 17. [ENHANCEMENT] New DHCP table import and export. 18. [ENHANCEMENT] SSH support RADIUS with admin privilege login. 19. [ENHANCEMENT] SNMP management enhancement a. eITS#191000637
CPU average core usage and loading. 20. [ENHANCEMENT] Traffic log add NAT translated IP & Port information 21. [ENHANCEMENT] Web UI enhancement/ changes:
a. System default initial wizard change to Expert Mode. b. USG20(W)-VPN support built-in AP.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
51/151
www.zyxel.com
c. Login page support multi-language selection. d. New intuitive UI style. e. Add Cloud Email Security (CES) entry link at Anti-Spam page. f. Captive portal mobile view add renew lease time button (eITS#210600516) 22. [ENHANCEMENT] eITS#210200687, 140101485 a. Support special characters (+ symbol) in the E-mail field. 23. [Bug Fix] eITS#201000214 a. Fix: IPv6 gateway may miss incidently. 24. [Bug Fix] eITS#201200826 a. Fix: Configuration applying failed occasionally. 25. [Bug Fix] eITS# 210200627 a. Fix: MSTP packet will be blocked incorrectly. 26. [Bug Fix] eITS# 210200863 a. Enhance: HA Pro fail-over mechanism enhancement. 27. [Bug Fix] eITS# 210300954 a. Enhance: Support "=" special character in the Anti-Spam tag header. 28. [Bug Fix] eITS# 210301092 a. Fix: L2TP may not be able to connect in rarely case. 29. [Bug Fix] eITS#210301178 a. Fix: When the Connectivity Check remote host was down, the
Connectivity Check will keep probing on it and consumes the limited session. 30. [Bug Fix] eITS#210301272 a. Fix: Can not add new interface into the bridge interface when there is a virtual interface in it. 31. [Bug Fix] eITS#210301305 a. Fix: Wording correction. 32. [Bug Fix] eITS#210301528 a. Fix: Facebook Wifi malfunctioning. 33. [Bug Fix] eITS#210301549 a. Fix: Session Monitor some field cannot sorting. 34. [Bug Fix] eITS#210400219 a. Fix: Can not change from EZ mode to Expert mode when some attributes are included in the external RADIUS server. 35. [Bug Fix] eITS#210400228 a. Fix: When adding the VLAN setting on LAG port, user needs to reboot the Devices to let this setting take effect
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
52/151
www.zyxel.com
36. [Bug Fix] eITS#210400817 a. Fix: Wrong file extension name on the exported certificate.
37. [Bug Fix] eITS#210400868 a. Fix: Stability enhancement.
38. [Bug Fix] eITS#210401330 a. Fix: IKE issue when using 3rd party authorized certificate.
39. [Bug Fix] eITS#210501373 a. Fix: NAT mapping issue.
40. [Bug Fix] eITS#210600462 a. Fix: Routing issue when interface goes down and recovered.
41. [Bug Fix] eITS# 210601917 a. Fix: Windows built-in IKEv2 VPN connection issue.
42. [Bug Fix] eITS# 210700565 a. Fix:2FA page did not change to the user assigned certificate.
43. [Bug Fix] eITS#210700587 a. Change: Removed web ssl application to reduce the external surfing risk.
44. [Bug Fix] eITS#210700589 a. Fix: HTTPS /SSLVPN service port changing issue.
45. [Bug Fix] eITS#210700708 a. Fix: GUI display issue.
46. [Bug Fix] eITS#210700957 a. Fix: SSH service malfunctioning.
47. [Bug Fix] eITS#210701634 a. Fix: The direct traffic will be affected by policy route.
48. [Bug Fix] eITS#210701916 a. Fix: Admin Service Control mechanism improvement.
49. [Bug Fix] eITS#210701928 a. Fix: Limited Administrator Users Cannot Open Online Help by Clicking Help Button at Top of Web GUI Windows.
50. [Bug Fix] eITS#210800069 a. Fix: GUI display issue in Russian.
51. [Bug Fix] eITS#210800203 a. Fix: Login password complexity issue
52. [Bug Fix] eITS#210800397 a. Fix: 2FA VPN Authentication page vulnerability
53. [Bug Fix] eITS#210800854 a. Fix: Support Username with "DOT" character in security policy filter
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
53/151
www.zyxel.com
54. [Bug Fix] eITS#210801237 a. Fix: USG FLEX series GUI display issue
55. [Bug Fix] eITS#190200518, 210200133 a. Fix: LAN packets leaks to WAN interface and leads to SIP registration issue.
56. [Bug Fix] eITS#210200573, 210200579 a. Fix: Video streaming packet dropping issue.
57. [Bug Fix] eITS#210500498, 210500611 a. Fix: Stability issue.
58. [Bug Fix] eITS#210600320, 210701277 a. Enhancement: 1. Change TLSv1.0 to TLSv1.2 on FTP service 2. X-Content-Type-Options supported 3. DNS service enhancement to improve the security protection 4. Support X-XSS-Protection.
[On Cloud mode] 1. [ENHANCEMENT] USG20(W)-VPN Support Nebula management.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
54/151
www.zyxel.com
Features: V4.65(ABAR.1)C0
Modifications in V4.65(ABAR.1)C0 - 2021/08/11 1. [ENHANCEMENT] User page enhancement.
a. Separate Local Administrator and User in different tables. b. Local Administrator account table add Create Date, Password Last
change and Password Expired Date information. 2. [ENHANCEMENT] Security Check enhancement.
a. Security Policy page add warning message and button to Security Check configuration page when security risk detected.
3. [ENHANCEMENT] USG and ZyWALL series remove SSLVPN proxy mode and limit SSLVPN port access.
4. [ENHANCEMENT] Isolate the service port of Zyxel SecuExtender IPSec VPN Client provisioning service.
5. [Vulnerability Fix] eITS#210800397 a. Fix: 2FA VPN Authorization email link is vulnerable to XSS injection.
6. [Bug Fix] eITS#210700565 a. Fix: 2FA page did not change to the customized certificate issue.
7. [Bug Fix] eITS#210700589 a. Fix: SSLVPN Port changing malfunctioning.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
55/151
www.zyxel.com
Features: V4.65(ABAR.0)C0
Modifications in V4.65(ABAR.0)C0 - 2021/07/04 1. [Vulnerblilty Fix] Authentication bypass vulnerability (CVE-2021-35029). 2. [ENHANCEMENT] Privileged accounts password change reminder. 3. [ENHANCEMENT] Support configurable 2FA service port. 4. [ENHANCEMENT] Disable HTTP port automatically while allowing WAN
management in security check wizard. 5. [ENHANCEMENT] Enhance admin-type user change logs to alert level. 6. [Bug Fix]
c. Fix: Refine service port warning message in security check wizard.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
56/151
www.zyxel.com
Features: V4.64(ABAR.0)C0
Modifications in V4.64(ABAR.0)C0 - 2021/06/26 1. [ENHANCEMENT] The new Initial Setup Wizard will facilitate user to enforce
security policies against access to the web management interface and SSL VPN service (from the Internet). 2. [ENHANCEMENT] Add Security Policy Check to spot out misconfiguration of security policies via pop-up window. 3. [ENHANCEMENT] Add configuration change log of user object. 4. [ENHANCEMENT] To strengthen security access under Covid19 pandemic, given GeoIP feature by default on all devices. 5. [ENHANCEMENT] Support SSL VPN service port configurable.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
57/151
www.zyxel.com
Features: V4.63(ABAR.0)C0
Modifications in V4.63(ABAR.0)C0 - 2021/05/21 1. [ENHANCEMENT] eITS#210300954
a. Anti-Spam email header support character "=". 2. [Vulnerability Fix] [CVE-2020-1971]
a. Fix: OpenSSL Vulnerability. 3. [Vulnerability Fix] [CVE-2016-2776]
a. Fix: Assertion Failure in buffer.c While Building Responses to a Specifically Constructed Request.
4. [Vulnerability Fix] Add sanity check on CRLF to prevent cross-site scripting attack. (Acknowledgement Soter IT Security)
5. [BUG FIX] eITS#200801449 a. Fix: Content Filter malfunctioning occasionally.
6. [BUG FIX] eITS#201001362 a. Fix: Policy route malfunctioning in specific conditions.
7. [BUG FIX] eITS#210100807 a. Fix: When add new MAC address profile, the GUI will pop-up error.
8. [BUG FIX] eITS#210101017 a. Fix: UTM Cloud Query function may lead to abnormal memory usage
9. [BUG FIX] eITS#210101673 a. Fix: Cannot set the lifetime value to 1 year on the certificates.
10. [BUG FIX] eITS#210200733 a. Fix: Email security functional issue.
11. [BUG FIX] eITS#210300997 a. Enhancement: Renewed the DNS server database in the system.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
58/151
www.zyxel.com
Features: V4.62(ABAR.0)C0
Modifications in V4.62(ABAR.0)C0 - 2021/01/19 1. [Vulnerability Fix] Potential Remote Code Execution vulnerability. 2. [Vulnerability Fix] Buffer Overflow vulnerability
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
59/151
www.zyxel.com
Features: V4.60(ABAR.1)C0
Modifications in V4.60(ABAR.1)C0 - 2020/12/02 1. [ENHANCEMENT] Enhanced HA Pro reliability. 2. [BUG FIX][CVE-2020-29583]
a. Vulnerability fix for undocumented user account. 3. [BUG FIX] eITS#201000455
a. Fixed Port Zone Assignment issue. 4. [BUG FIX] eITS#201100284, 201100639, 201100647
a. Fixed GUI show up issue when editing interfaces. 5. [BUG FIX] eITS#201100338
a. Mouseover popup information adjustment. 6. [BUG FIX] eITS#201100416, 201100564
a. Stability improvement. 7. [BUG FIX] eITS#201100511, 201100661, 201100730, 201101210, 201101248
a. Fixed the issue that DNS packets cannot passthrough VPN tunnel.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
60/151
www.zyxel.com
Features: V4.60(ABAR.0)C0
Modifications in V4.60(ABAR.0)C0 - 2020/10/21 1. [ENHANCEMENT] SSL Inspection enhancement
a. Support TLS1.3 b. Support ECDSA certificate generation c. Performance enhancement 2. [ENHANCEMENT] Support customized block page of Content Filtering and URL Threat Filter at Notification > Response Message. 3. [ENHANCEMENT] Move Content Filtering HTTPs Domain Filter port setting for Block/Warning page from System/WWW to Content Filtering/General settings. 4. [ENHANCEMENT] Support IDP and Application Patrol signature information query at OneSecurity Threat Intelligence web site. 5. [ENHANCEMENT] Cloud CNM SecuReporter new add Application Statistic category. 6. [ENHANCEMENT] [Secure Policy] CLI command support update firewall rule by rule name. 7. [ENHANCEMENT] System GUI HTTPs service security enhancement a. Support TLS 1.3 b. TLS 1.0/1.1 disabled by default c. Weak chipper DES is deprecated 8. [ENHANCEMENT] System FTPs service security enhancement a. Weak cipher RC4/3DES disabled by default b. Support CLI to enable 3DES/RC4 cipher 9. [ENHANCEMENT] System SNMP service security enhancement a. SNMP service disable by default b. Remove default Get/Set Community string c. Support CLI to disable SNMPv1(eITS#190800258) Note: If you never change the default value of Get/Set Community string. After upgrade to 4.60, the value will be reset (as 4.60 default). You need to configure the Community string if you want to enable SNMP. 10. [ENHANCEMENT] Support Google Authenticator two-factor authentication for administrator access. 11. [ENHANCEMENT] Support send configuration by Email 12. [ENHANCEMENT] Support Scheduling Auto configuration backup and send via Email.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
61/151
www.zyxel.com
13. [ENHANCEMENT] Support Scheduling Reboot function. 14. [ENHANCEMENT] Support LAG feature for USG2200 15. [ENHANCEMENT] [USG60W / USG60 / USG40W / USG40 / USG20W-VPN / USG20-
VPN] Support Fast Forwarding 16. [ENHANCEMENT] Support Remote Access VPN Wizard for easy VPN client
configuration. 17. [ENHANCEMENT][IPsec VPN] Support Diffie-Hellman Groups 19/20/21. 18. [ENHANCEMENT] APC upgrade to V3.60 support new features and 11ax AP.
a. WPA3 enhancement. b. AP Log message enhance for Kick station enhancement of sticky clients c. Diagnostic enhancement for technical support. d. WAX510D and WAX650S AP support. e. Support wireless interface packet at Packet Capture on AP. f. Fully compatible configuration support for compatible AP g. Enhance Top N Stations traffic statistics from 24hour to 7days. h. Support Load-Balancing in AP Management. i. 802.11ax support. j. Tunnel SSID can chose Internal Ethernet interface not only VLAN support. k. Support Unicode SSID. 19. [ENHANCEMENT] GUI enhancement a. Support GUI grid tip content of objects b. Align the terms of Networking traffic indication 20. [Feature Change] [SMS] End of ViaNett support. 21. [Feature Change] [SSH] The GUI modification remove SSH Version 1. 22. [Feature Change] [Web Authentication] Default uncheck SSO when add new Web Auth. Policy. 23. [Feature Change] [USG40W / USG60W / USG20W-VPN] Default disable built-in Wi-Fi for Security purpose. 24. [BUG FIX][CVE-2015-5477] System DNS service vulnerability fix. 25. [BUG FIX][CVE-2020-3702] Cryptographic issues in WiFi driver(Kr00k) on USG40W, USG60W 26. [BUG FIX] eITS#200100755 Fix: HA syncing issue when using FTPs to sync up the settings. 27. [BUG FIX] eITS#200301052 Fix: Site to site VPN routing issue. 28. [BUG FIX] eITS#200301256 Add L2TP VPN user login information on SecuReporter.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
62/151
www.zyxel.com
29. [BUG FIX] eITS#200400280 Fix: ATP800 / FQDN cache full issue.
30. [BUG FIX] eITS#200401028 Debug log adjustment.
31. [BUG FIX] eITS#200401102 Load-Balancing on VTI-Trunk enhancement.
32. [BUG FIX] eITS#200401499 IP MAC binding malfunction issue.
33. [BUG FIX] eITS#200500114 Fix: The syslog does not send out device HA role changed log.
34. [BUG FIX] eITS#200500789 Enhancement: Disable TLS v1.0 for ddns service.
35. [BUG FIX] eITS#200525649 SSL VPN connection issue.
36. [BUG FIX] eITS#200602927 Fix: Direct router table isn't appearing at once in packet flow explore page.
37. [BUG FIX] eITS#200603050, 200603439 Malfunction in user group when authenticating by 802.1x with external RADIUS server.
38. [BUG FIX] eITS#200603107 Incorrect SSL VPN status information in dashboard.
39. [BUG FIX] eITS#200603276 GUI time display issue.
40. [BUG FIX] eITS#200603297 Object reference table display issue.
41. [BUG FIX] eITS#200603364 Incorrect 3G/LTE dongle warning message
42. [BUG FIX] eITS#200603806 MAC address table display issue
43. [BUG FIX] eITS#200603855 Anti-Spam functional issue.
44. [BUG FIX] eITS#200700662 Hyperlink redirect to incorrect page.
45. [BUG FIX] eITS#200603433 Fix: Accounting packet issue for L2TP.
46. [BUG FIX] eITS#200700596 Fix: Connectivity Check functional issue.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
63/151
www.zyxel.com
47. [BUG FIX] eITS#200700772 Fix: Mail notification with invalid header error.
48. [BUG FIX] eITS#200701095 Fix: Deactivated Interface IP address reply ICMP ping.
49. [BUG FIX] eITS#200701207 Fix: L2TP User Group Issue.
50. [BUG FIX] eITS#200701291 Device stability enhancement.
51. [BUG FIX] eITS#200800125 Fix: OSPF routes will be reset after clicking "apply" on interfaces
52. [BUG FIX] eITS#201000593 GUI wording fine-tuned
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
64/151
www.zyxel.com
Features: V4.39(ABAR.0)C0
Modifications in V4.39(ABAR.0)C0 - 2020/07/30 1. [ENHANCEMENT] Adopt new Technology from Security Partner: McAfee for
Content Filter, and Anti-Spam. 2. [BUGFIX] eITS#200300829, 200301264, 200301372
Fix: 2FA functional issue 3. [BUGFIX] eITS#200603107
Fix: Correct SSL VPN status information at Dashboard by update the SSL VPN Policy. (Update SSL VPN Policy, only allow remote user in "User" type to access the internal network.) 4. [BUGFIX] eITS#200603170, 200603855 Fix: Anti-Spam function may damage the mails in some circumstance 5. [BUGFIX] eITS#200700662 Fix: Hyperlink redirected pages correction
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
65/151
www.zyxel.com
Features: V4.38(ABAR.0)C0
Modifications in V4.38(ABAR.0)C0 - 2020/04/13
1. [ENHANCEMENT][Anti-Virus] Support Cloud Query
2. [ENHANCEMENT][INTERFACE] Support LAG on USG2200
a. LACP only (not support Active-backup and balance-alb)
3. [ENHANCEMENT][MAINTENENCE] Performance tuning on Speedtest tool
4. [ENHANCEMENT][BWM] Let TCP ack packets can be managed by BWM
function. Add CLI command to enable/disable this enhancement.
