Download Library | Zyxel Networks
USG FLEX H Series - V1.30Patch 1 Firmware Release — Zyxel Community
www.zyxel.com Release Note USG FLEX H Series ZyWALL Security Firewall Version V1.30(A___.1)C0 November 8, 2024 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Contents Supported Platforms.......................................................................................................3 Versions ........................................................................................................................... 3 Read Me First ..................................................................................................................5 Special notices...............................................................................................................6 Product integration and support ..................................................................................8 Features: V1.30(A___.1)C0...........................................................................................10 Features: V1.30(A___.0)C0...........................................................................................11 Features: V1.21(A___.0)C0...........................................................................................16 Features: V1.20(A___.2)C0...........................................................................................20 Features: V1.20(A___.1)C0...........................................................................................21 Features: V1.20(A___.0)C0...........................................................................................22 Features: V1.10(A___.1)C0...........................................................................................31 Features: V1.10(A___.0)C0...........................................................................................33 Limitations .....................................................................................................................36 General ................................................................................................................................36 Network ................................................................................................................................36 IPsec VPN.............................................................................................................................36 Known Issue ..................................................................................................................37 Nebula..................................................................................................................................37 System...................................................................................................................................37 Network ................................................................................................................................37 IPsec VPN.............................................................................................................................37 User & Authentication......................................................................................................38 GUI .........................................................................................................................................38 Diagnostics ..........................................................................................................................38 Log ......................................................................................................................................... 38 Appendix 1. Firmware upgrade procedure .............................................................. 40 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Supported Platforms ZyWALL USG FLEX H Series USG FLEX 50H / USG FLEX 50HP / USG FLEX 100H / USG FLEX 100HP / USG FLEX 200H / USG FLEX 200HP / USG FLEX 500H / USG FLEX 700H Versions USG FLEX 50H uOS Version Firmware Image File name Recovery Image File name V1.30(ACLO.1) | 2024-11-08 07:02:37 130ACLO1C0.bin 130ACLO1C0.ri USG FLEX 50HP uOS Version Firmware Image File name Recovery Image File name V1.30(ACLP.1) | 2024-11-08 07:27:45 130ACLP1C0.bin 130ACLP1C0.ri USG FLEX 100H uOS Version Firmware Image File name Recovery Image File name V1.30(ABXF.1) | 2024-11-08 07:23:27 130ABXF1C0.bin 130ABXF1C0.ri USG FLEX 100HP uOS Version Firmware Image File name Recovery Image File name V1.30(ACII.1) | 2024-11-08 07:32:53 130ACII1C0.bin 130ACII1C0.ri USG FLEX 200H uOS Version Firmware Image File name Recovery Image File name V1.30(ABWV.1) | 2024-11-08 07:17:51 130ABWV1C0.bin 130ABWV1C0.ri USG FLEX 200HP uOS Version Firmware Image File name Recovery Image File name V1.30(ABXE.1) | 2024-11-08 08:04:35 130ABXE1C0.bin 130ABXE1C0.ri Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com USG FLEX 500H uOS Version Firmware Image File name Recovery Image File name V1.30(ABZH.1) | 2024-11-08 08:02:00 130ABZH1C0.bin 130ABZH1C0.ri USG FLEX 700H uOS Version Firmware Image File name Recovery Image File name V1.30(ABZI.1) | 2024-11-08 07:56:31 130ABZI1C0.bin 130ABZI1C0.ri Files lists contains in the Release ZIP file *Note: Please refer to the version table for the following file names mapping. Firmware Image File name: 130A___1C0.bin Purpose: This binary firmware image file is for normal system update. Note: The firmware update may take five or more minutes depending on the scale of device configuration. The more complex the configuration, the longer the update time. Do not turn off or reset the ZyWALL Security Gateway while the firmware update is in progress. The firmware might get damaged, if device loss power or you reset the device during the firmware upload. File name: 130A___1C0.conf Purpose: This ASCII file contains default system configuration commands. File name: 130A___1C0.pdf Purpose: This release file. Recovery Image File name: 130A___1C0.ri Purpose: This binary firmware recovery image file is for emergent system firmware damage recovery only. Note: The ZyWALL Security Gateway firmware could be damaged, for example by the power going off or pressing Reset button during a firmware update. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Read Me First Note: Please use the firmware wizard to upgrade to uOS1.08 Patch1 firmware first, then upgrade to uOS1.30 patch1 firmware. This is the uOS1.30 patch1 firmware release for USG FLEX H series. 1. The system default configuration is summarized as below: The default device administration username is "admin", password is "1234" or see the Device label. The default LAN interface is ge3, which are port 3 (P3)/ port 4 (P4). The default IP address of lan1 is 192.168.168.1/24. By default, WWW/SSH service can only be accessed from LAN subnet. The default WAN interface is ge1, and the secondary WAN interface is ge2. These two interfaces will automatically get IP address using DHCP by default. For the first setup, it requires connecting to Internet with your Zyxel account to complete device registration and activation. 2. Please DO NOT turn off the power during the firmware upgrade. Please wait until the device reboots and the PWR/SYS LED stays solid. 3. It is recommended that user backs up "startup-config.conf" file first before upgrading firmware. 4. When getting troubles in configuring via GUI, it is recommended to clear browser's cache first and try to configure again. 5. To reset device to system default configuration, user could press RESET button for 7 seconds and the device would reset itself to system default configuration and then reboot. Note: After resetting, the original configuration would be removed. It is recommended to back up the configuration before this operation. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Special notices Do not utilize the ports allocated to internal services or system services. Assigning a port that is already used by another service or an internal service can lead to the failure of the service to launch successfully. Internal Services port (Reserved): 53/67-68/179/500/546-547/830/953/1812-1813/2601- 2605/2616/3799/4500/5246-5247/5432/7681-7682/18121 Built-in System Services Port: You can add or change default ports. System Services HTTP HTTPS SSH SNMP FTP Remote SSL VPN Port 80 443 22 161 21 10443 Generate self-signed certificate or certificate request obsolete SHA-1. ZON Utility does not support H series models. The following table lists the functions/features that are not yet supported by uOS products: Category Function/ Feature Wireless AP Controller (AP Management Secure WiFi service) Secure Tunnel (Secure WiFi service related) Rogue AP Auto Healing RTLS Network IGMP Proxy Proxy ARP Link Aggregation Group (LAG) IPv6 IPv6-in-IPv4 Tunnel 6to4 Tunnel SIP ALG GRE Tunnel Layer 2 Isolation DNS Load Balancing Routing Policy Route for IPsec VPN (policy-based are not supported) Dynamic Route (RIP/OSPF/BGP) Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com VPN VPN failover NAT over IPsec (subnet overlapping) Bandwidth Schedule Management (BWM) Per IP / per user rule 802.1P Marking BWM for Transparent Bridge interface Authentication Authentication Policy Captive Portal Zyxel Single Sign-On (with SSO Agent) Security UTM DoH/DoT blocking Collaborative Detection & Response (CDR) ADPProtocol anomaly rules (specific scenarios use only) High Availability Device HA Management Nebula Management Hospitality Hotspot Management Maintenance Shell script Firmware upgrade by USB Firmware upgrade by ZON utility Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Product integration and support The following table lists uOS1.30 Patch1 product integration and support information: Web Browser: Other browser versions have not been tested, but may fully function. Other web browsers may function correctly, but are not supported by Zyxel. Operating System Web Browser Windows 11(64-bit) Microsoft Edge 114 Google Chrome 114 Mozilla Firefox 114 Windows 10 (64-bit) Microsoft Edge 114 Google Chrome 114 Mozilla Firefox 114 Linux OS (Ubuntu) Mozilla Firefox 114 macOS Ventura 13 Safari Google Chrome 114 Mozilla Firefox 114 macOS Monterey 12 Safari Google Chrome 114 Mozilla Firefox 114 Language support The following table lists language support information. Language GUI English Yes Chinese (Simplified) Yes Chinese (Traditional) Yes French Yes German Yes Spanish Yes Portuguese (Brazil) Yes Polish Yes Turkish Yes Russian Yes Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com IKEv2/SSL Remote Access VPN support Following are the list for IKEv2/SSL Remote Access VPN supporting applications and operating systems: VPN Client Operating System Zyxel SecuExtender VPN Client Microsoft Windows 10 and 11 (64bit) macOS versions Big Sur, Monterey, and Ventura Transceivers Support List Only USG FLEX 700H supports SFP/SFP+. Other transceivers have not been tested, but may fully function. Other transceivers may function correctly, but are not officially supported by Zyxel. Type 10GbE Transceiver Modules GbE Transceiver Modules Transceiver Model SFP10G-SR SFP10G-SR-E SFP10G-LR SFP10G-LR-E SFP-1000T SFP-SX-D SFP-SX-E SFP-LX-10-D SFP-LHX1310-40-D SFP-ZX-80-D SFP-BX1310-10-D & SFP-BX1490-10-D SFP-BX1310-E & SFP-BX1550-E * Please note that Direct Attach Copper (DAC) cables are not supported. For optimal performance, use compatible SFP+ optical modules. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.30(A___.1)C0 Modifications in V1.30(A___.1)C0 -- 2024/11/06 Bug Fix 1. [Bug Fix][eITS#241001229, 241001349, 241001408, 241001709] Unable to upgrade the device from 1.21 to 1.30. It failed to apply configuration file and roll back to the original partition 1.21. 2. [Bug Fix][eITS#241001734] Upgrade firmware to 1.21 to 1.30 firmware the system will going as expected. But after reboot firewall manually, the configuration will become to system default. 