(eITS#180700033, 200200602)
5. [ENHANCEMENT] Enlarge SSL VPN Users number
Concurrent SSL VPN users
WAS (default/max.)
USG40/40W
5 / 15
USG60/60W
5 / 20
USG110
25 / 150
USG210
35 / 150
ZyWALL 110
25 / 150
IS(default/max.) 20 / 30 20 / 60 50 / 150 50 / 150 50 / 150
6. [BUGFIX] eITS#190200518 Fix: Streamer Connection issue since v4.33 upgrade
7. [BUGFIX] eITS#190300697 Fix: Proxy by controller directly not working.
8. [BUGFIX] eITS#190500795 Fix: The USG log indicated that the mail was drop by DNSBL (server to server SMTP), but client outlook still can receive the mail.
9. [BUGFIX] eITS#190500997, 191100683 Fix: After edited static DHCP in IP/MAC binding, the DNS service cannot works.
10. [BUGFIX] eITS#190700250 Fix: The CPU usage growing even without huge traffic.
11. [BUGFIX] eITS#190700606 Fix: Specific mail server unreachable when use POP3.
12. [BUGFIX] eITS#190900282 Fix: When add a new VLAN interface, ZySH daemon will busy for a while.
13. [BUGFIX] eITS#190900410 Fix: USG2200 unstable issue by usb xhci debug function.
14. [BUGFIX] eITS#190900659
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
66/151
www.zyxel.com
Fix: IPSec VPN Client has connection not working after disconnected. 15. [BUGFIX] eITS#190900684
Fix: Fail to authenticate the ext-group-user type which group identifier string has '(' ')' character for L2TP over IPSec function. 16. [BUGFIX] eITS#191000574 Fix: USG60W local AP drops. 17. [BUGFIX] eITS#191001243 Fix: Log filter function not working properly sometimes. 18. [BUGFIX] eITS#191100135 Fix: No Web GUI display after change to "easy mode". 19. [BUGFIX] eITS#191100321 Fix: 2FA Auth. with AD User on SSL VPN does not work 20. [BUGFIX] eITS#191100475 Fix: After IPSec tunnel rekey, the SN and system name becomes "N/A". 21. [BUGFIX] eITS#191100955 Fix: OSPF/RIP dynamic routing protocol does not work on 4.35. 22. [BUGFIX] eITS#191200137 Fix: The page at Ethernet > edit page cannot be edited. 23. [BUGFIX] eITS#191200741 Fix: IPv6 firewall rules behave abnormally. After restarting the device, the DHCP v6 address cannot notify the firewall to update the ipv6 rules. 24. [BUGFIX] eITS#191200748 Fix: Cannot save Guest network setting in Easy mode. 25. [BUGFIX] eITS#191200908 Fix: Wrong spelling of white list 26. [BUGFIX] eITS#200100539 Fix: IGMP snooping issue causes abnormal reboot. 27. [BUGFIX] eITS#200107098 Fix: L2TP/IPsec VPN cannot get group information from external AD 28. [BUGFIX] eITS#200107102 Fix: Cannot edit guest interface in the Expert mode. 29. [BUGFIX] eITS#200201144 Fix: No duration time at "Monitor > System status > session monitor". 30. [BUGFIX] eITS#200300672 Fix: GUI display error for default SSL VPN numbers. 31. [BUGFIX] eITS#200300829, 200301264, 200301372
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
67/151
www.zyxel.com
Fix: The program stocked in SMS daemon and user cannot receive the 2FA email.
Features: V4.35(ABAR.3)C0
Modifications in V4.35(ABAR.3)C0 - 2020/02/26 1. [BUGFIX][CVE-2020-9054] Web login CGI RCE vulnerability fix 2. [BUGFIX][CVE-2020-8597] Buffer overflow risk in pppd vulnerability fix
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
68/151
www.zyxel.com
Features: V4.35(ABAR.2)C0
Modifications in V4.35(ABAR.2)C0 - 2019/12/04 1. [BUGFIX] eITS#191000712
Associated AP info not showing well on the GUI of Station info. 2. [BUGFIX] eITS#191000719
No file will be generated after collecting the AP diagnostic 3. [BUGFIX] eITS#191000612, 191000726, 191001071, 191001116
After upgrading the firmware from 4.33 to 4.35, the device may failed to apply the configuration and roll back to system default configuration in some circumstances. 4. [BUGFIX] eITS#191001080
AP Group Profile changing from GUI may lead to configuration applying failure during the rebooting. 5. [BUGFIX] eITS#191001056
Enhance DHCP request format between broadcast and unicast mode, based on ISP's deploying. 6. [BUGFIX] eITS#191000966
L2TP authentication issue when using Windows login name and password as the L2TP username/password. 7. [BUGFIX] eITS#191000274
IPsec VPN tunnel cannot built up successfully when "My IP" was set as FQDN. 8. [BUGFIX][CVE-2019-12581, CVE-2019-12583] Related to the Free Time feature
Cross-Site-Scripting vulnerability fix.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
69/151
www.zyxel.com
Features: V4.35(ABAR.0)C0
Modifications in V4.35(ABAR.0)C0 - 2019/09/25
1. [ENHANCEMENT] Support SecuReporter log categories selection: Security
Categories and Network categories.
2. [ENHANCEMENT] Support SecuReporter quick activation banner on
Dashboard page
3. [ENHANCEMENT] Support Two-Factor Authentication via SMS/Email for
administrator login from GUI/SSH/Telnet.
4. [ENHANCEMENT] Support APC 3.40 adds Managed APs: NWA5123-AC HD,
WAC6303D-S, and WAC6552D-S.
5. [ENHANCEMENT]Customized http redirect parameters for Hotspot
management.
6. [ENHANCEMENT] Hotspot Management enhance: Extend RADIUS account
name length to 128
7. [ENHANCEMENT] Support Hotspot Features on USG60(W)
Model USG60(W)
Default Concurrent Login
WAS
IS
128
200
8. [ENHANCEMENT][VPN] Support Microsoft Azure route-based IPSec Site-to-site
VPN:
b. VTI over IKEv2/IPsec
c. BGP over IKEv2/IPsec
9. [ENHANCEMENT][VPN] Extend IPSec VPN PSK to 128 characters
10. [ENHANCEMENT][VPN] IPSec VPN support Diffie-Hellman Groups: DH15 to
DH18
11. [ENHANCEMENT][Geo-IP] Support Region(Continent) object
12. [ENHANCEMENT] Support Email to SMS
13. [ENHANCEMENT] Support EZ Mode on USG110 and ZyWALL 110
14. [ENHANCEMENT] Support NAT policy matching by source IP address
15. [ENHANCEMENT] Interface connectivity check enhancement, support 2
target IPs healthy check
16. [ENHANCEMENT] Support Web Console
17. [ENHANCEMENT] Support ZON v2.1.0 Dual image firmware update
18. [ENHANCEMENT] User can sort by source IP in Session Monitor page
19. [ENHANCEMENT] Usability enhancement for certificate export
a. Add download and Email action on My Certificates page
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
70/151
www.zyxel.com
b. Add file extension for certificate export and download
20. [ENHANCEMENT] GUI enhancements:
a. Ports speed change on GUI
b. Syslog server port setting on GUI
c. Add Description column at Interface GUI page
d. Extend mail server password length to 63 characters
e. Change Tool Bar icon sequence
21. [ENHANCEMENT] Device HA Pro Enhancements
a. Bridge interface monitor enhance, either uplink or downlink port fail will
trigger failover
b. Failover flapping mitigation
22. [ENHANCEMENT] extend the following max. number
a. Extend max. number of Zone from to 32
Model ZyWALL 310/ USG310
Max. number of Zone
WAS
IS
16
32
b. Extend max. of SSID profiles
Model
Max. of SSID profiles Was
USG1900
256
USG1100
256
USG310
64
USG210
64
USG110
64
ZyWALL 1100
256
ZyWALL 310
64
ZyWALL 110
64
ATP200
32
ATP500
64
ATP800
128
Is 1024 1024 1024 128 128 1024 1024 128 128 128 1024
c. Extend max. of Security profiles
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
71/151
www.zyxel.com
Model
USG2200-VPN USG2200 USG1900 USG1100 USG310 USG210 USG110 ZyWALL 1100 ZyWALL 310 ZyWALL 110 ATP200 ATP500 ATP800
Max. of Security profiles
Was
Is
64
1024
64
1024
32
1024
32
1024
32
1024
32
128
32
128
32
1024
32
1024
32
128
32
128
32
128
32
1024
23. [ENHANCEMENT]eITS#180900416 Remove the limitation that virtual server port mapping cannot conflict with device's WWW service port, if user set a different External IP address from External interface IP address.
24. [ENHANCEMENT]eITS#181000571 "Policy Route" page GUI loading time enhance.
25. [ENHANCEMENT]eITS#181100386 Further explanation in the error message.
26. [ENHANCEMENT]eITS#181201167 System default to enable easy mode Wi-Fi have low download speed on LAN1 subnet. Causing by default bridge with LAN1. Change default bridge with LAN2.
27. [ENHANCEMENT]eITS#190500018 Add a log to address the SSLv3 dropping reason.
28. [ENHANCEMENT]eITS#181000730 Remove unsafe SSH cipher list (CVE-2016-2183)
29. [Bug Fix] CVE- 2019-11477, CVE-2019-11478, CVE-2019-11479 vulnerability fix for Linux kernel
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
72/151
www.zyxel.com
30. [Bug Fix] Web authentication CGI vulnerability fix 31. [Bug Fix] CVE-2019-9955 Cross-site scripting vulnerability fix 32. [Bug Fix] CVE-2019-12581 Cross-site scripting vulnerability fix 33. [Bug Fix] CVE-2019-12583 vulnerability fix for Hotspot management free time
feature 34. [Bug Fix] eITS#180100124
IPv6 gateway information lost after ISP reconnect. 35. [Bug Fix] eITS#180200790, 180300059
After upgraded to 4.30 ITS WK06, IP MAC Binding causes client traffic packets dropped. 36. [Bug Fix] eITS#180300552 Antispam shows wrong session threshold message in the log. 37. [Bug Fix] eITS#180400078 Issue that users cannot modify static dhcp pool object on GUI. 38. [Bug Fix] eITS#180400129 DSCP marking function doesn't work. 39. [Bug Fix] eITS#180500500 LAN host IPv6 routing will disconnect after 6 days later on windows OS. 40. [Bug Fix] eITS#180600574, 181100570 Fixed FQDN object DNS querying issue. 41. [Bug Fix] eITS#180600692 Device only allow 1 admin user to create L2TP VPN tunnel, 2nd connection with the same account will be failed. 42. [Bug Fix] eITS#180600810, 180600970 It is unable to connect SSL VPN on 4.31 WK23 firmware. 43. [Bug Fix] eITS#180700420 Login to device with easy mode. It always pops out "Guest WiFi Time Expired". 44. [Bug Fix] eITS#180700430 Remove obsolete command in diagnostic info file. 45. [Bug Fix] eITS#180800036 Disable ALG FTP will cause sync drop by firewall. 46. [Bug Fix] eITS#180800486 Wrong message with empty database of Geo IP. 47. [Bug Fix] eITS#180800847 remove the log which caused by non-support function in sandbox 48. [Bug Fix] eITS#180900110 Device access deny causing by high disk usage.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
73/151
www.zyxel.com
49. [Bug Fix] eITS#180900237 Fix incorrect CEF log format of IDP
50. [Bug Fix] eITS#180900649 AP List "Recent On-line time" sorting issue
51. [Bug Fix] eITS#180900707 In GUI, when adding application rule via Configuration > Object > Application > Add > Add (for Application Rule), the users will be logged out.
52. [Bug Fix] eITS# 18100084 2FA function will not send the SMS after the device reboots
53. [Bug Fix] eITS#181000251 SSLVPN User cannot be logged out if SSL VPN tunnel was disconnected by SecuExtender.
54. [Bug Fix] eITS#181000401, 181100651 PPPoE connection stability issue.
55. [Bug Fix] eITS#181000671 In NAT setting, users can't select the virtual interface as the incoming interface.
56. [Bug Fix] eITS#181000675 SecuManager campaign for rebooting cli script cannot get device response.
57. [Bug Fix] eITS#181000724 GUI port role page displaying issue.
58. [Bug Fix] eITS#181000753 Device shows incorrect log when enable HTTP/HTTPS service.
59. [Bug Fix] eITS#181100020 "web-auth exceptional-service "XXXX"" CLI command should not be saved in configuration.
60. [Bug Fix] eITS#181100586 The DHCP table will keep the entries even though the DHCP lease time is expired.
61. [Bug Fix] eITS#181100758 IDP data in the daily report is incorrect.
62. [Bug Fix] eITS#181101172 Daily report will carry wrong source IP address.
63. [Bug Fix] eITS#181100886 Enabling the BWM feature will lead to session dropping.
64. [Bug Fix] eITS#181100980 After changing the configuration in expert mode, the dashboard of easy
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
74/151
www.zyxel.com
mode will not display correctly. 65. [Bug Fix] eITS#181100991
Address group object members is gone after firmware updating to wk45. 66. [Bug Fix] eITS#181101269
The sort function in security policy GUI page. 67. [Bug Fix] eITS#181200058
VLAN creation failure. 68. [Bug Fix] eITS#181200072
Special character "-" in FQDN. 69. [Bug Fix] eITS#181200273
Passing broadcast packets at boot up time. 70. [Bug Fix] eITS#181200437
802.11r automatically enabled after reboot. 71. [Bug Fix] eITS#190100106
The duration setting in the WiFi wizard can't be saved to the device. 72. [Bug Fix] eITS#190100341
When using the VPN wizard to create VPN profile, if the "DPD" is unticked, the VPN phase 2 profile will not be created. 73. [Bug Fix] eITS#190100402 When user changes the FQDN object name, it will pop up error message. 74. [Bug Fix] eITS#190100839, 190300398 When creating a PPPoE WAN with VLAN based, the default DUID is not filled. 75. [Bug Fix] eITS#190200778 Changing user password by using copy/past hotkey on the keyboard, will not working if using IE11. 76. [Bug Fix] eITS#190201159 Issue when using L2TP VPN authentication function via external RADIUS server. 77. [Bug Fix] eITS#190300736 L2TP VPN with Domain Name cannot be established. 78. [Bug Fix] eITS#190300744 Device reboot unexpected. 79. [Bug Fix] eITS#190300993 When the interface IP address of the address object is changed, the related policy rule which refer the address object will not apply the new IP address. 80. [Bug Fix] eITS#190300999 When creating a PPPoE WAN with VLAN6 as base, the default DUID is not filled.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
75/151
www.zyxel.com
81. [Bug Fix] eITS#190400069 After upgraded firmware from 4.25 to 4.33, PPPoE unable get IPv6 address successfully.
82. [Bug Fix] eITS#190400071 When the VPN client utilities disabled Mode config feature, device 2FA function will not work.
83. [Bug Fix] eITS#190400434 Need to reboot the device when applying the rules that implemented the GEO-IP objects.
84. [Bug Fix] eITS#190400684 Cannot change the type of address object.
85. [Bug Fix] eITS#190400765 Device keep sending password expire notification to user even though the function was disabled.
86. [Bug Fix] eITS#190400948 Cannot see "Policy Enforcement" option when selecting "'Site-to-Site with Dynamic Peer' scenario".
87. [Bug Fix] eITS#190500084 ARP proxy malfunction after the device reboots.
88. [Bug Fix] eITS#190500095 Unable to force logout an external user.
89. [Bug Fix] eITS#190500256 BWM functional issue when the BWM rule applies a null address group.
90. [Bug Fix] eITS#190500604 Can't enable OSPF for specific VLAN IDs.
91. [Bug Fix] eITS#190500841 After modifying the Radius server settings. The Radius configuration still keeps the original domain name.