3. [Bug Fix][eITS#241001817] Geo DB back to default signature after rebooted. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.30(A___.0)C0 Modifications in V1.30(A___.0)C0 -- 2024/10/16 Feature 1. [Enhancement] Support Nebula Topology. 2. [Enhancement] Support Nebula Security Profile Sync. 3. [Enhancement] Support Nebula Site-wide management Device Status feature for comprehensive network oversight. 4. [Enhancement] Support Nebula site-wide management Event Log. 5. [Enhancement] The USG FLEX H series now supports the Entry Defense Pack license, which includes Reputation Filter, SecuReporter, and Priority Support features. 6. [Enhancement] Support Source IP Spoofing Prevention (IP/MAC binding). [eITS#240300026, 210300781] 7. [Enhancement] Support FQDN Address Object. [eITS#230800339, 230900214, 221001833, 221200385, 230600766, 240500098] 8. [Enhancement] BWM support Bridge (Routing mode), PPPoE and VTI interface. 9. [Enhancement] Support Web Console. 10. [Enhancement] Remote Access IPsec VPN support behind NAT scenario. 11. [Enhancement] Support Password complexity for Local user and admin. 12. [Enhancement] Support Scheduling Reboot. 13. [Enhancement] Support PoE power reset at Dashboard > Port Status. 14. [Enhancement] Support sending of scheduled backup configuration via email. 15. [Enhancement] Support "Drop Invalid TCP Flags Packet" at System > Advanced. 16. [Enhancement] Support "Drop TCP SYN Packet" with abnormal payload at System > Advanced. 17. [Enhancement] Support Proton VPN to the APP patrol category "Tunneling". [eITS#221000252] 18. [Enhancement] Support email configuration file with Encryption function. [eITS#240500775] 19. [Enhancement] Support Bridge-Routing mode scenarios. [eITS#230700789] 20. [Enhancement] Support 802.1P Priority on VLAN interface. [eITS#240501460, Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 240500746] 21. [Enhancement] Support USB Storage log rotate function. [eITS#160301602] 22. [Enhancement] Support more troubleshooting diagnostic files at Diagnostic > System log: apply-config-error, boot-config-error, ipsecvpn. 23. [Enhancement] Diagnostic > Network Tool add IPsec Trace Log for IPsec VPN troubleshooting. 24. [Enhancement] Diagnostic > Network Tool add Nebula Connection Status check. 25. [Enhancement] Support firmware automatic fallback mechanism. 26. [Enhancement] Add Priority Support at Tool Bar > Help, that user can open support tickets for prioritized assistance with Licenses. 27. [Enhancement] Add VLAN ID information in the DHCP Table. [eITS#231101504] 28. [Enhancement] Improve the IPS signature searching efficiency. [eITS#230900165] 29. [Enhancement] Change Dashboard Virtual Device style and add the link speed by colors. 30. [Enhancement] Support USB Storage status at Dashboard. 31. [Enhancement] Usability enhancements: a. Add check and validation of the Reserved IP Hostname at DHCP Table. b. Add Security Profile Sync reminding message when use edit or remove Security services at local GUI. c. The Tx and Rx values should be displayed at the same time point in the flowchart. [eITS#231000421] d. The log settings display a minus circle, indicating that some log categories are selected. 32. [Feature Change] change the "myZyxel.com" log category name to "License". 33. [Feature Change] Change the default enabled log categories. 34. [Feature Change] Default enable the LLDP function (System > Advanced). 35. [Feature Change] move myZyxel.com log to cloud-helper category. Bug Fix 4. [Bug Fix][eITS#230500151] Once too many objects are configured in App Patrol profile, it will cause the device to get stuck. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 5. [Bug Fix][eITS#230701453] Duplicate packets when capturing ICMP packets. 6. [Bug Fix][eITS#231201131] When users login to device with 2FA, event logs shows "0.0.0.0" in both source and destination IP address. There is no destination IP in the log of Administrator login. 7. [Bug Fix][eITS#240400191] It takes a long time for the interface to get the IP. 8. [Bug Fix][eITS#240400563] High memory usage. 9. [Bug Fix][eITS#240500400] SNMP query is not responding. 10. [Bug Fix][eITS#240500775] Unable to e-mail the configuration backup from the H series firewall. The sender field in the configuration backup mail is root, not the email address. 11. [Bug Fix][eITS#240600660] If connecting the Zyxel SFP 10G-T (RJ45), P13 or P14 of USG FLEX 700H become port down. 12. [Bug Fix][eITS#240601179] The dashboard memory usage and SNMP query do not match. 13. [Bug Fix][eITS#240601626] Deleting default Security Policy for SSL VPN will be re-created after a reboot. 14. [Bug Fix][eITS#240700792] Device hang up 15. [Bug Fix][eITS#240700915] In Network status > DHCP table > Click Add, the Host name shows the remind message as "The value in this field is duplicate"" even there is no duplicated host name. 16. [Bug Fix][eITS#240700919] If specific characters is configured in DHCP IP reservation, it causes DHCP function stop to work. 17. [Bug Fix][eITS#240701396] 2FA doesn't work after the power cord is removed and reconnected. 18. [Bug Fix][eITS#240701628] (Sweep) UDP Sweep should be in uppercase. 19. [Bug Fix][eITS#240701749] Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Change IPS signature GUI style. 20. [Bug Fix][eITS#240701765] Virtual server is not working after firewall reboot. 21. [Bug Fix][eITS#240701793] DHCP process stop to work if specific HOST character in reserved hosts. 22. [Bug Fix][eITS#240701946] Fail to capture ICMP packet when split threshold value is not the default. 23. [Bug Fix][eITS#240800592] It takes a long time for the interface to get the IP. 24. [Bug Fix][eITS#240800778] If specific characters are configured in DHCP IP reservation, it will cause DHCP function stop to work. 25. [Bug Fix][eITS#240800822] In VPN Status > SSL VPN, there is "Disconnect" button but it is always greyed out. 26. [Bug Fix][eITS#240800866] The memory usage on the USG FLEX 700H reached 91% after running for 9 days. 27. [Bug Fix][eITS#240801054] Static DHCP entries cannot be edited. 