92. [Bug Fix] eITS#190501051 Routing table displaying issue.
93. [Bug Fix] eITS#190501057 The static route will disappear after rebooting the device.
94. [Bug Fix] eITS#190600182 The policy control name will disappear when redirected from the dashboard.
95. [Bug Fix] eITS#190600505 Unable to connect the other devices that use non-standard SSH port (Port 22) in CLI mode
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
76/151
www.zyxel.com
96. [Bug Fix] eITS#190600563 Special character "&" is not supported by group ID when login SSL VPN via AD ext-group-user.
97. [Bug Fix] eITS#190700068 VPN tunnel stability issue.
98. [Bug Fix] eITS#190700198 The new created address object cannot be selected in BWM rule configuration.
99. [Bug Fix] eITS#190700831 Error message pops up when using packet capture function.
100.[Bug Fix] eITS#190700964 In interface GUI page, set Metric will clear DHCP unicast settings.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
77/151
www.zyxel.com
Features: V4.33(ABAR.0)C0
Modifications in V4.33(ABAR.0)C0 - 2019/01/10 1. [Enhancement][GUI] Add a download icon at My certificate page and only
Admin can download 2. [Enhancement] Enlarge dynamic account numbers of
ZyWALL310/USG310/ZyWALL1100/USG1100 (1) ZyWALL310/USG310: From 2000 to 4000 (2) ZyWALL1100/USG1100: From 3000 to 4000 3. [Bug Fix] eITS# 180100106, 180900565
Some SSL VPN network mask setting methods may lead to SSL VPN connection problem. 4. [Bug Fix] eITS# 180300552 When antispam is activated, there is a message in log "Mail sessions have reached the maximum threshold of 200". 5. [Bug Fix] eITS# 180500318 In some circumstances, rebooting the device from the Web GUI or CLI may be failed. Users need to power on/off the device. 6. [Bug Fix] eITS# 180500506 Interface name changing will not be synchronized to the Device HA pro passive device. 7. [Bug Fix] eITS# 180500963 When rebooting the Device HA pro active device by WebGUI, the passive device will reboot, too. 8. [Bug Fix] eITS# 180501192 Fixed device stability issue. 9. [Bug Fix] eITS# 180600668 CNA100 remote access HTTPs issue. 10. [Bug Fix] eITS# 180700145 Changed username of SMTP authentication cannot be saved. 11. [Bug Fix] eITS# 180700348 BWM config caused device booting up failure rolled back back to "lastgood.conf". 12. [Bug Fix] eITS# 180701378 Renewed password can't be saved if the new password start by "$$" character. 13. [Bug Fix] eITS# 180800824
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
78/151
www.zyxel.com
TCP behavior improvement. 14. [Bug Fix] eITS# 180800840
Configuration change of "Active Directory" feature cannot be saved. 15. [Bug Fix] eITS# 180900203
SSL VPN authenticated by using external AD server cannot work. 16. [Bug Fix] eITS# 180900228
Facebook wifi connection period is not working as defined. 17. [Bug Fix] eITS# 180900755
Facebook WIFI malfunction. 18. [Bug Fix] eITS# 181000655
SecuManager makes a backup of a managed device automatically, when the device reboots even the configuration isn't changed. 19. [Bug Fix] eITS# 181001141 RDP session drop in SSL VPN tunnel. 20. [Bug Fix] eITS# 181001198 Routing trace malfunction. 21. [Bug Fix] eITS# 181100177 The capwap daemon keeps generating configuration file and consumes the memory. 22. [Bug Fix] eITS# 181100380 SSO function malfunction.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
79/151
www.zyxel.com
Features: V4.31(ABAR.1)C0
Modifications in V4.31(ABAR.1)C0 - 2018/04/17 No update in this version.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
80/151
www.zyxel.com
Features: V4.31(ABAR.0)C0
Modifications in V4.31(ABAR.0)C0 - 2018/04/03 1. [Enhancement]Add Zyxel Biz Forum icon link at Top Tool Bar 2. [Bug Fix] SPR#140425458
DNS supports *.com A-record PTR. 3. [Bug Fix] SPR#100415854
The GUI's initial help page's behavior was wrong by pop up Site Map instead of Help. 4. [Bug Fix] SPR#100914249 IE7/8 sometimes shows "Stop running this script? A script on this page is causing Internet Explorer to run slowly. If it continues to run, your computer may become unresponsive." when configuring device. Please update IE patch: http://support.microsoft.com/kb/175500 for the fix. 5. [Bug Fix] SPR#100105242, 100105292 PPTP might not be able to connect successfully if it is configured via Installation Wizard/Quick Setup. 6. [Bug Fix] SPR#100419034 SSLVPN of VNC cannot work if user connects VNC application by FQDN. 7. [Bug Fix] SPR#121203072 Ext-group name and any password can login SSL VPN. 8. [Bug Fix] SPR#160307230 If you use SecuExtender or Web GUI (SSL VPN) to login at same PC/Laptop, the pervious one will disconnect, i.e. SecuExtender will disconnect after Web GUI (SSLVPN) account login, vice versa. 9. [Bug Fix] SPR#150529308 Console sometimes display "XXX daemon dead" message during reboot. 10. [Bug Fix] SPR#160329256 In custom UTM Profile > IDP > Custom Signatures > Payload option, if content have"[" word, GUI will show incorrect. 11. [Bug Fix] SPR#151125943 After changing source address object name, LAN PC will not redirect to correct web portal. 12. [Bug Fix] SPR#160113511 If Printer is a DHCP Client and IP changed may cause Printer sync fail. 13. [Bug Fix] SPR#151127016
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
81/151
www.zyxel.com
The check box is overlapping with content text at Initial Wizard > Wireless setting page when using IE browser. 14. [Bug Fix] SPR#151208533 "Object Reference" cannot work at Configuration >Network> Interface > Ethernet > Edit IPv6 Configuration page. 15. [Bug Fix] SPR#151208561 GUI will not redirect to login page automatically after firmware upgrade by using Chrome browser. 16. [Bug Fix] SPR#151214778 After the IPv4 address object created by "Create New Object" there's no updated IPv4 address object in IP address Pool list in Configuration > VPN >IPSec VPN >VPN connection >IPv4 Configuration > Add page. 17. [Bug Fix] SPR#151217001 GUI always shows "Loading..." message after applying IPSec VPN >edit IKE1 rule. 18. [Bug Fix] SPR#151223305 The changes of "E-mail Server 2"column will not applied after reboot device at Configuration > Log & Report > Log settings > System Log > Active Log and Alert (AP) page. 19. [Bug Fix] SPR#161219973 By using copy and paste to set PPPoE/PPTP IP address on Installation Setup Wizard. "Next" button can't be pressed. 20. [Bug Fix] eITS#161100279 Fix the issue that 'Disconnect Connections Before Falling Back' cannot work. 21. [Bug Fix] eITS#160900224, 170500103 The NAT rules don't work after upgrading the firmware. 22. [Bug Fix] eITS#170600924 SSL inspection reach the maximum number of sessions. 23. [Bug Fix] eITS#171001162 SSL VPN is not working. After clicking on "connect", there is no response. 24. [Bug Fix] eITS#171200383, 171200810 Httpd will be terminated after firmware upgrade to V4.30. 25. [Bug Fix] eITS#171200317
The bandwidth is not correctly allocated. 26. [Bug Fix] eITS#171200429
Fixed GUI layout issue. 27. [Bug Fix] eITS#171200450
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
82/151
www.zyxel.com
Login GUI and SSH show zysh daemon is terminated. The traffic forwarding is fine, but zyshd is malfunctioned. 28. [Bug Fix] eITS#171200806 The 4.2x firmware configuration file may have backward compatible issue on 4.3x in some circumstance 29. [Bug Fix] eITS#171200181 With syslog "CAPWAP" category enabled and controller apply configuration to AP, then caused AP very unstable. 30. [Bug Fix] eITS#171200710 Built-in access point (local AP) sometimes stops working for 1-2 minutes randomly 31. [Bug Fix] eITS#171200805 Unable to add a new created Geography type of address object to an existing Geography type of address group object. 32. [Bug Fix] eITS#180100224 Change all wrong wording "diasble" become "disable. 33. [Bug Fix] eITS#180100308 Proxy arp setting cannot be saved by GUI 34. [Bug Fix] eITS#180100787 In 4.30 diag-info sometime unable to decompress, it show "file corrupted" 35. [Bug Fix] eITS#180100790 Device receives SIGPIPE and close daemon without core file. 36. [Bug Fix] eITS#180100943 There is a mistake on welcome page in French. It is té lé phone, not té lé phoner 37. [Bug Fix] eITS#180200109 IDP signature update failed. (Cannot get IDP signature URL form Server.) 38. [Bug Fix] eITS#180200286 Error in debug log after 4.30WK6 update.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
83/151
www.zyxel.com
Features: V4.30(ABAR.0)C0
Modifications in V4.30(ABAR.0)C0 - 2017/11/24 1. [ENHANCEMENT] GDPR(Privacy statement)
a. General Privacy Statement b. SecuReporter(available in Q3, 2018) 2. [ENHANCEMENT] Key management vulnerabilities of WPA2 protocol: CVE2017-13077 through CVE-2017-13082, CVE-2017-13084, and CVE-2017-13086 through CVE-2017-13088 Note: USG40W, USG60W and USG20W-VPN do not support 802.11r. 3. [ENHANCEMENT] Support Facebook Wi-Fi. 4. [ENHANCEMENT] Support Session Clear 5. [ENHANCEMENT] Support Proxy Arp on external and general interface 6. [ENHANCEMENT][GUI] Log Enhancement: Log category grouping 7. [ENHANCEMENT][GUI] Diagnostic tool: Support NSLOOKUP 8. [ENHANCEMENT][GUI] Active sessions on Dashboard and Session Monitor a. Dashboard > Active Session, the screen is the same as day one. b. Dashboard > Active Session, remove the link to the page of Session
Monitor 9. [ENHANCEMENT][GUI] Packet Flow Explore:
1-1 SNAT with the extra fields of `protocol' and `source port' 10. [ENHANCEMENT][GUI] Initial wizard: New add Step 6: Remote management 11. [ENHANCEMENT][GUI][Registration] Refine service with the links of "Activate"
and "Buy" at the page of Network Risk Warning. 12. [ENHANCEMENT] GeoIP Address Object
a. Support sorting by country of Traffic Statistics, Session Monitor, and user login.
b. Support Geo IP setting of Policy Route, DNS Inbound LB, BWM, Web Authentication, and Session Control.
13. [ENHANCEMENT][Address Object] Support FQDN Address Object a. FQDN pattern support wildcard b. Support FQDN object apply as source(except Wildcard FQDN) or Destination of Security Policy c. Support FQDN object apply as source (except Wildcard FQDN) or Destination of Policy Route /BWM /Web Auth.
14. [ENHANCEMENT] [User Object] Notification of account expiry (support Admin type account only).
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
84/151
www.zyxel.com
15. [ENHANCEMENT] [User Object] Strength of account password 16. [ENHANCEMENT] [Security Policy] Auto backup configuration when rules
changed 17. [ENHANCEMENT] [Log] Logged information of account and its IP address when
configuration changed 18. [ENHANCEMENT] [Log] Logged the details of firewall rules changed 19. [ENHANCEMENT] [Device-HA Pro]
a. If Passive device updates firmware failed, it will not trigger Active device firmware update.
b. Support DHCP table synchronize and IP MAC binding table. c. Auto reset the maximum failover counter d. Show Passive device information on Active device GUI. 20. [ENHANCEMENT] [Routing Protocol] Support IPv4 eBGP 21. [ENHANCEMENT] [VPN] Support IPv4 eBGP over IPsec VTI tunnel 22. [ENHANCEMENT] [VPN] Support IPv4 OSPF over IPsec VTI tunnel 23. [ENHANCEMENT] [VPN] Support Multicast over IPsec VTI tunnel 24. [ENHANCEMENT] [VPN] Support iOS provision Mobile configuration contain three types of VPN: IKEv2, IKEv1/IPSec, L2TP 25. [ENHANCEMENT] [Interface] DHCP options for PXE client. 26. [ENHANCEMENT] [Traffic Statistics] Support web site hits with HTTPS 27. [ENHANCEMENT] [System] System default enable the HTTPs strong cipher 28. [ENHANCEMENT] [Stability] Support Auto recovery- when upgrade firmware fail will auto rollback to previous status. 29. [ENHANCEMENT] [SNMP] OID Support: boot between dual images 30. [ENHANCEMENT] [EZMode] Change internal interface IP and network automatically when WAN IP conflict with internal IP. 31. [ENHANCEMENT] Support APC3.0 a. AP forward compatibility support b. Zymesh c. AP NVGRE data tunnel d. 802.11r 32. [ENHANCEMENT] Hotspot Management enhancement a. Billing Replenish b. Change time period range c. [Billing] Number at the beginning is allowed d. [Freetime] Warning message modification e. [Payment] Add new currency BRL
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
85/151
www.zyxel.com
f. [Payment] Add new currency RUB g. [Printer] Redefine the printer information on GUI h. [Printer] Empty the description i. [Printer] Discovered printers divide into different group 33. [ENHANCEMENT] [UA] Enforce data collection 34. [ENHANCEMENT] [WebAuth] Support Session page on/off switch 35. [ENHANCEMENT] Support captive portal redirect with FQDN 36. [ENHANCEMENT] eITS#170400413
Support user sets the DHCP6 preferred prefix size for delegation in Solicit message in DHCP6 request object by CLI command. CLI cmd: Router(config)# dhcp6-request-object < profile name> prefix-delegation prefix-length <1...64> 37. [ENHANCEMENT] eITS#170700287,170700325 a. Customer would like to using following username format with AD server
by 802.1X: sAMAccountNAme= usg\user1 userPrincipalName= user1@usg.com b. 802.1X auto login 38. [ENHANCEMENT] eITS#170901066 Remove unwanted error log in the case that when User trusted certificates folder is empty. 39. [ENHANCEMENT] eITS#171000150 GUI to allow setting schedule object stop Time 00:00 same as 24:00 for overnight schedule usage (e.q. 22:00 - 08:00), user can use a schedule group object to include two schedule object (e.g. 22:00 - 0:00 and 0:00 08:00) 40. [ENHANCEMENT][Device-HA Pro] Support spec. changed Default life time given after Device registered: USG1100, USG1900, USG2200-VPN, ZyWALL 1100 41. [FEATURE CHANGE] [GUI] Re-sort Interface menu list: Sequence: External >General >Internal >Others 42. [FEATURE CHANGE] [GUI] Dialogue window popup for new firmware notification now is for ADMIN type only 43. [FEATURE CHANGE] eITS#170300826
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
86/151
www.zyxel.com
[GUI] With feature "Link Aggregation Group", it no longer provides the field "none" on link-monitoring, balanced-alb and active-backup due to useless. 44. [FEATURE CHANGE] eITS#170500243 WAS:
UTM Profile>IDP add profile ""all"" default signature 1051723 action ""VIRUS Eicar test string"" is Reject-BOTH. IS: To set default create profile for signature 1051723 action NONE 45. [FEATURE CHANGE] eITS#170900224 Change "Session Limit" log severity level from notice (5) to warning (4) for better troubleshooting. 46. [Bug Fix] eITS#160401060 After few days, the mail sessions reach the maximum threshold and AntiSpam stop working. 47. [Bug Fix] eITS#160800459 AD ext-group-user test fail 48. [Bug Fix] eITS#160900786 Syslog didn't send out traffic category 49. [Bug Fix] eITS#161000148 StartSSL Certificate not valid 50. [Bug Fix] eITS#161000226 BMW does not work with SSO authentication. 51. [Bug Fix] eITS#161000644 After the launch of the anti-spam (usually after two hours), sometimes any letter does not pass through ZyWALL. They come after 20-30 minutes collectively, then they don`t pass through ZyWALL again, and so each time. 52. [Bug Fix] eITS#161100279 Open RDP by using IE10, need to add IP address to IE "Compatibility view settings" issue. 53. [Bug Fix] eITS#161100604 Configuration error when enable SLAAC. 54. [Bug Fix] eITS#161100649, 170100235 Sometimes user cannot synchronize with myzyxel.com server successfully. 55. [Bug Fix] eITS#161200347, 161200799 After upgrading to 4.20, change the port speed manually does not work. 56. [Bug Fix] eITS#161200446,170200683
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
87/151
www.zyxel.com
Device will constantly rebooting by out of memory issue. 57. [Bug Fix] eITS#161200483
Use network PING tool and found that no matter how they switch the interface, the outgoing IP do not get the correct match IP with interface. 58. [Bug Fix] eITS#161200541 AP management VLAN configuration have limitation on Name field, we cannot create VLAN more than 4. 59. [Bug Fix] eITS#161200618 The black list now detected before white list. 60. [Bug Fix] eITS#161200797 VPN policy object not been changed after renaming object 61. [Bug Fix] eITS#161200798 Default DHCP server not been removed after changed interface type 62. [Bug Fix] eITS#170100012 The 802.1P Marking functions not work. (In BWM function) 63. [Bug Fix] eITS#170100106 USG60w reboots when Mac book Wi-Fi try to associate to USG60w's Local AP. 64. [Bug Fix] eITS#170100259,170200190 Issue with L2TP and security policy user-based 65. [Bug Fix] eITS#170100317 The SNMP after remove and add VLAN interface, active & passive query mib ifTable .1.3.6.1.2.2.1.x are not the same 66. [Bug Fix] eITS#170100339 User Agreement Users in Hotspot are registered 3 or 4 times at a single login 67. [Bug Fix] eITS#170100441 Policy route does not work when configure a service group object as source port match criteria 68. [Bug Fix] eITS#170100457 Device displays ZySH daemon is busy, and it not accessible via Web GUI 69. [Bug Fix] eITS#170100500 Email Subjects being truncated with anti-spam enabled. 70. [Bug Fix] eITS#170100679 Anti-spam tag the dlog in automatic reply emails content 71. [Bug Fix] eITS#170100898
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
88/151
www.zyxel.com
User log in web authentication page by Firefox browser, it doesn't pop-up windows to tips user "You have been logout" when user close user aware browser. 72. [Bug Fix] eITS#170100903 When the anti-spam activate, the large size (around 1~3mb) mail will delivery to internal mail server for a long time 73. [Bug Fix] eITS#170200027 When the USG Wan interface connected gateway router reboots, the USG cannot aware SLACC renew. It leads to IPv6 DHCP client Internet access issue. 74. [Bug Fix] eITS#170200028 The IPv6 of Prefix Delegation address on interface will no longer get value on it. 75. [Bug Fix] eITS#170200095 Sometimes the Web GUI shows error "File not found" and does not work after booting the USG. 76. [Bug Fix] eITS#170200139 Firewall rule block SSO user traffic time to time 77. [Bug Fix] eITS#170200161 AP firmware v4.22 show station issue 78. [Bug Fix] eITS#170200382 DHCP pool size is incorrect 79. [Bug Fix] eITS#170200530 HA-Pro does not apply virtual MAC address. 80. [Bug Fix] eITS#170200531 HA-Pro not sending Gratuitous ARP for virtual 1:1 NAT IP 81. [Bug Fix] eITS#170300098 Unable to update GeoIP database 82. [Bug Fix] eITS#170300215,170300955,170400039,170400704 Wrong routing entry for VPN 83. [Bug Fix] eITS#170300611 Device changes host's source IP address in bridge mode 84. [Bug Fix] eITS#170300783 Static Route not working after reboot of the USG 85. [Bug Fix] eITS#170300822 Customer have an issue about USB LED behavior, even the USB stick dose not plug to device port, USB LED is still on.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
89/151
www.zyxel.com
86. [Bug Fix] eITS#170300826 In LAG interface, set 802.3ad mode and choosing "none" and "ARP" as link monitoring mode. It will not work.
87. [Bug Fix] eITS#170301030 High memory usage with HA-Pro
88. [Bug Fix] eITS#170400322 Security Policy rule modification didn´t take effect when we modify address object, we must disable and enable the rule again to make it take effect.
89. [Bug Fix] eITS#170400331 The ISP extended VOIP as HD voice
90. [Bug Fix] eITS#170400558 Vulnerability Fix (CVE-2016-10229)
91. [Bug Fix] eITS#170407062 IPSecVPN no any connection but log had R_U_THERE message
92. [Bug Fix] eITS#170500088,170500089 After upgrade to ZLD4.25 firmware, GUI login device will stuck at genie.html page.
93. [Bug Fix] eITS#170500193 Failed to apply startup-config.conf after modify guest interface name.
94. [Bug Fix] eITS#170500202 RDP via SSLVPN fail
95. [Bug Fix] eITS#170500260 Move the mouse cursor to the SIP default port 5060, change nothing and click on Apply. The error message pops up.
96. [Bug Fix] eITS#170500542,170500632 Login web GUI then pop out a warning message "CLI number 39"
97. [Bug Fix] eITS#170500555 Cloud-Helper Firmware Auto Update cannot disable
98. [Bug Fix] eITS#170500757 Device High Memory and Auto Reboot several times / week
99. [Bug Fix] eITS#170500774 Even if device is registered, the Setup Wizard show up again and finish with unreadable short popup "ERROR".
100. [Bug Fix] eITS#170500826 Dashboard loading is very slow.
101. [Bug Fix] eITS#170500968 The HTTPS Domain Filter is sending the wrong Certificate for blocked HTTPS
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
90/151
www.zyxel.com
Pages based on "Enable Content Filter HTTPS Domain Filter Block/Warn Page" under certain condition. 102. [Bug Fix] eITS#170600091 Device HA backup sync error when disable Anti-Virus Black list 103. [Bug Fix] eITS#170600481 "custom web portal files" are not sync to other partition 104. [Bug Fix] eITS#170600635 Device HA backup sync error caused by Content Filter profile CLI ordering is different in some conditions. 105. [Bug Fix] eITS#170600780 When load some kind of customized configuration file, the device will restore to default setting after rebooting. 106. [Bug Fix] eITS#170600954 Unable negotiated PPP connection in IPv6CP phase with BT ISP 107. [Bug Fix] eITS#170700239 [Policy Route] Next-hop set with the interface but not containing gateway, and then the warning message now is given. 108. [Bug Fix] eITS#170700652 Schedule run display wrong info 109. [Bug Fix] eITS#161200163 Add source port(s)/service setting in 1-to-1 NAT zymark iptables rule. 110. [Bug Fix] eITS#170400180, 170400330, 170400796, 170500308, 170600919 Anti-spam session full issue and device daily system hang issue. 111. [Bug Fix] eITS#170500347 Content filter slow, no Warning displayed 112. [Bug Fix] eITS#170500975, 170600470 Anti-spam daemon and ctipd hang issue. 113. [Bug Fix] eITS#170700761 Anti-spam session full issue 114. [Bug Fix] eITS#170721720 The first four packets cannot go to remote DUT then VPN connection will auto-reconnect. After that, traffic was normal. 115. [Bug Fix] eITS#170800053 After changed VLAN priority in VLAN interface, the interface stops response. (Except inactivate and active it again) 116. [Bug Fix] eITS#170800190 Cloud firmware update function will always display Sunday even already
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
91/151
www.zyxel.com
Monday changed. 117. [Bug Fix] eITS#170800299
Update-fw.log file cause high flash usage 118. [Bug Fix] eITS#170800684
PDF corrupted by Anti-Spam 119. [Bug Fix] eITS#170800820
The UDP traffic unable pass to remote access if device already keep the session on WAN1. 120. [Bug Fix] eITS#170803091 VPN dial fail but log had R_U_THERE message 121. [Bug Fix] eITS#170800267, 170800513, 170800565 Warning message pops up when creating a policy route rule 122. [Bug Fix] eITS#170300904 [GUI] The wording "expire" changed from "Ausgelaufen" to "Ablaufdatum" in German. 123. [Bug Fix] eITS#170600081 The graph of CPU usage is different in the USG daily report and CNC. 124. [Bug Fix] eITS#170800408 RIP stops working 125. [Bug Fix] eITS#170900052 Device soft-lockup when apply customer's configuration 126. [Bug Fix] eITS#170900254 Customer cannot import root certificate at "Configuration > Object > Certificate > "Trusted Certificates", it will pop up error message. 127. [Bug Fix] eITS#170900406 Frontline state that IP 212.52.194.228/255.255.255.224 cannot be saved on ge3 interface, the "OK" button is grey out/not clickable. 128. [Bug Fix] eITS#170900762 Content filter profile specifically rename on Web GUI will cause the configuration file saving problem. Web GUI and start-up configure mismatch. 129. [Bug Fix] eITS#170900923 The object items cannot be selected if we filtered in other page. (GUI bug) 130. [Bug Fix] eITS#170600298 Budget reset mechanism after over budget will cause incorrect budget
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
92/151
www.zyxel.com
interval data and budget statistics in the next connection. 131. [Bug Fix] eITS#170800560
Won´t keep logging settings for SSL inspection 132. [Bug Fix] eITS#170800684
PDF corrupted by Anti-Spam 133. [Bug Fix] eITS#170900820
Customer concerning the VPN VTI interface in trunk interface cannot failover and fallback.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
93/151
www.zyxel.com
Features: V4.25(ABAR.1)C0
Modifications in V4.25(ABAR.1)C0 - 2017/07/13 1. [ENHANCEMENT] System default settings change:
Doesn't allow access device GUI via HTTPs or SSL VPN connect from WAN in system default. Note: This will not change the settings for upgrade from previous firmware version. 2. [ENHANCEMENT] GUI change:
a. all Service license Status change from "Licensed" "Not Licensed" to "Activated", "Not Activated"
b. if the license are transferred, then status will show "Not Licensed" c. update layout change wording : Firmware Upgrade License to Firmware
Upgrade Service d. remove License Type and Expiration date from Firmware Management
page e. Add OneSecurity link (Troubleshooting icon): add icon at Firmware
Management GUI page and redirect to OneSecurity Firmware Upgrade SOP 3. [ENHANCEMENT] Support for PayPal Brazilian Real (BRL)/Russian Ruble (RUB) currency 4. [ENHANCEMENT] Initial Wizard add Remote Management on/off switch 5. [BUG FIX] eITS#170500228 "Email daily report" is missing on web GUI setup page (Configuration > Log & Report > Email daily report). 6. [BUG FIX] eITS#170500089 After logging into the Web GUI, it will redirect to https://x.x.x.x/extjs/app/view/pagestore/genie.html instead of the device dashboard 7. [BUG FIX] eITS#161200145 The authentication will fail when establishing L2TP VPN with MS-CHAPv2 8. [BUG FIX] eITS#170100259, 170200190 Sometimes user-based security policy rule doesn't work properly. 9. [BUG FIX] eITS#170100903 Fixed the anti-spam may delay the mail occasionally 10. [BUG FIX] eITS#170100505 Security Policies does not working properly in some circumstances 11. [BUG FIX] eITS#161200446
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
94/151
www.zyxel.com
When CF and App Patrol are enabled and there are peak abnormal "ACK" packets in the environment sent to the device. The device may reboot 12. [BUG FIX] eITS#170200139 Firewall rule sometimes will block SSO client's traffic 13. [BUG FIX] eITS#170300098 Fix: unable to update GeoIP database 14. [BUG FIX] eITS#170400322 Fix: Security Policy rule modification doesn't take effect immediately after modifying the address objects. 15. [BUG FIX] eITS#170400243 Fixed the device reboot accidently issue 16. [BUG FIX] eITS#170300955, 170300215 , 170400039, 170400704 Fixed the VPN tunnel routing issue 17. [BUG FIX] eITS#170300561 Fixed AP connection lost issue. 18. [BUG FIX] eITS#170100742 Fixed USG310 Device HA Pro with https port different than 443 issue.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
95/151
www.zyxel.com
Features: V4.25(ABAR.0)C0
Modifications in V4.25(ABAR.0)C0 - 2017/04/21
1. [ENHANCEMENT] Openssl package upgrade to 1.02j
2. [ENHANCEMENT] UTM engine upgrade to 2.3.012
3. [ENHANCEMENT] Default IDP signature upgrade to 3.2.4.040(Base on 3.1.4 and
add 518 app-behavior)
4. [ENHANCEMENT] AS and CF engine upgrade to 8.00.0125.1
5. [ENHANCEMENT] Support quick activation wizard to help user register device
and activate UTM services in a short time.
6. [ENHANCEMENT] Support Grace Period for subscription license.
7. [ENHANCEMENT] add "Buy"/ "Renew" and "Activate" link at:
a. Dashboard Security Service List
b. Configuration > Licensing > Service Status List
c. Each Service function page
d. Security Service Warning page
8. [ENHANCEMENT] Support Country code GUI for USG/ZyWALL
a. Except for USG40W/USG60W/USG20-VPN/USG20W-VPN
9. [ENHANCEMENT] APC built-in FW replacement
a. Remove NWA5KN & 3KN series AP firmware
b. Add NWA5123-AC AP firmware
c. Keep NWA512x series AP firmware
10. [ENHANCEMENT] Support Hotspot Management License for USG110, USG210
and ZyWALL 110 with 30days trial.
Support models Hotspot Management Service
USG110
Default 30days trial
USG210 ZyWALL 110
LIC-HSM, Hotspot Management 1 year Subscription License LIC-HSM, Hotspot Management One-Time License
11. [ENHANCEMENT] Default value of VLAN DHCP lease time change from infinite
to 2 days
12. [ENHANCEMENT] Extend max. number of Address Object for following models:
Models
Address Object Value
WAS
IS
USG20(W)-VPN
100
300
USG40(W)
100
300
USG60(W)
200
300
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
96/151
www.zyxel.com
13. [ENHANCEMENT] Support SecuReporter (available in Q3, 2017) 14. [ENHANCEMENT] Support failure recoveries of configuration apply. 15. [ENHANCEMENT] Automatic Firmware update from USB storage
a. Default action is disable b. Do not support Device HA/ Device HA pro scenario
Note: When using USB firmware upgrade in HA Pro devices, you need to insert USB at Passive device to upgrade Firmware first, and then do USB firmware upgrade at Active device. 16. [ENHANCEMENT] Support DHCP option 60 on External type Ethernet and VLAN interface 17. [ENHANCEMENT] Support SSH Client 18. [ENHANCEMENT] Support GeoIP database auto-check & auto-update 19. [ENHANCEMENT] eITS#160200311 The log Open /tmp/ext_group_info.conf_1 configuration file has failed. Change the log description easy to understand as: Cannot open /tmp/ext_group_info.conf_1 configuration file. Please check the settings of Auth. method and Ext-Group-User Accounts by AAA Server. 20. [ENHANCEMENT] eITS#160300976 To adjust "DHCP table / User Login" GUI display behavior. 21. [ENHANCEMENT] eITS#160800448 Manual control of firewall rule "Only FIN bit is set" for abnormal TCP flag packets transmission. 22. [FEATURE CHANGE] eITS#160600471 Bandwidth management cannot apply accurately by App Patrol 23. [BUG FIX] eITS#161100240 802.1P marking in BWM is disappeared in ZLD 4.20. 24. [BUG FIX] eITS#161100700 Fix ALG SIP Settings GUI disappear issue: a. Restrict Peer to Peer Signaling Connection b. Restrict Peer to Peer Media Connection 25. [BUG FIX] eITS#151200061 Support LTE E3276 dongle 26. [BUG FIX] eITS#160200024 No supporting for Huawei E3276 dongle. 27. [BUG FIX] eITS#160200048 Port statistics shows wrong information on GUI 28. [BUG FIX] eITS#160200540
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
97/151
www.zyxel.com
An over length object name ruins the security policy function, also stop the device boot from start-up config. 29. [BUG FIX] eITS#160200591 After AP schedule applied, the device cannot boot normally and failover to last good config. 30. [BUG FIX] eITS#160300622 A standby HA device do download AP firmware. This should not happen if the active role is taken by another device. 31. [BUG FIX] eITS#160300733 Receiving a "Unicast" DHCP offer on WAN port because customer's ISP did so. (DHCP offer bootp flag: unicast) 32. [BUG FIX] eITS#160300990 NAT rule didn't work for the specific object. 33. [BUG FIX] eITS#160400211 Unable to apply NAT policy if a vitrual interface has different subnet from its' physical. This works fine in 4.13 but not in 4.15 (Error message: Original IP address is not comprised in Incoming interface subnet.) 34. [BUG FIX] eITS#160400995 Cannot use full screen mode on IE11 RDP access. The SSL VPN tunnel works fine. Use RDP access but unable to use full screen mode (on IE11). 35. [BUG FIX] eITS#160500052 If user shows VLAN 10 in IP/MAC Binding monitor page, both VLAN 10 and VLAN 100 will display. 36. [BUG FIX] eITS#160500699 NAT rule doesn't work on general type interface. 37. [BUG FIX] eITS#160600575 Fix: In ZLD V3.30, customer set a set a "ppp" interface and name eth1 and then users apply the configuration file (startup-config). It will show the error message % System fatal error: 3005105. on the console. 38. [BUG FIX] eITS#160601251 A dead Zylogd triggers connectivity check and makes policy route on and off frequently, reboot is a temporarily solution. 39. [BUG FIX] eITS#160700403 Fix: VPN after rekeying no Traffic in Tunnel 40. [BUG FIX] eITS#160700500, 160101189 Site-to-site IPSec VPN Tunnel (IKEv1) and AES256/SHA256 encryption in Phase2 burst CPU usage.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
98/151
www.zyxel.com
41. [BUG FIX] eITS#160800459 Fix: USG 50. AD ext-group-user test fail
42. [BUG FIX] eITS#160800706 USG20-VPN will not send out "Forwarded website" to CF report server.