28. [Bug Fix][eITS#240801364] If the referenced IP address group includes any "empty" address object, the policy control rule will behave unexpectedly. 29. [Bug Fix][eITS#240801540, 240801470] Main Route should involve Active interface regardless static IP or DHCP and even if not the trunk member. 30. [Bug Fix][eITS#240801732] Network is instable when MTU lower 1500. 31. [Bug Fix][eITS#240801834] On dashboard CPU% chart, it shows core1 to core4. However, in diagnostics > CPU/Memory Status, it shows CPU0 to CPU3. 32. [Bug Fix][eITS#240801834] On dashboard CPU% chart, it shows core1 to core4. However, in diagnostics > CPU/Memory Status, it shows CPU0 to CPU3. 33. [Bug Fix][eITS#240900132] When you download multiple VPN profiles on iOS, a new file removes the existing profile. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 34. [Bug Fix][eITS#240900141] The SSL VPN connection cannot be blocked from accessing the defined Local Network by the security policy's default rule. 35. [Bug Fix][eITS#240900292] Cannot join the domain because the NetBIOS domain name starts with a number, such as 123zyxel.com. 36. [Bug Fix][eITS#240901043] There are many "Two-factor Auth. daemon: uam_read_event error, ret = 1" logs on the collected USB log file. 37. [Bug Fix][eITS#240901052] Unable to change DNS order. 38. [Bug Fix][eITS#240901130] Device rebooted unexpectedly since lock incorrect parameters. 39. [Bug Fix][eITS#240901316] Unable to add VLAN to the port interface. 40. [Bug Fix][eITS#240901822, 241000471] Unable to delete an empty user group; the GUI becomes unresponsive and freezes. 41. [Bug Fix][eITS#241000008] DHCP reservation keeps loading continuously when clicking the ""Reserve"" button. The issue can be seen in remote site. 42. [Bug Fix][ZNGA-5381] Disable Force change password will reset the Default Authentication Timeout Settings. 43. [Bug Fix][ZNGA-5378] From tooltip to edit Zone will not show any Interface in the selection list. 44. [Bug Fix][ZNGA-5458] The display of what's new content will run into auto refresh loop if opened from the dashboard. Upgrade your devices to uOS1.30 for enhanced protection against the CVE references listed, as uOS1.30 is no longer vulnerable to them. - CVE-2024-6387 - CVE-2024-9677 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.21(A___.0)C0 Modifications in V1.21(A___.0)C0 -- 2024/07/16 Feature 1. [Enhancement] Content Filter/SSL Inspection support inspect TLS 1.3 hybridized Kyber session. [eITS#240401693, 240401220, 240401350][ZNGA-4890, 4960, 5005] 2. [Enhancement] Support modify Zone in IPsec/SSL Remote Access VPN. [ZNGA-5018, 5020] 3. [Enhancement] Newly supported applications include: Zoom, Webex, Google Meet, Skype, WeChat, Yandex Stream for Bandwidth Management. [eITS#210800391, 220200469][ZNGA-4906, 4907] 4. [Enhancement] Usability enhancements: a. Add License Service expiration notification. [ZNGA-4830, 4833, 4834] b. A memory check mechanism has been added for firmware upgrades, with a pop-up reminder message. [ZNGA-4732, 4775, 4777, 4778, 4779] c. Tooltips can be clicked to redirect and edit the objects. [eITS#230900100] [ZNGA-3681] d. Add a redirect link to SecuReporter at security statistics page, allowing users to easily check historical data. [ZNGA-4824] e. Add SecuReporter tutorial video. [ZNGA-4825] f. Unify the Timestamp format for statistic graphics. [ZNGA-4887] g. Display or hide settings for table columns can be saved. [ZNGA-4392] h. Enhance the user interface entry fields to be wider for better key-in visibility. [eITS#230701262][ZNGA-4911] i. Add pattern validation for the subject of certificate. [ZNGA-4695] j. Fine tune the hint message to make it more precise. [ZNGA-4807] k. Support scan statistics of sandboxing on SecuReporter. [eITS#240501652] [ZNGA-5289] 5. [Feature Change] Hidden the PKCS#12 password for security. [eITS#231200194][ZNGA-4909] 6. [Feature Change] Stop Cloud firmware updates if the current firmware is Project/ITS firmware to avoid losing ITS-specific bug fixes. [ZNGA-4989, 4990] 7. [Feature Change] Change FTP ALG default settings: [eITS#231201239][ZNGA4908] Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com a. Enable FTP ATG from Disable to Enable. b. Enable FTP Transformation from Disable to Enable. Bug Fix 1. [Bug Fix][eITS#231100879][ZNGA-4071] Open another website will redirect to uOS after logout. 2. [Bug Fix][eITS#231200398][ZNGA-4269] The device becomes unresponsive and stop processing traffic. 3. [Bug Fix][eITS#240100668][ZNGA-4539] Remote access VPN cannot be established. 4. [Bug Fix][eITS#240201429][ZNGA-4753] The device becomes unresponsive. 5. [Bug Fix][eITS#240301616][ZNGA-4782] Unable to establish SSL VPN using OpenVPN on mobile phone. 6. [Bug Fix][eITS#240400076][ZNGA-4836] iOS OpenVPN traffic cannot go through VPN tunnel to Internet in full tunnel mode. 7. [Bug Fix][eITS#240400192][ZNGA-4847] The device rebooted unexpectedly. 8. [Bug Fix][eITS#240400989][ZNGA-4874] Incorrect IPS and Sandboxing statistical data on SecuReporter. 9. [Bug Fix][eITS#240401060, 240600483][ZNGA-4882] USG FLEX 200H works properly but it is always offline on Nebula. 10. [Bug Fix][eITS#240401303][ZNGA-4894] Error message: "Unable to save/write the startup config ..." appears when moving policy route order. 11. [Bug Fix][eITS#240401280][ZNGA-4895] VPN configuration page gets stuck on loading when setup. 12. [Bug Fix][eITS#240500136][ZNGA-4955] Use CLI to create "Configuration backup schedule". If the minute value is '00', it is not displayed in the GUI, only the hour. 13. [Bug Fix][eITS#240500140][ZNGA-4988] Search Base in Active Directory is not working. 14. [Bug Fix][eITS#240401531][ZNGA-4991] Site-to-site VPN traffic goes to the wrong zone for security policy management. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 15. [Bug Fix][eITS#240500438][ZNGA-5069] Security policy is not working after modify the action from allow to deny in bridge mode. 16. [Bug Fix][eITS#240500522][ZNGA-5004] Unable to apply imported configuration file. 17. [Bug Fix][eITS#240501331][ZNGA-5056] Typo on USG FLEX H. 18. [Bug Fix][eITS#240501546][ZNGA-5098] Network Status -> DHCP Table sorting order works incorrectly. 19. [Bug Fix][eITS#240600115][ZNGA-5115] If 00 is configured as minute in Configure Backup schedule > Enable Auto Backup > Daily, it becomes empty after the settings are saved. 20. [Bug Fix][eITS#240600764][ZNGA-5258] NAT rule cannot be applied properly. 21. [Bug Fix][eITS#240600735][ZNGA-5259] On Site to Site VPN monitor page, it shows all VPN tunnels are disconnected even they are properly connected. 22. [Bug Fix][eITS#240601117][ZNGA-5271] NAT rule does not take effect after object type "interface IP" is used. 23. [Bug Fix][eITS#240501404][ZNGA-5286] USG FLEX 100H works properly but it is always offline on Nebula. 24. [Bug Fix][eITS#240600305][ZNGA-5287] Policy route health check does not work as expected. It is always "down" even wan link is up and ping check is successful. 25. [Bug Fix][eITS#240500726][ZNGA-5382] SSL VPN tunnel disconnects after 60 minutes. 26. [Bug Fix][eITS#240600938][ZNGA-5383] DDNS is unable to be updated. 27. [Bug Fix][eITS#240601358][ZNGA-5386] Service disappear from service group after device reboots. 28. [Bug Fix][ZNGA-3402, 3314] Malfunction when set banner via CLI command. 29. [Bug Fix][ZNGA-4754] IPSec VPN VTI interface ping check cannot trigger IKE negotiation. 30. [Bug Fix][ZNGA-4762] [GUI/Policy Route] Change browser to Firefox then move rule will appear error undefined. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 31. [Bug Fix][ZNGA-4768] [File Manager] DUT will not reboot when apply system-default.conf. 32. [Bug Fix][ZNGA-4846] VTI interface in user defined Trunk is not working. 33. [Bug Fix][ZNGA-4883] [Remote Access IPsec VPN] Add admin user type into Remote Access VPN results in failure to provision the Remote Access IPsec VPN configuration to local user. 34. [Bug Fix][ZNGA-5036] Users may encounter issues where the DHCP Relay retains outdated IP addresses and upstream interface configurations. 35. [Bug Fix][ZNGA-5042] An unexpected behavior occurs in the DHCP Relay functionality when the upstream interface setting is left empty or set to any other interface. 36. [Bug Fix][ZNGA-5045] When the PPPoE interface is active, other VLANs cannot obtain IP addresses. 37. [Bug Fix][ZNGA-5091] [Interface/GUI] Remove port from port group that GUI will keep loading 38. [Bug Fix][ZNGA-5094] DHCP option 46 is not working. 39. [Bug Fix][ZNGA-5102] DHCP Relay interface is same as upstream interface, then the DHCP Relay will not work. Upgrade your devices to uOS1.21 for enhanced protection against the CVE references listed, as uOS1.21 is no longer vulnerable to them. - CVE-2024-3596 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.20(A___.2)C0 Modifications in V1.20(A___.2)C0 -- 2024/06/04 Bug Fix 1. [Bug Fix] [eITS#240501707, 240501747] DHCP server doesn't work on VLAN interface. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.20(A___.1)C0 Modifications in V1.20(A___.1)C0 -- 2024/05/21 Bug Fix 1. [Bug Fix][eITS#240400401][ZNGA-4854] Where DHCP relay traffic was not being sent over the tunnel. 2. [Bug Fix][eITS#240401226][ZNGA-4891] CF profile reference display issue. 3. [Bug Fix][eITS#240401237][ZNGA-4892] Devices became unresponsive when modifying bandwidth management rules. 4. [Bug Fix][eITS#240401564][ZNGA-4926, 4965] Unclear service port conflict messages prevented configuration changes. 5. [Bug Fix][eITS#240500137][ZNGA-4971] The site-to-site tunnel could not connect when the pre-shared key included ' or ". Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.20(A___.0)C0 Modifications in V1.20(A___.0)C0 -- 2024/04/18 Feature 1. [Enhancement][eITS#230701372] Support External Block List for Reputation Filter. (ZNGA-1125,1126,1127,4023) 2. [Enhancement] Support ARP Spoofing Protection. 3. [Enhancement] Reputation Filter supports the Allow List push from SecuReporter portal. (ZNGA-3267, 3268, 3269) 4. [Enhancement] Support VPN failover. (ZNGA-3456,2883,2819,1700,532) 5. [Enhancement] Support Bandwidth Management (BWM). (ZNGA-3705, 4548, 4366) 6. [Enhancement] Add Copy function for Security Policy. (ZNGA-3723) 7. [Enhancement] Support Microsoft AD Authentication for IPsec/SSL Remote Access VPN. (ZNGA-1134,3163,3272,4373) 8. [Enhancement] Support LDAP external Authentication for SSL Remote Access VPN. (ZNGA-1565) 9. [Enhancement] Allow conversion from Wizard-type to Custom-type on the VPN Wizard edit page. 10. [Enhancement] VPN Wizard edit page: add 'Go to Static Route' link when edit route-based rule. (ZNGA-4660) 11. [Enhancement] Support SSL VPN add to Zone. (ZNGA-4138,4492) 12. [Enhancement] Support two-factor authentication for VPN access using Google/Microsoft Authenticator. (ZNGA-4162,442) 13. [Enhancement] Site-to-Site VPN Wizard and Custom type add Routes conflict check. 