43. [BUG FIX] eITS#160800830 Modify address object setting didn't apply to configure file.
44. [BUG FIX] eITS#160800939 While move to other pages, the sorting by object IP address behavior abnormal.
45. [BUG FIX] eITS#160800995, 160800977 Unable to upload an overlong file name firmware via GUI.
46. [BUG FIX] eITS#160801122 The source IP address shows incorrect on Web GUI, (different model support for different pool addresses)
47. [BUG FIX] eITS#160900125 Fix: OneSecurity Anti-Spam PDF file corrupts.
48. [BUG FIX] eITS#160900128 Anti-Spam mail scan timeout rate is high.
49. [BUG FIX] eITS#160900147, 160900359 While DHCP function is disabled on all interfaces, the DNS proxy stop working.
50. [BUG FIX] eITS#160900449 The VPN throughput of USG1900 is low.
51. [BUG FIX] eITS#160900525 After SafeSearch enabled, the device did randomly unwanted reboot.
52. [BUG FIX] eITS#160900560 When editing exist BWM rule, try to enable or disable "Maximize Bandwidth Usage" function. It can't write into configuration.
53. [BUG FIX] eITS#160900579 After upgraded to ZLD4.20 firmware, there are additional AP image symbolic link in device, it will cause Device-HA Pro sync fail.
54. [BUG FIX] eITS#160900582 When add Anti-Virus, tick or untick white list, it always saves as enabled.
55. [BUG FIX] eITS#160900603 The customer creates a new application profile then adds some applications. The GUI meets loading nonstop when he wants to add other object into this application profile by Service searching.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
99/151
www.zyxel.com
56. [BUG FIX] eITS#160900614 Error message shows on trying to create Object > Service by just fill in starting port.
57. [BUG FIX] eITS#160900619 Some settings disappear from the configuration after a power fail.
58. [BUG FIX] eITS#160900702 Update Anti-Virus crashes Zyshd daemon if there is no connection to myZyXEL.com.
59. [BUG FIX] eITS#160900704 When the customer creates the new Radio profile, set Channel Selection to DCS, the A-MPDU and A-MSDU are enabled by default. However, after click OK button, then edit this profile again found A-MPDU and A-MSDU was not enabled.
60. [BUG FIX] eITS#160900708 DHCPv6 Request can't be added to DHCPv6 Request Options in PPPoE.
61. [BUG FIX] eITS#160900760 After upgraded from 4.15 to 4.20, they need to configure default policy rule as "Allow" instead of "Deny" otherwise they cannot surfing the Internet.
62. [BUG FIX] eITS#160900840 Fix: After build Device-HA, on backup device linkup and link-down Ge4 port. The Backup device status is standby but GE4 IP address exists. It affects the traffic pass through to Backup device but not master one
63. [BUG FIX] eITS#160901009 The tunnel interface is on the drop-down list of Public DNS Server setting.
64. [BUG FIX] eITS#160912324 Fix: [VPN] [info] Send check packet won't send on IKEv2 VPN rule (6in4, 4in6, 6in6)
65. [BUG FIX] eITS#161000053 If SafeSearch enabled, the Google log will be removed if accessing https://www.google.at or https://www.google.com (google family).
66. [BUG FIX] eITS#161000057 Remove service object from service-group will be failed.
67. [BUG FIX] eITS#161000062 Files with long names on Cyrillic (Russian) cannot be downloaded through SSL VPN / File Sharing. Files with short names will work.
68. [BUG FIX] eITS#161000092 The Interface egress setting will been effects after added virtual interface
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
100/151
www.zyxel.com
69. [BUG FIX] eITS#161000311 Sorting by priority doesn't work correctly on all pages.
70. [BUG FIX] eITS#161000336 Fix SNMP location issue.
71. [BUG FIX] eITS#161000353 It is the VPN between ShrewClient and USG. It works fine under ZLD 4.15; however, after upgrading to ZLD 4.20, USG will send out DEL information to the client after establishing connection.
72. [BUG FIX] eITS#161000562 If you choose View: all session in Session Monitor, then the first page is displayed normally, but an error occurred on second page.
73. [BUG FIX] eITS#161000654 Firewall rule of user aware didn't work appropriate with GeoIP address object.
74. [BUG FIX] eITS#161000823 Fix GUI shows wrong information on NAT setting. (Select 1:1 mode, shows 1: Multiple)
75. [BUG FIX] eITS#161000908 Special characters are allowed on GUI but invalid in certification "+", ")" or ")".
76. [BUG FIX] eITS#161000911 Cannot create VLAN100 after VLAN10 on GUI.
77. [BUG FIX] eITS#161000912 There is no limitation of the DHCP pool range.
78. [BUG FIX] eITS#161017510 Fix: [VTI]disable VTI interface will be enable after open this disable (VTI)profile and click "OK"
79. [BUG FIX] eITS#161100136 Device will reboot only when CF is enabled on IPv6 and access some websites.
80. [BUG FIX] eITS#161100230 Supporting for longer LDAP/AD password length to 63 characters.
81. [BUG FIX] eITS#161100298 1:1 NAT Port Mapping Type can be select after change type to Virtual server and switch back to 1:1 NAT.
82. [BUG FIX] eITS#161100619 SSL Inspection not works if set in firewall rule on ZLD4.20
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
101/151
www.zyxel.com
83. [BUG FIX] eITS#161100649 Fix myzyxel.com SSL time sync issue.
84. [BUG FIX] eITS#161200541 AP management VLAN configuration have limit on Name field, we cannot create VLAN more than 4.
85. [BUG FIX] eITS#161200689 Add more than 8 interface into a Trunk is allowed, but this setting got error and is automatically removed after reboot.
86. [BUG FIX] eITS#161200797 VPN policy object doesn't change after renaming an object.
87. [BUG FIX] eITS#170100010 "Host Name" and "Description" are missing under IP/MAC Binding
88. [BUG FIX] eITS#170100106 While just started up, any connection from MAC OS will reboot USG60W. (Android, Windows platform don't have this issue.)
89. [BUG FIX] eITS#170100118 The FTP function which in packet capture does not work. (Can't upload to external FTP server)
90. [BUG FIX] eITS#170200061 When added PPP interface in to monitoring interface (Device-HA Pro), it will shows "The interface name is not accepted"
91. [BUG FIX] eITS#170200530 When Device-HA Pro switching status, the MAC address of secondary is not synced.
92. [BUG FIX] eITS#170200161 Fix: ZyWALL 310 (WLAN controller) - Some station info will be kept in station info list on the controller even the stations have been dissociated from the AP.
93. [BUG FIX] eITS#161000876 Unable to turn off Policy Control or Allow Asymmetrical Route via GUI.
94. [BUG FIX] eITS#160301606 USG310: error code2 drops ICMP Type3 packet
95. [BUG FIX] eITS#160400542 USG210 Fatal Error Cause System Reboot
96. [BUG FIX] eITS#161100313 USG110 IKEv2 dynamic tunnel suddenly stopped working
97. [BUG FIX] eITS#161100931
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
102/151
www.zyxel.com
USG20-VPN - SIP Signaling Port not working 98. [BUG FIX] eITS#161100008
Fix: Cannot access some https website after enable domain filtering in CF.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
103/151
www.zyxel.com
Features: V4.20(ABAR.2)C0
Modifications in V4.20(ABAR.2)C0 - 2016/11/25 1. [ENHANCEMENT] Add enhancement against ICMP type3 code3 DoS attack.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
104/151
www.zyxel.com
Features: V4.20(ABAR.1)C0
Modifications in V4.20(ABAR.1)C0 - 2016/09/29 1. [BUG FIX] eITS#160800705
Guest wizard in easy mode gets wrong. 1. enable the Guest network via wizard 2. No IP address and DHCP server but port role is correct.
2. [BUG FIX] eITS#160800624 The GeoIP can't update successfully, and shows 124014 error.
3. [BUG FIX] eITS#160800733 When collecting diag-info by GUI and also in console, the device will reboot.
4. [BUG FIX] eITS#160800621 USG will keep send out "R_U_THERE" even though the DPD is not checked.
5. [BUG FIX] eITS#160800900 Unable to create a new VLAN. [Condition] When clicking the add button, loading screen hangs.
6. [BUG FIX] eITS#160800995, 160800977 Upload firmware with a long filename, it will fail. [Condition] 1. Go to file manager>firmware management 2. Update a firmware with a filename more than length 31 3. Update will fail.
7. [BUG FIX] eITS#160401060 After few days, the mail sessions reach the maximum threshold and Anti-Spam stop working. [Condition] User select drop action of spam SMTP mail in Anti-Spam profile setting.
8. [BUG FIX] eITS#160800622 IDP signature Link has wrong destination. [Condition] On the dashboard, you can click the signature ID on the GUI. The URL is wrong. Click GUI will pop-out https://onesecurity.com/pages/threat_info.php?virusid=1051723&type= policy But should be:
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
105/151
www.zyxel.com
https://onesecurity.zyxel.com/pages/threat_info.php?virusid=1051723&t ype=policy
9. [BUG FIX] eITS#160900521 Firmware 4.20 - Every logged user is able to download "startup-config.conf"
10. [BUG FIX] eITS#160900525 USG110 with CF and Safesearch random reboots
11. [BUG FIX] eITS#160900582 When edit Anti-Virus rule, configuration change not writes correctly.
12. [BUG FIX] eITS#160900560 When edit exist BWM rule, and disable "Maximize Bandwidth Usage" function. It not writes into configuration.
13. [BUG FIX] SPR#160801023 Click "Configuration walk through" and "Troubleshooting" at NAT page, the link will display "Policy Route" information..
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
106/151
www.zyxel.com
Features: V4.20(ABAR.0)C0
Modifications in V4.20(ABAR.0)C0 - 2016/07/20 1. [ENHANCEMENT]
Easy Mode Support: (1) Only for USG40/40W/60/60W, USG20-VPN/20W-VPN
Supported Models USG20-VPN, USG20W-VPN USG40, USG40W USG60, USG60W (2) Initial wizard pop-up when user first login in device under Easy Mode * Please be aware that Easy Mode is another user interface for different user market, it is not light version of Expert Mode. The changes made in Expert Mode may not be visualized correctly in Easy Mode. If you made changes in Expert Mode, we suggest staying in Expert Mode to ensure reliable configuration. 2. [ENHANCEMENT] Content Filter 2.0Support, more features add-on with the current Content Filter license. (1) HTTPS Domain Filter To block HTTPs web sites without deep inspection. Support on all models. (2) SafeSearch Enforcement To enforce safe search for the following search provides: Google, Bing, Yahoo, Yandex *Support on models with SSL inspection, USG110/ZyWALL110 or above. (3) Geo IP blocking Support IPv4/IPv6 geography type address object as the source or destination address of security policy. (4) Content Filter log enhancement; log all web access action with category information. 3. [ENHANCEMENT] Cloud Helper Support: (1) Auto check and show up the firmware download icon on dashboard and the release note information on firmware management page, if a new version is available.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
107/151
www.zyxel.com
(2) Support pause/resume/stop action while running the online firmware download from cloud
* Please note that you have to go to myZyXEL.com to register your device and activate firmware upgrade license and then to proceed the cloud firmware upgrade. 4. [ENHANCEMENT] IPSec VPN enhancement: (1) Route-based IPSec VPN - Static virtual tunnel interface for IPSec site-to-site
VPN (2) Mode-config to assign IP address/DNS server/WINS server settings for IPSec
client (3) IKEv2 VPN wizard (4) IKEv2 configuration provisioning to ZyXEL IPSec Client (5) IKEv2 support for Windows10 5. [ENHANCEMENT] SSL VPN enhancement: (1) Standalone SecuExtender client software for Windows
Please download the new SecuExtender client software from http://vpnclient.zyxel.com (2) SSL VPN login page URL, https://<ip address>/ssl (3) SSL VPN user portal behavior change,
After login SSL VPN user portal, will not force logout even browser doesn't install Java Runtime
After login SSL VPN user portal, will not auto download and install the SecuExtender client from device. Please download the new SecuExtender client software from http://vpnclient.zyxel.com
After login SSL VPN user portal, will not bring up the SecuExtender. Please install and launch the new SecuExtender client on desktop.
6. [ENHANCEMENT] Captive Portal authentication enhancement: (1) Support Multiple Portal (max. 4 portals) (2) Friendly captive portal page for mobile devices (3) User agreement type authentication (4) Support upload user customized captive portal page to USG/ZyWALL Max. 4 customized portal package (.zip) file can be upload
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
108/151
www.zyxel.com
Max. portal package (.zip) file size is 2MB (max. 5MB after unzip) 7. [ENHANCEMENT]
Hotspot enhancement: (1) Hotspot license for USG/ZyWALL advance/extreme series
Support Hotspot Management Models ZyWALL 310/1100 USG310/1100/1900 (2) Features support with Hotspot license Dynamic guest account Billing profiles (Time usage, Traffic usage, Bandwidth limitation) SP350E printer ticketing SMS ticketing with ViaNett Online tickets payment via PayPal Walled Garden IPnP *Not support SP350E printer to connect on network of wan side. *After add SP350E into the management list. The dynamic IP address of printer will auto add into the DHCP reserve IP table. 8. [ENHANCEMENT] Device HA Pro: (1) Licensed feature (2) Only support on ZW110/310/1100, USG110/210/310/1100/1900 Support Device HA Pro Models ZyWALL 110/310/1100 USG110/210/310/1100/1900 (3) Dedicated port for heartbeat/synchronization between active and passive device *The latest copper Ethernet port is the heartbeat port, if enable Device HA pro function (4) Auto negotiation the device role (active or passive) (5) Synchronization information Configuration License status AV/IDP/App signatures, GeoIP database Certificates Customized Captive portal pages zysh script files
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
109/151
www.zyxel.com
Login users information IPv4/IPv6 TCP sessions Static site-to-site IPSec SAs *To avoid configuration conflicts, always make configuration changes on the active device (6)Support firmware auto upgrade to passive device via GUI, FTP, Cloud Helper * To avoid firmware inconsistent, always upgrade firmware from the active device Limitation: Not support with IP/MAC binding feature
If enable MAC Binding interface. After device failover, all the traffic of DHCP clients will be blocked by the active device until renew DHCP IP address. To change from HA Pro mode back to HA mode. Both devices need to reconfigure the HA settings. 9. [ENHANCEMENT] Link Aggregation Group (LAG) interface (1) Only support on the following models Support Link Aggregation Group interface Models ZyWALL 310/1100 USG310/1100/1900 (2) Max. LAG interface: 4; Max. ports in one LAG interface: 4 (3) Link Aggregation Mode support Active-Backup LACP 802.3ad (hash policy support: layer 2, layer 2+3) Balance-ALB (active-active path) 10. [ENHANCEMENT] Web GUI and SSL VPN login support TLS1.2 11. [ENHANCEMENT] SSL Inspection enhancement :(*Support models USG110/ZyWALL110 or above) (1) Support inspect TLS-1.1/TLS-1.2 connection with the following cipher TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (2)Support server downgrade TLS version while negotiation and implementation 12. [ENHANCEMENT]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
110/151
www.zyxel.com
ADP enhancement:
(1) Teardrop Attack detection and block
(2) TCP Fragment detection and block
(3) ICMP Fragment detection and block
(4) IP Address Spoof detection and block
13. [ENHANCEMENT]
Auto sync Time-Zone and Daylight-Saving from ZyXEL cloud server
14. [ENHANCEMENT]
Support L2TP WAN connection type
15. [ENHANCEMENT]
Support send RADIUS accounting data to external server
16. [ENHANCEMENT]
Service redirect for HTTP and SMTP traffic
17. [ENHANCEMENT]
DHCP clients table add leasing expiration time information
18. [ENHANCEMENT]
Add DHCP clients table in daily report
19. [ENHANCEMENT]
ZON utility support update location and system name
20. [ENHANCEMENT]
Extend max. Concurrent SIP calls number
Model USG20-VPN/20W-VPN USG40/40W USG60/60W USG110 /ZyWALL 110 USG210 USG310 / ZyWALL 310 USG1100/ZyWALL 1100 USG1900
Value 50
100
200
21. [ENHANCEMENT] Extend the Max. number of user create PPPoE interface
Model USG210 USG310 / ZyWALL 310 USG1100/ USG1900 / ZyWALL 1100
Value 4 8 8 16 16 32
22. [ENHANCEMENT]
New license: "Concurrent Device Upgrade" for extending the concurrent login
devices.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
111/151
www.zyxel.com
Model USG110/210/ZyWALL 110 USG310/ZyWALL 310 USG1100/ZyWALL 1100 USG1900
Value 200300 (extend by license) 500800 (extend by license) 8001500 (extend by license) 15002000 (extend by license)
23. [ENHANCEMENT]
Feature behavior change:1:1 NAT port settings is hided on GUI
24. [ENHANCEMENT]"Use Static-Dynamic Route to Control 1-1 NAT Route" is
enabled on system default setting.