14. [Enhancement] Support failover for Static Route and Policy Route through ping-check. (ZNGA-1705) 15. [Enhancement] [eITS#230801176] Support VTI in Policy Route. (ZNGA- 2393,3445,3456,3678) 16. [Enhancement] [eITS#230801177] Support policy route health check. (ZNGA- 3744,4186) 17. [Enhancement] Implement rule-based hit count information for Security Policy and Policy Route. (ZNGA-3142,3487) Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 18. [Enhancement][eITS#230700790] Add disable option for Global Zone Forwarder. (ZNGA-3680) 19. [Enhancement][eITS#240101556] Add Services Port conflict check and message. (ZNGA-4612,4712,4487) 20. [Enhancement] Add status column and Routes conflict check in Static Router page. (ZNGA-4614) 21. [Enhancement][eITS#230700934] Support modify MAC address for Ethernet Interface & VLAN Interface. (ZNGA-3291, 923) 22. [Enhancement] DHCP enhancement: a. DHCP Table add Edit action and Description column. (ZNGA-3695) b. DHCP Table add Host Name duplicated check in Static IP. c. [eITS#230800272, 231200626] Support DHCP extended options to internal interfaces. (ZNGA-3740,4793) d. On the Network > Interface page, automatically fill in the Start IP field in the DHCP Server section when editing or adding LAN settings. (ZNGA3702) 23. [Enhancement] [eITS#230800732] DDNS supports behind NAT scenario that will update the public IP. (ZNGA-3743) 24. [Enhancement] Implement DDNS failover based on the connection status of the interface. (ZNGA-4176) 25. [Enhancement] Support Session Control function. (ZNGA-419) 26. [Enhancement] Bridge interface add "Role" setting (ZNGA-4338) 27. [Enhancement] add "VLAN ID" column in the Interface page. (ZNGA-4009) 28. [Enhancement] Implement automatic update functionality for the GeoIP database and Certificates. (ZNGA-3790,4670) 29. [Enhancement] Support CIDR Notation. (ZNGA-3396, Seeding#1278) 30. [Enhancement] Add GeoIP country information in the Log/Events page. (ZNGA-3520) 31. [Enhancement] Add address object range hint message at Address Object. (ZNGA-4377) 32. [Enhancement] New Add Traffic Statistics > Application Usage. (ZNGA- 22,4183) 33. [Enhancement] Device Insight enhancement: a. Add Astra data source to Device Insight. (ZNGA-3266, 3965, 4285) b. Gray out the 'Remove' button when a Blocked client is selected. (ZNGA- 4734) Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 34. [Enhancement] [eITS#230701224] Stop username from being capitalized when Login. (ZNGA-3359) 35. [Enhancement] Display boot up status at System Dashboard. (ZNGA-3538) 36. [Enhancement] [eITS#230800348] Double-click to enter Edit mode. (ZNGA- 3540) 37. [Enhancement] Display session duration in the format of hh:mm:ss in the Session Monitor. (ZNGA-3691) 38. [Enhancement] Add Export function at Log page (Export to Excel file). (ZNGA-2971) 39. [Enhancement] Enhance the configuration backup feature to only perform a backup when there are changes to the configuration. (ZNGA-3734) 40. [Enhancement][eITS#230800053] Add description field to Allow/Block list for the security services. (ZNGA-3738) 41. [Enhancement] [eITS#230800351] Revise the GUI grid table resizing behavior, introducing a new 'Fit View' functionality. (ZNGA-3741) 42. [Enhancement] [eITS#230801252] Add the system language setting to the top right corner. (ZNGA-3745) 43. [Enhancement] Add an 'Advanced' page within the System category. This 'Advanced' page allows users to adjust System Parameters, such as UDP/ICMP timeout, and includes toggles for enabling or disabling Additional Features. (ZNGA-3941) 44. [Enhancement] Log event add Src. Port (Source Port) and Dst. Port (Destination Port) information. (ZNGA-4003) 45. [Enhancement] Implement hover effects on action icons. (ZNGA-4087) 46. [Enhancement] Initial Setup Wizard refine the Nebula onboarding flow. (ZNGA-4093) 47. [Enhancement] Support Configuration File test/verify function. (ZNGA-4337) 48. [Enhancement] Troubleshooting enhancement: a. Display error message at Console when apply configuration failed. (ZNGA-3797) b. Display boot up status and message at Console. (ZNGA-3799) c. Allow copying the configuration to a USB drive using the command-line interface (CLI). (ZNGA-3892) d. Diagnostic content add a file of Boot & Apply process logs. (ZNGA-4165) e. Add file header to the configuration file. (ZNGA-4364) 49. [Enhancement] Click "The latest log" title in System Dashboard will redirect to the Log/Event page. (ZNGA-4250) Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 50. [Enhancement] Implement the new filter style on the Log page and Session Monitor. (ZNGA-4355,4542) 51. [Enhancement] Change address object type 'CIDR' to 'SUBNET' (ZNGA-4375) 52. [Enhancement] Object pages to add `Description' column. (ZNGA-4376) 53. [Enhancement] Add URL report link at Content Filter General and URL Threat Filter General page. (ZNGA-4552) 54. [Enhancement] Email Daily Report add Application Usage. (ZNGA- 4554,4591) 55. [Feature Change] DoS Prevention is turned off by default. (ZNGA-4444) 56. [Feature Change] Default enable the "Auto Reboot" function when doing Firmware Auto Update and Remove the on/off from GUI (ZNGA-4751) 57. [Feature Change] By default, PoE power is disabled on Port 3 and Port 4 for USG FLEX 700H. (ZNGA-4360) 58. [Feature Change] Menu Tree adjustment (ZNGA-4371): a. Change 'System Statistics' to 'Traffic Statistics' b. Move out "Session Monitor" to 'Traffic Statistics' c. Remove "Resource" from 'Traffic Statistics'. Resource data can be read at System Dashboard. d. New add "Application Usage" to 'Traffic Statistics' e. Move Device Insight on/off to "Advanced" page Bug Fix 1. [Bug Fix][eITS#230700936][ZNGA-3339] Interface setting is ineffective after interface type is changed. 2. [Bug Fix][eITS#230701023][ZNGA-3309] NAT rule is not working. 3. [Bug Fix][eITS#230701149][ZNGA-3333] Add static DHCP reservation entries in Network > Interface. 4. [Bug Fix][eITS#230800882][ZNGA-3478] Devices should not respond to DNS queries originating from the WAN interface when a security policy with content filtering is applied between the WAN and WAN interfaces. 5. [Bug Fix][eITS#230801575][ZNGA-3593] Firewall local-out SNAT does not work. 6. [Bug Fix][eITS#230900765][ZNGA-3755] Firewall do Destination NAT even if TCP first packet is not SYN. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 7. [Bug Fix][eITS#230900864][ZNGA-3776] Unable to disable DHCP server of all interfaces. 8. [Bug Fix][eITS#230901363][ZNGA-3862] Under the EEE feature, the AP may encounter compatibility issues with certain devices. 9. [Bug Fix][eITS#230901052][ZNGA-3812] DNAT cannot work. 10. [Bug Fix][eITS#231000138][ZNGA-3872] With AES128/SHA256 with DH14/DH2 groups, IPSec VPN on iPhone cannot be established. 11. [Bug Fix][eITS#231000224][ZNGA-3889,3890] Inactivate VPN profile but the status still shows connected. 12. [Bug Fix][eITS#231000238][ZNGA-3883] If the VPN profile name exceeds 19 characters, it always in loading status when clicking "connect" button. 13. [Bug Fix][eITS#231000350][ZNGA-3894] In PPPoE, the settings should not be saved when the retype password field of is empty. 14. [Bug Fix][eITS#231000557][ZNGA-3915] The extension .conf should be added automatically while users backup configuration. 15. [Bug Fix][eITS#231000599][ZNGA-3918] Unable to edit Default Trunk. 16. [Bug Fix][eITS#231000601][ZNGA-3919] In the Initial Wizard, it should not allow users to configure different subnets in WAN IP and default gateway. 17. [Bug Fix][eITS#231000868][ZNGA-3940] Unable to set the static DHCP IP in the DHCP server option. Users need to navigate to Network Status > DHCP Table to configure. 18. [Bug Fix][eITS#231001044][ZNGA-3957] Anti-malware causes network slowness. 19. [Bug Fix][eITS#231001922][ZNGA-4005] Skip the second connection test when the device passes the first connection test. 20. [Bug Fix][eITS#231001962][ZNGA-4010] Unable to access the internet the device becomes unresponsive. 21. [Bug Fix][eITS#231001978][ZNGA-3994] Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com USG Flex 700H is experiencing unexpected reboots when a USB flash drive is plugged in. 22. [Bug Fix][eITS#231001989][ZNGA-4060] The connection port statistics traffic graph displays abnormally. 23. [Bug Fix][eITS#231001990][ZNGA-3989] Graph of the same port are duplicated in System Statistics > Port > Monitor Port. 24. [Bug Fix][eITS#231002035][ZNGA-4011] Unable to assign the DHCP IP because the device becomes unresponsive. 25. [Bug Fix][eITS#231002151][ZNGA-4027] Poor SSL Inspection performance and Teams is not usable. 26. [Bug Fix][eITS#231100108][ZNGA-4014] Firewall does not assign IP address to the connected host, and even cannot be connected with static IP. 27. [Bug Fix][eITS#231100792][ZNGA-4065] NAT rule doesn't work if one of wan connections is lost. 28. [Bug Fix][eITS#231101152][ZNGA-4114] The page for Trunk is stuck in loading. 29. [Bug Fix][eITS#231101272][ZNGA-4090] Sometimes the NAT and routing settings disappear. 30. [Bug Fix][eITS#231101418][ZNGA-4151] When enabling/disabling remote access VPN function, an error message pops up on GUI. 31. [Bug Fix][eITS#231200178][ZNGA-4161] Once the firewall rule applied user profile, the rule cannot detect VPN related session. 32. [Bug Fix][eITS#231200349][ZNGA-4170] When disabling DHCP server on GE3, you cannot make any changes in the GE4. 33. [Bug Fix][eITS#231200357][ZNGA-4168] SNAT entry in policy route becomes "none" after IP address is configured and saved. 34. [Bug Fix][eITS#231200715][ZNGA-4206] The firewall rule cannot detect the SSL VPN connection established from the OpenVPN Connect with user ID. 35. [Bug Fix][eITS#231200716][ZNGA-4196] Network > Interface > Trunk fails to load. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 36. [Bug Fix][eITS#231200802][ZNGA-4198] Unable to control user by remote VPN by firewall rule 37. [Bug Fix][eITS#231200991][ZNGA-4317] After firewall reboots, you need to inactivate/activate the NAT profile again to make NAT work again. 38. [Bug Fix][eITS#231201025][ZNGA-4233] If you create more continent GeoIP objects, some Geo IP addresses are not correctly assigned. After these continent GeoIP objects are removed, these Geo IP addresses can be correctly assigned. 39. [Bug Fix][eITS#231201089][ZNGA-4259] The device doesn't generate sys log into USB storage immediately. 40. [Bug Fix][eITS#231201247][ZNGA-4256] IKEv2 remote VPN connection cannot access internet. 41. [Bug Fix][eITS#231201457][ZNGA-4255] Firewall cannot obtain IP in specific condition 42. [Bug Fix][eITS#231201467][ZNGA-4281] Incorrect limitation for the IPSec VPN zone 43. [Bug Fix][eITS#240100145][ZNGA-4276] The nslookup tool cannot resolve the longer TLD domain name. The field should support the TLD length of 63 characters. 44. [Bug Fix][eITS#240100206][ZNGA-4453] NAT is not working. 45. [Bug Fix][eITS#240100211][ZNGA-4307] When a new user is created, GUI pops up an error message. 46. [Bug Fix][eITS#240100321][ZNGA-4339] Sometimes NAT rule and policy disappear. User needs to reboot device to recover it. 47. [Bug Fix][eITS#240100480][ZNGA-4320] Create several GeoIP in a address group and apply the group object to a security policy rule. Only the 1st entry is working. It does not go to the 2nd entry but jumps to the next security policy rule. 48. [Bug Fix][eITS#240100590][ZNGA-4343] On Dashboard > Security, the area of the threat filter is always loading. 49. [Bug Fix][eITS#240100647][ZNGA-4346] When trying to adjust the settings for ge1_PPP, an error pops out. But after clicking OK, the page shows the adjusted settings. 50. [Bug Fix][eITS#240100728][ZNGA-4347] Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Device reboots unexpectedly. 51. [Bug Fix][eITS#240100813][ZNGA-4409] The page of Log event is always loading. 52. [Bug Fix][eITS#240100875][ZNGA-4365] Relay server settings disappear after you click "Save". 53. [Bug Fix][eITS#240100884][ZNGA-4399] When disabling DHCP server on GE3, you cannot make any changes in the GE4. 54. [Bug Fix][eITS#240100980][ZNGA-4451] USG Flex H doesn't support IP in IP tunnel routing. 55. [Bug Fix][eITS#240101119][ZNGA-4397] All settings on web GUI are empty. 56. [Bug Fix][eITS#240101125][ZNGA-4452] The error message "Command failed: CHILD_SA config 'sec_policy1_VPNHOME' not found" pops up when you connect site-to-site VPN. 57. [Bug Fix][eITS#240101192][ZNGA-4567,4685] The PPTP(TCP 1723 port) traffic cannot be NAT forwarded from WAN to LAN normally. 58. [Bug Fix][eITS#240101242][ZNGA-4517] An error message pops up when dialing PPPoE connection. 59. [Bug Fix][eITS#240101258][ZNGA-4446] The error "WebSocket KeepAlive failed." appears on Dashboard > System and Network > Interface. 