25. [ENHANCEMENT]BEAST vulnerability mitigation
Support new CLI to disable TLS 1.0,
Router(config)# no ip http secure-server tlsv10
Router(config)# write
26. [BUG FIX] eITS#150700745
The customer is configured the Email Daily Report to send reports on a mail
server that is located behind the IPSec-tunnel. Ping from the device to the
mail server 192.168.5.15 successfully, but reports are not sent.
27. [BUG FIX] eITS#150801051
Top 5 viruses cannot be queried.
[Condition]
1. If clicking the Top 5 virus via dashboard, the URL cannot be
downloaded successfully. It is because the URL is HTTPs. If changing it
to HTTP, the explanation will show up.
28. [BUG FIX] eITS#150300296, 150900099
For eITS#150300296 and 150900099, enlarge the maximum number of the
time period of connectivity check.
Was: The maximum number of the time period of connectivity check
is 600 seconds
Is: The maximum number of the time period of connectivity check is
3600 seconds
29. [BUG FIX] eITS#150701032
Unable to build L2TP VPN. Connect hangs on checking account and is
broken.
30. [BUG FIX] eITS#150900420
Edit the actions of some IDP rules from none to reject-both and save it, the
actions become no instead of reject-both.
[Condition]
The issue can be easily reproduced with the following steps.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
112/151
www.zyxel.com
1. Create new IDP profile. Ex: Use wan base profile
2. Change the actions of some rules from none to reject-both and save
it. Check
these modified rules and user will find the actions are no
instead of reject-both.
3. User needs to change the actions from no to reject-both again and
save it.
31. [BUG FIX] eITS#150900398
After editing BWM rule, the error message pops up. Error Number: -37004 Error
Message: 'System internal error. Internal application error.'
32. [BUG FIX] eITS#150600517
The Web GUI will be slow if edit VPN rule when device has configured 300
VPN connection rules.
[Condition]
There are 300 VPN tunnels. If Enable/Disable with 10 rules in the same time,
the web GUI with hang.(VPN tunnel is not established yet)
33. [BUG FIX] eITS#150800872
ZySH daemon will dead when collect the diag-info file.
[Condition]
When issue happen GUI and console will not feasible to access and
customer can only do power cycle to regain.
34. [BUG FIX] eITS#150901026
USG110 / L2TP fails user login
[Condition]
For the old accounts which were created before upgrading to WK37
firmware, L2TP tunnel can be established successfully; however, created
some accounts after upgrading, L2TP will be failed due to incorrect
username or password.
35. [BUG FIX] eITS#150600519
Solved "tunnel leak" issue when using a DDNS address in peer address.
36. [BUG FIX] eITS#150900987
USG1900 doesn't detect LTE dongle WLTUBA-107
37. [BUG FIX] eITS#150800739, 160400735
USG60W CPU random issue
[Condition]
The customer reported the CPU rate will be high, and the only recovery
way is rebooting the USG. When the issue occurs, LAN users cannot
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
113/151
www.zyxel.com
access internet; however, the LAN users can communicate with each other. 38. [BUG FIX] eITS#151001056 Moscow, Kazan, Volgograd is using GMT+3 (without daylight savings), but in settings of USG it is GMT+4. 39. [BUG FIX] eITS#150901015 After rebooting the USG does not raise PPPoE automatically. The PPPoE could be connected if dial manually, but not automatically. 40. [BUG FIX] eITS#151000924 The error message is wrong when adding wrong format URL in field. [Condition] Enter the complete URL of the site including "http://" on Trusted Web Site column in Content Filter. The pop out message shows "IPv6 subnet in CIDR format error". The URL seems not related to IPv6. 41. [BUG FIX] eITS#150701192 ZyWALL series have IPSec VPN problem [Condition] Cannot establish VPN tunnel with Wlink device; however can connect successfully with downgrade firmware 3.2 on ZyWALL series. 42. [BUG FIX] eITS#150901170 The L2TP tunnel will frequent disconnects. 43. [BUG FIX] eITS#151001230, 151100428 Device reboot time to time 44. [BUG FIX] eITS#150800878 Error IP format still saved into configuration by CLI command 45. [BUG FIX] eITS#150900889 Solved IOP issue with Sophos UTM 9 Release 9.211-3. 46. [BUG FIX] eITS#151100824 PPPoE Dial In issue with Nailed-Up [Condition] To enable nail-up in the PPPoE interface, and pressed disconnect button. Repeating the action around 8-20 times, nail-up will not work. The connection only can be established by press connect manually or reboot the device. 47. [BUG FIX] eITS#151101099
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
114/151
www.zyxel.com
Unable to access the console from web by using Java 8 update 51 or above (any browser). There is no problem with Java 8 update 45 and previous versions. 48. [BUG FIX] eITS#151200212 The DNS query will pass through by local NIC's DNS address.(only happens on Win10) 49. [BUG FIX] eITS#151201300 USG210: Statefull Firewall does not work correctly for DNS over VPN [Condition]
PC-------USG110========[VPN]========USG200 (1)PC's DNS IP is USG110's LAN1 interface. (2)USG110 is establish VPN tunnel with USG200. a. Add a domain zone forward: darkzone.local, IP: USG200's LAN1
interface b.Disable default rule: From: IPSec VPN, To: ZyWALL, Action: allow. ->it means the traffic initiated from USG200 LAN site, the packets will hit
default rule and drop. (3)Add A record on USG200: ap.darkzone.local, IP: LAN subnet. (4)Send DNS query for ap.darkzone.local from PC and cannot get IP
for it. 50. [BUG FIX] eITS#151100310
Not possible delete VPN rules created by L2TP wizard 51. [BUG FIX] eITS#141001045
It shows incorrect expiration date of licenses on the GUI. 52. [BUG FIX] eITS#160100921
USG1100: SSL Inspection signs with SHA1 [Condition]
(1) Access https://www.google.ch without SSL Inspection activated and check the Google certificate == sha256 signed
(2) Activate SSL Inspection on USG1100 Firewall, use self-signed sha256 certificate on USG1100 for SSL Inspection configuration
(3) Access https://www.google.ch with SSL Inspection enabled ... no the Google certificate == sha1 signed 53. [BUG FIX] eITS#160100981 One wrong Russian translation 54. [BUG FIX] eITS#150800874 ZyWALL1100 DHCP relay offer is dropped.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
115/151
www.zyxel.com
[Condition] The DHCP relay for unicast DHCP offer and ack (for apple's device) will be dropped.
55. [BUG FIX] eITS#151100489, 151000326, 151100898 USG Anti-Spam module Threshold flush not possible [Condition] Mails lost. (Mail session reached maximum 200/200 and never going down unless the device reboot)user has to modify the anti-spam behavior to let mail 'Forward' when mail scan reaches maximum in order to avoid mail lost.
56. [BUG FIX] eITS#160101287 The mail server can't receive mail from internet. [Condition] Device response "reached the maximum threshold of 200."
57. [BUG FIX] eITS#160200401, 160200399 SNMP port traffic does not work correctly [Condition] The customer use the network management software named PRTG (based on SNMP) and the port traffic doesn't work correctly. The software will query SNMP to device every 60 seconds; however device will responds there is no traffic but will show the correct value after 5 minutes.
58. [BUG FIX] eITS#160300528 Auto Discovery from Office 365 doesn't work [Condition] When creating a new account in outlook, the auto-discover will fail when any UTM service has enabled.
59. [BUG FIX] eITS#160200111 Route Policy entry in packet flow is wrong [Condition] When creating policy route and set the specific service port in rule. In packet flow will shows incorrect and it will affect the site to site VPN routing.
60. [BUG FIX] eITS#160400165 USG310: ZySH daemon no response [Condition]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
116/151
www.zyxel.com
After upgrade to the firmware to 4.15 patch 2, the ZySH daemon no response after 12.24hr. 61. [BUG FIX] eITS#150800388, 150800459 Proxy Cap SSH connection through USG [Condition] SSH daemon TCP forwarding does not work. 62. [BUG FIX] eITS#160101023 Traffic drop during the Device-HA synchronization [Condition] The RDP and cloud AP will disconnect during the Device-HA synchronization. 63. [BUG FIX] eITS#160200257 Remove the "DONT FRAGMENT BIT" from IP header of IKE packet for the MTU issue. 64. [BUG FIX] eITS#160400549 Device-HA sync failed 65. [BUG FIX] eITS#160500683 Enhance DPD timer in IPSec PM and fix DPD handshaking twice issue. 66. [BUG FIX] eITS#160601226 Memory leakage 67. [BUG FIX] eITS#160200037 iOS client logout when trigger rekey. [Condition] (1) Setup a ikev2 VPN rule.
IKE: AES256, SHA256, DH14 IPSec: AES256, SHA256 (2) Use iOS 9.3 to connect to DUT. (3) After 480 seconds, iOS rekey and then user logout. 68. [BUG FIX] eITS#160300715 When CF is active no http/https traffic possible
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
117/151
www.zyxel.com
Features: V4.15(ABAR.3)C0
Modifications in V4.15(ABAR.3)C0 - 2016/07/06 1. [BUG FIX] eITS#160601199
Device can't update license successfully
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
118/151
www.zyxel.com
Features: V4.15(ABAR.2)C0
Modifications in V4.15(ABAR.2)C0 - 2016/03/17 1. [ENHANCEMENT]APC 1.97
Support new AP model WAC6103D-I NWA5123-AC 2. [BUG FIX] eITS#160101036 The AP images update incomplete randomly
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
119/151
www.zyxel.com
Features: V4.15(ABAR.1)C0
Modifications in V4.15(ABAR.1)C0 - 2016/02/24 1. [ENHANCEMENT]Patch for Vulnerability CVE-2015-7547.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
120/151
www.zyxel.com
Features: V4.15(ABAR.0)C0
Modifications in V4.15(ABAR.0)C0 - 2015/12/31
1. [ENHANCEMENT]AP Firmware Cloud Update
2. [ENHANCEMENT]Force users to change password
3. [ENHANCEMENT]APC 1.95
Support new AP model WAC6502D-E WAC6502D-S WAC6503D-S WAC6553D-E NWA5301-NJ
4. [ENHANCEMENT]Support generating SHA2 Certificate
5. [ENHANCEMENT]One Security Icon
6. [ENHANCEMENT]IPSec VPN Rule Number Parameters Change
Model USG40/40W USG60/60W
IPSec VPN Rule Number 20 40
7. [ENHANCEMENT]Max number of control AP Change
Model USG40/40W/60/60W USG110/ZW110/USG210/ZW310/USG310 ZW1100/USG1100/USG1900
Max number of control AP 18 34 66
8. [BUG FIX] eITS#150701258
The customer configured wan1_ppp. In Ethernet wan1, he configured
static IP with 0.0.0.0. (The modem issues IP 192.168.1.0/24, so he configures
static IP as 0.0.0.0.)However, it shows 192.168.4.1 on the dashboard.
9. [BUG FIX] eITS#150701098
When added external group user(RADIUS), and using space in group
identifier, it will caused RADIUS daemon dead per 3 mins,
10. [BUG FIX] eITS#150700521
The customer found out that the PPPoE is not able to connect while there's
specific combination of characters in username ($ and @)
11. [BUG FIX] eITS#150700453
Incorrect sorting in MONITORUTM StatisticsIDPOccurrence.
12. [BUG FIX] eITS#150700327
If the DNS server of LAN PC is pointed to USG, the URL cannot be resolved.
Via the console, the named is not existed.
13. [BUG FIX] eITS#150601043, 150701260
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
121/151
www.zyxel.com
Device HA status will keep Active-Fault-Active-Fault. [Condition]
After enabling Device-HA, the VLAN client cannot pint to USG, and the Device-HA status is not stable. 14. [BUG FIX] eITS#150600669, 150601080 Internal server error after attempts to log in to device web GUI. 15. [BUG FIX] eITS#150600524 When Device HA activated. The Backup device syncs with Master device, the backup device will establishing VPN tunnel with remote site by management IP address. 16. [BUG FIX] eITS#150600517 There are over 300 VPN rule in configuration. When configuring rule, the device will hanging. 17. [BUG FIX] eITS#150600437 Deactivate VLAN interface before activate Device HA function. Then enable Device HA function. the PC still get IP address from VLAN interface again. 18. [BUG FIX] eITS#150600368 The daily-report can't send success to specific ISP. Our SMTP TLS by default will use STARTTLS but Swisscom does not support STARTTLS. 19. [BUG FIX] eITS#150600248 USG100: DHCP Daemon crash. Configure virtual service IP address on wrong Incoming interface let dhcp dead. To check IP address are Incoming interface subnet. 20. [BUG FIX] eITS#150600243 Enhance the speed when switching the page between Application object and Application group. (this has been enhanced with DF 411AAKZ2ITSWK28-2015-08-04-150600243.rar) 21. [BUG FIX] eITS#150600067 USG100 dhcp server size > 254When configure DHCP server, to check each Interface to alert overlap Error. 22. [BUG FIX] eITS#150501127 USG110 interface status while using trunk is wrong even though the connection is down, the wan1_ppp interface still shows alive. 23. [BUG FIX] eITS#150500830, 150701013 When user login/logout from GUI, device will deletes exist TCP session. 24. [BUG FIX] eITS#150500671
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
122/151
www.zyxel.com
The device work fine for few days, but when symptom happening the device can't access to internet any more.(needs reboot device to recover it) 25. [BUG FIX] eITS#150500646 Enabled SSL inspection function on the device, and work perfect with few days. When symptom happening, the HTTPs page will became very slower until can't open any more. The symptom needs boot to resolve this situation. 26. [BUG FIX] eITS#150300227 When authentication with WPA2-Enterprice to authentication with802.1X, the client can't authentication success. 27. [BUG FIX] eITS#150200529 DHCPv6 DIUD length is too short compare to RFC definition. 28. [BUG FIX] eITS#150200167 Ping virtual interface successfully even if the virtual interface is deleted. 29. [BUG FIX] eITS#150200142 USG110 WPA2-enterprise for controlled ap not working when using ad as aaa-server. 30. [BUG FIX] eITS#150100917 SNMP MIBs ifOperStatus and ifSpeed incorrect for port-grouping interface. 31. [BUG FIX] eITS#140900194 When enable Anti-spam, client can't receive the mail. [Condition]
Disable zypktorder duplicated ACK send when AS mail inspection stage. (USG60 - Cannot get mails from external Mail server through USG)
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
123/151
www.zyxel.com
Features: V4.13(ABAR.1)C0
Modifications in V4.13(ABAR.1)C0 - 2015/08/30 1. [BUGFIX]
Some objects cannot be correctly added or removed by CloudCNM.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
124/151
www.zyxel.com
Features: V4.13(ABAR.0)C0
Modifications in V4.13(ABAR.0)C0 - 2015/08/15 1. [ENHANCEMENT]
Management Feature Enhancement: 1. Support CloudCNM, a cloud-based network management system. 4.13 CloudCNM feature support includes: Batch import of managed devices at one time using one CSV file See an overview of all managed devices and system information in one place Monitor and manage devices Install firmware to multiple devices of the same model at one time Backup and restore device configuration View the location of managed devices on a map Receive notification for events and alarms, such as when a device goes down Graphically monitor individual devices and see related statistics Directly access a device for remote configuration Create four types of administrators with different privileges Perform Site-to-Site, Hub & Spoke, Fully-meshed and Remote Access VPN provisioning. 2. Support Russian Language 3. VPN MIB Support:eITS#150317956 SNMP VPN status MIBs. The VPN status MIB is a MIB table containing the following
information: Connection name VPN gateway IP version Active status Connected status. Followings are the example of snmpwalk for the added MIBs; VPN status MIB table: 1.3.6.1.4.1.890.1.6.22.2.4.1.1.1 = INTEGER: 1 --> table index 1.3.6.1.4.1.890.1.6.22.2.4.1.1.2 = INTEGER: 2 1.3.6.1.4.1.890.1.6.22.2.4.1.1.3 = INTEGER: 3 1.3.6.1.4.1.890.1.6.22.2.4.1.2.1 = STRING: "vpnconn1" --> name
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
125/151
www.zyxel.com
1.3.6.1.4.1.890.1.6.22.2.4.1.2.2 = STRING: "vpnconn2" 1.3.6.1.4.1.890.1.6.22.2.4.1.2.3 = STRING: "vpn6conn1" 1.3.6.1.4.1.890.1.6.22.2.4.1.3.1 = STRING: "usg110_1" --> gateway 1.3.6.1.4.1.890.1.6.22.2.4.1.3.2 = STRING: "usg110_1" 1.3.6.1.4.1.890.1.6.22.2.4.1.3.3 = STRING: "vpn6_1" 1.3.6.1.4.1.890.1.6.22.2.4.1.4.1 = STRING: "IPv4" --> IP version 1.3.6.1.4.1.890.1.6.22.2.4.1.4.2 = STRING: "IPv4" 1.3.6.1.4.1.890.1.6.22.2.4.1.4.3 = STRING: "IPv6" 1.3.6.1.4.1.890.1.6.22.2.4.1.5.1 = INTEGER: 0 --> active status 1.3.6.1.4.1.890.1.6.22.2.4.1.5.2 = INTEGER: 1 1.3.6.1.4.1.890.1.6.22.2.4.1.5.3 = INTEGER: 1 1.3.6.1.4.1.890.1.6.22.2.4.1.6.1 = INTEGER: 0 --> connected status 1.3.6.1.4.1.890.1.6.22.2.4.1.6.2 = INTEGER: 0 1.3.6.1.4.1.890.1.6.22.2.4.1.6.3 = INTEGER: 0 VPN connection counter MIBs. The VPN connection counter MIB is a MIB group containing: Total VPN connection configured Number of activated connection Number of connected connection Number of disconnected connection Followings are the example of snmpwalk for the added MIBs; VPN connection counters: 1.3.6.1.4.1.890.1.6.22.2.5.1.0 = Counter32: 3 --> Total connection
configured 1.3.6.1.4.1.890.1.6.22.2.5.2.0 = Counter32: 2 --> Number of active
connection 1.3.6.1.4.1.890.1.6.22.2.5.3.0 = Counter32: 0 --> Number of
connected connection 1.3.6.1.4.1.890.1.6.22.2.5.4.0 = Counter32: 2 --> Number of
disconnected connection MIB table for VPN SA monitor The new OID is 1.3.6.1.4.1.890.1.6.22.2.6. The MIB table contains the following columns: 1.3.6.1.4.1.890.1.6.22.2.6.1.1 --> VPN connection index 1.3.6.1.4.1.890.1.6.22.2.6.1.2 --> VPN connection name 1.3.6.1.4.1.890.1.6.22.2.6.1.3 --> VPN connection policy 1.3.6.1.4.1.890.1.6.22.2.6.1.4 --> VPN connection uptime
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
126/151
www.zyxel.com
1.3.6.1.4.1.890.1.6.22.2.6.1.5 --> VPN connection timeout
1.3.6.1.4.1.890.1.6.22.2.6.1.6 --> Number of in-bound packets for
the connection
1.3.6.1.4.1.890.1.6.22.2.6.1.7 --> Number of in-bound octets for the
connection
1.3.6.1.4.1.890.1.6.22.2.6.1.8 --> Number of out-bound packets for
the connection
1.3.6.1.4.1.890.1.6.22.2.6.1.9 --> Number of out-bound octets for
the connection
4. Support license refresh immediately while device-ha backup device
become active.
5. Add pre-defined configuration (or pre-defined UTM profile) by default.
6. Offering DHCP option 138 has been disabled by default.
2. [ENHANCEMENT]
Connectivity Feature Enhancement:
1. Support RPS(Receive Packet Steering) to ensure that packets for the
same stream of data are sent to the same CPU, which could help to
increase performance in a congest(low bandwidth or high latency)
network environment, eITS#150200442, 150200636.
2. We enlarge static DHCP host pool from 512 to 1024 for ZyWALL 1100,
USG1100, and USG1900, eITS#150100773
3. Adjust Spec for SSLVPN Connections
Model
USG40/40W USG60/60W USG110 USG210 USG310 USG1100 USG1900 ZyWALL 110 ZyWALL 310 ZyWALL 1100
Default SSLVPN Connections 5 5 25 35 50 250 250 25 50 250
Maximum SSLVPN Connections 15 20 150 150 150 500 750 150 150 500
3. [ENHANCEMENT]
Security Feature Enhancement:
1. ADP engine and IDP engine upgrade to support more social
networking application behavior, such as FACEBOOK like, FACEBOOK
share...etc.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
127/151
www.zyxel.com
4. [ENHANCEMENT] eITS#150200756 UDP session timeout value can be configured up to 28800 seconds.
5. [ENHANCEMENT] Patches for CVE-2015-0204, FREAK: OpenSSL vulnerability.
6. [ENHANCEMENT] Patches for CVE-2015-4000, Logjam: TLS vulnerabilities (CVE-2015-4000).
7. [ENHANCEMENT] Patches for vulnerability of HTTP authentication module which may cause USG behave as an open proxy to proxy HTTP request from external clients to internal servers.
8. [ENHANCEMENT] Add CLI "no ipicmp-redirects" command to disable ICMP redirects manually.
9. [BUG FIX] eITS#150317956 [OID]OID formats are different between USG40W and USG1900. [Condition] MIBs...1.3.6.1.4.1.890.1.15.3.1.6.0..... USG40W: V4.11(AALB.0)/1.01 | Aug 28 2013 14:19:07/2015-03-13 06:53:46 USG1900: V4.11(AAPL.0)/1.10/2015-03-13 01:27:44
10. [BUG FIX] eITS#150301008, 150701094 DNS Security configuration can't change. [Condition] 1. Go to Configuration > System > DNS > Click Show Advanced Settings > Security Option Control > Edit default profile e.g. Query Recursion deny > Click OK button 2. You will find the OK button no function.
11. [BUG FIX] eITS#150300062 If adding radius server into auth. method, L2TP cannot be established successfully. [Condition] 1. Go to Configuration > Object > AAA Server > RADIUS. 2. Set Server address: R1.domain.tw 3. Set Backup Server address: R2.domain.tw (PS. R1.domain.tw and R2.domain.tw need result same ip address) 4. Radiusd daemon couldn't bring on fail.
12. [BUG FIX] eITS#150300789 Combo-box show field is in wrong location. [Condition]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
128/151
www.zyxel.com
1. In the settings of WLAN-interface, the input fields "802.11 band" and "Channel" are incorrectly positioned.
2. The problem occurs only in the browser IE 11 13. [BUG FIX] eITS#150300851
Limited admin user fails to view click diagnostic page [Condition]
1. Add a limited admin account 2. Login by limited admin 3. Go to Maintenance > Diagnostic 4. You will find USG GUI no response 14. [BUG FIX] eITS#150300910, 150400430 DHCP Relay may not work in Device HA environment. [Condition] When master device change status from fault state to active state, the DHCP relay function may not work. 15. [BUG FIX] eITS#150400012, 150200484, 150500302, 150600123, 150301005, 150501020, 150301061 In some cases, apply configuration will fail and cause zyshd dead. This may occur during the firmware upgrade progress or manually apply configuration. 16. [BUG FIX] eITS#150400115 [SSO][Authentication]Without SSO enabled, user can be correctly authenticated and associated with the AD-group "Internet Users". However, with SSO enabled, the user from the AD-group "Internet Users" always appears only in the group of "ext-user (ad-users)". 17. [BUG FIX] eITS#150301062 VLAN Packets can still be sent out even the base interface is disabled. 18. [BUG FIX] eITS#150300850 Configure many static DHCP address up to maximum, the CLI command may not correctly be configured and cause "incomplete entry" error each time DUT reboot. 19. [BUG FIX] eITS#150401185 In USG310, 1100, 1900, ZyWALL 310, 1100, it will show error message when configuring the port negotiation type on port 8. 20. [BUG FIX] eITS#150400882 When trying to sort the table (Hits) of "Top 5 Viruses" and "Top 5 Intrusions" in Dashboard by descending/ascending, sorting is only by the first digit. 21. [BUG FIX] eITS#150500769
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
129/151
www.zyxel.com
Unable to edit application object page if it contains "," character. 22. [BUG FIX] eITS#150300799, 150400336, 150401001, 150401067, 150401143,
150200666 SSO does not work correctly sometimes.
23. [BUG FIX] eITS#150300240 Unable to open IDP signature name to see the description in MONITOR > UTM Statistics > IDP
24. [BUG FIX] eITS#150200331 Fix unexpected reboot related to packet processing.
25. [BUG FIX] eITS#140900194, 150600194, 150600840 In some cases, user cannot get mails from external mail server through USG.
26. [BUG FIX] eITS#150200355 When we set speed on port1, the traffic doesn't work and show some abnormal message.
27. [BUG FIX] eITS#150600082 The CF report in monitoring page and report server record not match.
28. [BUG FIX] eITS#150600688 In some cases, DUT will crash when trying to establish L2TP.
29. [BUG FIX] eITS#150501015 In some cases, enable connectivity check in policy route rules may cause zyshd daemon dead.
30. [BUG FIX] eITS#150600137 In some cases, AV signature cannot be successfully updated.
31. [BUG FIX] eITS#150700094 Self-Signed DSA certificate can be created but cannot show on the GUI.
32. [BUG FIX] eITS#150300324 In USG110, USG210 and ZyWALL 110, DUT will become pure switch in a short period during booting process. When external AP and USG reboot at the same time, there might have possibility that AP will acquire IP address from outer DHCP server instead of DUT LAN DHCP server.
33. [BUG FIX] eITS#150600585 Wrong German translation, "Intra-BSS-Verkehraktivieren" should be corrected to "Intra-BSS-Verkehrblockieren"
34. [BUG FIX] eITS#150200663, 150500327 Some mails with attached files transferred from WAN to LAN cannot be received while Anti-Spam enabled.
35. [BUG FIX] eITS#150100252, 150200029, 150200072, 150300445
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
130/151
www.zyxel.com
TFTP over IPSec cannot work well in the following topology.
TFTP
Server---------USG40/60=======VPNtunnel========USG20------TFTP
Client
36. [BUG FIX] eITS#150100898
After Device HA fallback to Master, IP on VLAN interface become 0.0.0.0.
37. [BUG FIX] eITS#150500371
3G dongle E372 cannot work well in ZLD 4.11 Firmware.
38. [BUG FIX] eITS#150200205
Some session will hit wrong BWM rules with application service type and
application object is not any.
39. [BUG FIX] eITS#150200080
ZyXEL VPN Client cannot establish VPN tunnel when using DUT default
certificate to do IKE authentication.
40. [BUG FIX] eITS#141200576
Fix the issue that 'Disconnect Connections Before Falling Back' cannot work.
41. [BUG FIX] eITS#140800138
When setting Email Daily Report, strange log "msg="/USR/SBIN/CRON: (root)
MAIL (mailed 369 bytes of output but got status 0x0001)" will dump in system
log.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
131/151
www.zyxel.com
Features: V4.11(ABAR.2)C0
Modifications in V4.11(ABAR.2)C0 - 2015/04/28 1. [BUG FIX] eITS#150400012
Apply configuration which has SSID "VLAN Support" may causes zyshd daemon dead and device cannot be managed any more. User must reset device to default for recovery.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
132/151
www.zyxel.com
Features: V4.11(ABAR.1)C0
Modifications in V4.11(ABAR.1)C0 - 2015/04/21 1. [BUG FIX] eITS#150301160
Content Filter doesn't work at all after 4.11 upgrade. 2. [BUG FIX] eITS#150200801
Radius daemon will fail to launch if the radius server (in AAA server) is configured with domain name and DNS is not ready during device boot-up. 3. [BUG FIX] eITS#150301005 When SSID "VLAN Support" has been enabled, device will fail to load start-up config after reboot. User must reset device to default for recovery.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
133/151
www.zyxel.com
Features: V4.11(ABAR.0)C0
Modifications in V4.11(ABAR.0)C0 - 2015/03/12 1. [ENHANCEMENT]
Management feature enhancement: 1. ZON Utility Support (Device Discovery, Change Admin Password, Firmware Upgrade, Reboot Device, Web GUI Link) 2. Smart Connect Support (Device Discovery, Web GUI Link)
2. [ENHANCEMENT] Connectivity feature enhancement: 1. AP Controller Technology 1.9 2. LTE dongle support 3. VLAN 802.1P marking support
3. [ENHANCEMENT] Security feature enhancement: 1. Antivirus white/black list 2. Support ADP scan IPv6 traffic 3. ADP block time period 4. DNS security option control 5. SNMPv3 6. Add Reject Option in Security Policy 7. Add AV EICAR Detect Option 8. Add Action for untrusted cert chain of SSL Inspection 9. SSL Inspection certificate support cloud update. 10. UTM Performance Tuning #eITS141100375, 150100136, 150100251, 150200495
4. [ENHANCEMENT] Usability enhancement 1. Wireless Initial Installation Wizard 2. Network Diagnostic tools on GUI 3. Security Policy Rules Filter & Clone 4. UTM Profile Viewer 5. Policy Route Rule Filter 6. NAT rule support service group 7. Dual image enhancement 8. Multi-Lingual GUI
5. [ENHANCEMENT]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
134/151
www.zyxel.com
VPN Feature Enhancement: 1. L2TP/IPSec behind NAT.
6. [ENHANCEMENT] eITS#141100032 Certificate support space character in the following field: Organizational Unit, Organization, Town, State (Province), Country.
7. [ENHANCEMENT] eITS#141000153 Support GUI check box "Use Static-Dynamic Route to Control 1-1 NAT Route" to change routing order. Static-Dynamic Route has higher priority to 1-1 NAT Route when it is enabled.
8. [ENHANCEMENT] Patches for CVE-2015-0235, GHOST Vulnerability of glibc.
9. [FEATURE CHANGE]SPR#141007503 AP Controller default configuration changed from "Always Accept" to "Manual" setting.
10. [FEATURE CHANGE] WAS: AV, CF, AS black and white list and IDP custom signature DO NOT work without license. IS: AV, CF, AS black and white list and IDP custom signature DO work even without license.
11. [FEATURE CHANGE] Enlarge Log Entry Size by each model WAS: For USG110/210/310/ and ZyWALL110/310: 512 For USG1100/1900 and ZyWALL 1100: 512 IS: For USG110/210/310/ and ZyWALL110/310: 1024 For USG1100/1900 and ZyWALL 1100: 2048 USG40/40W/60/60W keep log entry size as 512.
12. [BUG FIX]eITS#150200052 Dynu DDNS cannot work
13. [BUG FIX] eITS#150100468, 140900136 Not connected to zyshd daemon due to deadlock by sshipsecpm connectivity check.
14. [BUG FIX] eITS#141200823 DUT cannot connect to SSO agent and output CLI command as below:
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
135/151
www.zyxel.com
Router# show sso agent status % connect failed % SSO: domain socket fial!
ZySSO Primary Agent: offline ZySSO Secondary Agent: offline 15. [BUG FIX] eITS#150100588 Apply configuration failed in the following steps:
1. reset the device back to default 2. Modify the WWW HTTPs port from 443 to 447, and some NAT and policy
route rules. 3. Download the startup.conf which with HTTPs port as 447. 4. Change the startup.conf name as test_www and upload it. 5. Apply test_wwwconfig. 6. After device boot up, the device will fall back to default. 16. [BUG FIX] eITS#141100503 Strange behavior when ZyWALL is in DNS proxy role. [Condition] 1. Add zone forwarder 8.8.8.8 for zone * via WAN interface 2. Add A-record for domain ftp.zanolari.net, IP 192.168.200.3 3. On PC, pingwww.zanolari.net 4. Run CLI 'show ipdns server cache' and check www.zanolari.net is in DNS cache 5. Capture packets on device for WAN interface and port 53 (DNS) 6. On PC, run command 'ipconfig /flushdns' to flush DNS cache on PC, and then ping www.zanolari.net again 7. From captured packets you will find device sends DNS query for www.zanolari.net even if it is found in device's DNS cache. 17. [BUG FIX] eITS#141200186, 150100084 After enabling AS, the throughput is low. 18. [BUG FIX] eITS#141200341, 141200033 Move the log "App ID has been changed from 83886594 to 83886855" to debug log. 19. [BUG FIX] eITS#141001029 User cannot be configured in security policy rule with zone to zone rule from WAN to ZyWALL. 20. [BUG FIX] eITS#141100574 After rebooting, WAN gateway will disappear.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
136/151
www.zyxel.com
21. [BUG FIX] eITS#141100745 Device's management IP cannot be reachable while Device HA status changed.
22. [BUG FIX] eITS#141000415 The tunnel shows to be up in VPN Connections in both sides. However, no traffic can pass the tunnel and the log shows IPSec error with "no rule found, Dropping ESP packet".
23. [BUG FIX] eITS#141100945 Device HA failed to synchronize backup device with master device.
24. [BUG FIX] eITS#141200132 The IP pool size cannot be varied with the changing of IP pool start address on GUI. [Condition] 1. Default "IP Address" is 192.168.1.1 and "IP Pool Start Address" is 192.168.1.33. The maximum pool size value is 223. 2. Change the "IP Pool Start Address" to 192.168.1.60, the pool size should be 196 but it is still 223.
25. [BUG FIX] eITS#141100753 Signature release date didn't display based on different time zone.
26. [BUG FIX] eITS#141100849 Changing the firewall rule to deny traffic to ZyWALL but not take effect immediately.
27. [BUG FIX] eITS#141100177 Building IPSec VPN tunnel with FortiGate, VPN tunnel cannot build after rekeying.
28. [BUG FIX] eITS#140800319 Download files may get stuck when UTM is activated.
29. [BUG FIX] eITS#141100097 Validation result of my certificate is failed.
30. [BUG FIX] eITS#141100402 Packets are sending out in the wrong interface.
31. [BUG FIX] eITS#141001052 Device has wrong or missing DNS cache record.
32. [BUG FIX] eITS#141000951 When using for SHA256 as intermediate certificate, the certificate path will shows "incomplete path".
33. [BUG FIX] eITS#141000870, 141100240
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
137/151
www.zyxel.com
Rename a zone which has been used in Policy Control Rules will cause the zone field of these policy control rules cannot be changed or modified to other zones. 34. [BUG FIX] eITS#140900955 [RIP]When setting RIP redistribute OSPF as metric=3, reboot DUT will show error message and cause applying startup configuration failed. 35. [BUG FIX] eITS#140926122 [DHCPv6] When LAN interface set DHCPv6 client, it cannot send NS Packet. 36. [BUG FIX] eITS#140900251, SPR#140922847 [File Manager]Rename configuration file to 64 characters will fail with wrong CLI command. 37. [BUG FIX] eITS#141000516 [File Manager]Trying to download a file from download.microsoft.com or using the windows update service, in USG logs, IDP blocks the access 38. [BUG FIX] eITS#140900051 Route packets from a bridge interface according to the NAT result. 39. [BUG FIX] eITS#140900272 Ge3 is configured as IP/MAC binding enabled. Disable interface any one of ge4 ~ ge8. The DHCP client of ge3 is unable to ping the default gateway anymore. 40. [BUG FIX] eITS#141100569 [Interface]Routing didn't change even connective check failed. 41. [BUG FIX] eITS#150100603 IPSec VPN daemon causes high memory usage(99%).
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
138/151
www.zyxel.com
Features: V4.10(ABAR.2)C0
Modifications in V4.10(ABAR.2)C0 - 2014/12/03 1. [ENHANCEMENT]eITS#140600094
Update driver to fix IOP issue with GenexisFiberXport device. 2. [ENHANCEMENT]
Add CLI to show the mapping for internal and external interface. CLI: "debug interface show mapping" 3. [ENHANCEMENT]eITS#141000162 Change log format as following: Before:
category="ipsec" level="error" src="" dst="" msg="Failed to send packet, err=N"N: 1 or 2 After: category="ipsec" level="debug" src="<source and port of packet>" dst="<destination and port of packet>" msg="Packet(PROTOCOL) cannot be sent, reason: REASON" PROTOCOL: ESP/AH/TCP/UDP/Unknown(protocol number) REASON: System dropped/Network congestion/Traffic control dropped 4. [ENHANCEMENT] Update bash binary for shellshock bash vulnerability issue 5. [ENHANCEMENT] eITS#140900846 Support Huawei E303 USB 3G dongle with version 22.318.27.00.00 6. [ENHANCEMENT] Add SNMP VPN status and connection counter MIBs. The VPN status MIB is a MIB table containing the following information: Connection name, VPN gateway, IP version, active status, and connected status. The VPN connection counter is a MIB group containing: Total VPN connection configured, number of activated connection, number of connected connection, and number disconnected connection. Followings are the example of snmpwalk for the added MIBs; VPN status MIB table:
1.3.6.1.4.1.890.1.6.22.2.4.1.1.1 = INTEGER: 1 --> table index 1.3.6.1.4.1.890.1.6.22.2.4.1.1.2 = INTEGER: 2 1.3.6.1.4.1.890.1.6.22.2.4.1.1.3 = INTEGER: 3 1.3.6.1.4.1.890.1.6.22.2.4.1.2.1 = STRING: ""vpnconn1"" --> name
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
139/151
www.zyxel.com
1.3.6.1.4.1.890.1.6.22.2.4.1.2.2 = STRING: ""vpnconn2"" 1.3.6.1.4.1.890.1.6.22.2.4.1.2.3 = STRING: ""vpn6conn1"" 1.3.6.1.4.1.890.1.6.22.2.4.1.3.1 = STRING: ""usg110_1"" --> gateway 1.3.6.1.4.1.890.1.6.22.2.4.1.3.2 = STRING: ""usg110_1"" 1.3.6.1.4.1.890.1.6.22.2.4.1.3.3 = STRING: ""vpn6_1"" 1.3.6.1.4.1.890.1.6.22.2.4.1.4.1 = STRING: ""IPv4"" --> IP version 1.3.6.1.4.1.890.1.6.22.2.4.1.4.2 = STRING: ""IPv4"" 1.3.6.1.4.1.890.1.6.22.2.4.1.4.3 = STRING: ""IPv6"" 1.3.6.1.4.1.890.1.6.22.2.4.1.5.1 = INTEGER: 0 --> active status 1.3.6.1.4.1.890.1.6.22.2.4.1.5.2 = INTEGER: 1 1.3.6.1.4.1.890.1.6.22.2.4.1.5.3 = INTEGER: 1 1.3.6.1.4.1.890.1.6.22.2.4.1.6.1 = INTEGER: 0 --> connected status 1.3.6.1.4.1.890.1.6.22.2.4.1.6.2 = INTEGER: 0 1.3.6.1.4.1.890.1.6.22.2.4.1.6.3 = INTEGER: 0 VPN connection counters: 1.3.6.1.4.1.890.1.6.22.2.5.1.0 = Counter32: 3 --> total connection configured 1.3.6.1.4.1.890.1.6.22.2.5.2.0 = Counter32: 2 --> number of active connection 1.3.6.1.4.1.890.1.6.22.2.5.3.0 = Counter32: 0 --> number of connected connection 1.3.6.1.4.1.890.1.6.22.2.5.4.0 = Counter32: 2 --> number of disconnected connection The number of disconnected connection is equal to the number of active connection minus the number of connected connection" 7. [ENHANCEMENT] eITS#140800801, 141000157 Improve SMB performance 8. [ENHANCEMENT] eITS#141000576 PPTP ALG support server in LAN scenario 9. [ENHANCEMENT] Add an interface at GUI to setting SSL Inspection policy for untrusted certificate chain 10. [ENHANCEMENT] Single Sign-on support authentication failover to web authentication. Note: With SSO Agent 1.0.4 or above. [Condition]
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
140/151
www.zyxel.com
When enable both Single Sign-on and Force User Authentication in web authentication policy. Once the Single Sign-On authentication fail, user will be redirect to web authentication login page as second authentication method. 11. [FEATURE CHANGE]eITS#141000788 Turn off SSLV3 support in build-in service(HTTPs) by default due to Poodle vulnerability issue 12. [FEATURE CHANGE]eITS#141000154 WAS: The columns "IKE Name" and "Cookies" showed on VPN Monitor IS: The columns "IKE Name" and "Cookies" are hidden on VPN Monitor by default. 13. [FEATURE CHANGE] WAS: WLAN bind with lan1 by default IS: WLAN bind with lan2 by default 14. [FEATURE CHANGE] WAS:
Log entry is 256 IS:
Log entry is 512 PS: For ZyWALL 310 and USG310 only 15. [FEATURE CHANGE] WAS:
IKE packet can be sent from any interface by routing even the packet's source IP doesn't match to the outgoing interface. IS: The IKE packet can only be sent from the interface bound the same IP with the packet's source IP. The above feature may cause some scenario of VPN establishment not work. Please refer to KB: http://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=014363 &lang=EN 16. [BUG FIX] eITS#140900194 User cannot get mail from external mail server through USG due to duplicate ACK packet. 17. [BUG FIX] eITS#140800834 USG with wrong CEF syslog format 18. [BUG FIX] eITS#140800642 Device HA status not changed when monitored interface IP changed
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
141/151
www.zyxel.com
19. [BUG FIX] eITS#141000158 SSLVPN reverse proxy RDP cannot work
20. [BUG FIX] eITS#140900380 USG1100 / L2TP can't login user and with crazy log message
21. [BUG FIX] eITS#141000460, 141000461, 141000462 Static ARP entry will gone if enabling device HA
22. [BUG FIX] eITS#141000171 USG bootup makes switch function("Loop Guard") blocking port
23. [BUG FIX] eITS#141000157 False alarm in CAPWAP protocol in ADP engine
24. [BUG FIX] eITS#141000155 IKE packet sent at wrong interface and wrong IP
25. [BUG FIX] eITS#141000458 DHCP will clear static ARP entry after send DHCP ACK
26. [BUG FIX] eITS#141001108 USG110 cannot load Firmware if USB memory stick connected
27. [BUG FIX] eITS#140800642, SPR#140714684, 140804120, 141103007 ZyWALL 1100 - VPN connect fail and hang
28. [BUG FIX] eITS#140700610, 141000163, SPR#140909287 After device boot up, the log will show that the DHCP packets have been dropped by default firewall rule. However, WAN interface still gets the IP address from DHCP server.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
142/151
www.zyxel.com
Features: V4.10(ABAR.1)C0
Modifications in V4.10(ABAR.1)C0 - 2014/10/01 Release for manufacturing
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
143/151
www.zyxel.com
Features: V4.10(ABAR.0)C0
Modifications in V4.10(ABAR.0)C0 - 2014/08/22 First release
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
144/151
www.zyxel.com
Appendix 1.Firmware upgrade / downgrade procedure
The following is the firmware upgrade procedure:
1. If user did not backup the configuration file before firmware upgrade, please follow the procedures below: Use Browser to login into ZyWALL/USG as administrator. Click Maintenance > File Manager > Configuration File to open the Configuration File Screen. Use the Configuration File screen to backup current configuration file. Find firmware at www.zyxel.com in a file that (usually) uses the system model name with a .bin extension, for example, "537ABAR2C0.bin". Click Maintenance > File Manager > Firmware Package to open the Firmware Package Screen. Browser to the location of firmware package and then click Upload. The ZyWALL/USG automatically reboots after a successful upload. After several minutes, the system is successfully upgraded to newest version.
The following is the firmware downgrade procedure:
1. If user has already backup the configuration file before firmware upgrade, please follow the procedures below: Use Console/Telnet/SSH to login into ZyWALL/USG. Router>enable\ Router#configure terminal Router(config)#setenv-startup stop-on-error off Router(config)#write Load the older firmware to ZyWALL/USG using standard firmware upload procedure. After system uploads and boot-up successfully, login into ZyWALL/USG via GUI. Go to GUI "File Manager" menu, select the backup configuration filename, for example, statup-config-backup.conf and press "Apply" button. After several minutes, the system is successfully downgraded to older version.
2. If user did not backup the configuration file before firmware upgrade, please follow the procedures below: Use Console/Telnet/SSH to login into ZyWALL/USG. Router>enable Router#configure terminal Router(config)#setenv-startup stop-on-error off Router(config)#write Load the older firmware to ZyWALL/USG using standard firmware upload procedure.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
145/151
www.zyxel.com
After system upload and boot-up successfully, login into ZyWALL/USG via Console/Telnet/SSH.
Router>enable Router#write
Now the system is successfully downgraded to older version. Note: ZyWALL/USG might lose some configuration settings during this downgrade procedure. It is caused by configuration conflict between older and newer firmware version. If this situation happens, user needs to configure these settings again.
Appendix 2. SNMPv2 private MIBS support
SNMPv2 private MIBs provides user to monitor ZyWALL/USG platform status. If user wants to use this feature, you must prepare the following step:
1. Have ZyWALL/USG mib files(537ABAR2C0-enterprise.mib and 537ABAR2C0private.mib) and install to your MIBs application (like MIB-browser).You can see 410AAPJ2C0-private.mib (OLD is 1.3.6.1.4.1.890.1.6.22).
2. ZyWALL/USG SNMP is enabled. 3. Using your MIBs application connects to ZyWALL/USG. 4. SNMPv2 private MIBs support three kinds of status in ZyWALL/USG:
1. CPU usage: Device CPU loading (%) 2. Memory usage: Device RAM usage (%) 3. VPN IPSec Total Throughput: The VPN total throughput (Bytes/s), Total
means all packets(Tx + Rx) through VPN.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
146/151
www.zyxel.com
Appendix 3. Firmware Recovery
In some rare situation(symptom as following), ZyWALL/USG might not boot up successfully after firmware upgrade. The following procedures are the steps to recover firmware to normal condition. Please connect console cable to ZyWALL/USG. 1. Symptom:
Booting success but device show error message "can't get kernel image" while device boot.
Device reboot infinitely.
Nothing displays after "Press any key to enter debug mode within 3 seconds." for more than1 minute.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
147/151
www.zyxel.com
Startup message displays "Invalid Recovery Image".
The message here could be "Invalid Firmware". However, it is equivalent to "Invalid Recovery Image".
2. Recover steps Press any key to enter debug mode
Enter atkz f l 192.168.1.1 to configure FTP server IP address Enter atgof to bring up the FTP server on port 1
The following information shows the FTP service is up and ready to receive FW
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
148/151
www.zyxel.com
You will use FTP to upload the firmware package. Keep the console session open in order to see when the firmware update finishes.
Set your computer to use a static IP address from 192.168.1.2 ~ 192.168.1.254. No matter how you have configured the ZyWALL/USG's IP addresses, your computer must use a static IP address in this range to recover the firmware.
Connect your computer to the ZyWALL/USG's port 1 (the only port that you can use for recovering the firmware).
Use an FTP client on your computer to connect to the ZyWALL/USG. This example uses the ftp command in the Windows command prompt. The ZyWALL/USG's FTP server IP address for firmware recovery is 192.168.1.1
Log in without user name (just press enter). Set the transfer mode to binary. Use "bin" (or just "bi" in the Windows
command prompt). Transfer the firmware file from your computer to the ZyWALL/USG (the
command is "put 310AAAC0C0.bin" in the Windows command prompt).
Wait for the file transfer to complete.
The console session displays "Firmware received" after the FTP file transfer is complete. Then you need to wait while the ZyWALL/USG recovers the firmware (this may take up to 4 minutes).
The message here might be "ZLD-current received". Actually, it is equivalent to "Firmware received".
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
149/151
www.zyxel.com
The console session displays "done" when the firmware recovery is complete. Then the ZyWALL/USG automatically restarts.
The username prompt displays after the ZyWALL/USG starts up successfully. The firmware recovery process is now complete and the ZyWALL/USG is ready to use.
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
150/151
www.zyxel.com
If one of the following cases occurs, you need to do the "firmware recovery process" again. Note that if the process is done several time but the problem remains, please collect all the console logs and send to ZyXEL/USG for further analysis. One of the following messages appears on console, the process must be performed again ./bin/sh: /etc/zyxel/conf/ZLDconfig: No such file Error: no system default configuration file, system configuration stop!!
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.
151/151
Microsoft Word 2016 Microsoft Word 2016