60. [Bug Fix][eITS#240101639][ZNGA-4474] IKEv2 with Windows native client cannot be connected. 61. [Bug Fix][eITS#240200217][ZNGA-4541] The device becomes unresponsive. 62. [Bug Fix][eITS#240200307][ZNGA-4514] When WAN1 connectivity check is fail, the DDNS does not update to WAN2 automatically. 63. [Bug Fix][eITS#240201202][ZNGA-4561] Firewall rule is not working due to false address-object settings. 64. [Bug Fix][eITS#240201528][ZNGA-4655] PPTP VPN can't build up when initialed from LAN side.. 65. [Bug Fix][eITS#240300253][ZNGA-4616] The reserved DHCP IP is unable to release from DHCP table after changing the interface IP segment. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 66. [Bug Fix][eITS#240300390][ZNGA-4765] NAT is not working. 67. [Bug Fix][ZNGA-2819, 3817] After manual disconnect tunnel the IPsec VPN with Nailed-up setting will not auto reconnect. Upgrade your devices to uOS1.20 for enhanced protection against the CVE references listed, as uOS1.20 is no longer vulnerable to them. - CVE-2023-6398, CVE-2023-6399 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.10(A___.1)C0 Modifications in V1.10(A___.1)C0 -- 2023/11/21 1. [Enhancement] GUI enhancement a. [eITS#231001856] fine tune the wording for Firmware upgrade. b. Refine the Menu Tree item "File Manager" to "Firmware/File Manager". c. [eITS#230900275] The wording "Diffie-Hellman Groups" in phase 2 is changed to "PFS". 2. [Enhancement] Support CLI to change ICMP timeout value. 3. [Bug Fix] GUI bugs fix: a. Change the "Description" field on Device Insight > Edit page from mandatory to optional. b. Add a checking mechanism in SSL VPN settings page. When the combination of the incoming interface and DNS name fields is incorrect, the configuration download button will be gray out. c. Fix the Query display inconsistent issue at Reputation Filter page. d. Fix the System Dashboard loading issue. 4. [Bug Fix] The traffic of established session goes to new next-hop interface but with previous SNAT. 5. [Bug Fix] eITS#230900089 a. Fixed the problem of incorrect zone name issue. 6. [Bug Fix] eITS#230901003 a. Fix the problem of Network loop issue when port 1(with vlan configured) and port 2 are connected to a same dummy switch. 7. [Bug Fix] eITS#231000637 a. Failed to send scheduled daily report. 8. [Bug Fix] eITS#231000957 a. Failed to add object and object group by policy tooltip. 9. [Bug Fix] eITS#231001098 a. The VLAN's DHCP Relay setting is disabled unexpectedly when new VLAN DHCP Relays are added. 10. [Bug Fix] eITS#231001941 a. When changing to different LAN ports, the DHCP IP address cannot be obtained. 11. [Bug Fix] eITS#231001962 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com a. The USG Flex 700H reboots unexpectedly and there is no internet due to a fast path CPU deadlock. 12. [Bug Fix] eITS#231002035 a. LAN clients cannot get DHCP IP. 13. [Bug Fix] eITS#231100687 a. Sometimes the clients in VLAN interface failed to query DNS after the device reboots. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Features: V1.10(A___.0)C0 Modifications in V1.10(A___.0)C0 -- 2023/10/16 First release. 1. Internet Protocol Version: IPv4 only 2. Firewall Function Supports: Routing and transparent (bridge) modes Stateful packet inspection Dos Prevention (Preventing Flooding and Sweep Attacks) FTP NAT traversal Security Policy o Unified policy management interface o Policy control criteria by IP/GeoIP/CIDR/ Service o Policy control criteria by User o Schedule 3. VPN Function Support: IPsec VPN o Site-to-Site VPN o Remote Access VPN (IKEv2) o Native Windows, iOS/macOS and Android (StrongSwan) client provision SSL VPN o Client remote access (compatible with OpenVPN Connect) SecuExtender VPN client provision for both IPsec and SSL VPN 4. Security Features and Services Support: * Services that requires Gold Security Pack Application Patrol* Intrusion Prevention System (IPS)* Anti-Malware (Cloud Query only)* Web Filtering* Reputation Filter* o IP Reputation o DNS Threat Filter o URL Threat Filter Sandboxing* Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Device Insight* SSL Inspection IP Exception 5. Networking Support: Port Grouping Routing mode o Policy Route criteria by IP/GeoIP/CIDR/Service o Policy Route criteria by user o Policy Route criteria by DSCP code o Policy Route Schedule o Policy Route DSCP Marking o Policy Route SNAT o Static Route External Interface o Types: DHCP, Static, and PPPoE o MTU setting o VLAN setting o MAC address setting o DHCP Option 60 Internal Interface o MTU setting o VLAN setting o DHCP relay/ server role o DHCP Options o Static DHCP IP/MAC mapping Bridge Interface -transparent mode only WAN Load Balancing support Weight Round Robin only WAN Failover Dynamic DNS (DDNS) NAT o Virtual Server o 1:1 NAT o Many 1:1 NAT ALG: FTP ALG only 6. Management Support: Nebula Centralized Management o Monitor device on/off status Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com o Firmware upgrade operation o Access remote GUI (requires Nebula Professional Pack) o Backup and restore firewall configurations (requires Nebula Professional Pack) Authentication: o Local user database o RADIUS o 2FA Authentication Google Authenticator (Admin only) o IKEv2 with EAP-MSCHAPv2 VPN authentication System Management o Firmware upgrade via FTP, FTP-TLS, Web GUI o Multi-lingual Web GUI o Command line interface (Console, SSH and Telnet) o SNMP v1, v2c, v3 Logging and Monitoring o SecuReporter supported (requires Gold Security Pack) o Syslog Server o Email daily report 7. Maintenance Support: Configuration File management Firmware upgrade management Firmware upgrade schedule Diagnostics collection Packet Capture Network Tools Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Limitations General 1. Not support rename function for following features: (1) Interface name (2) Policy Route rule name (3) Static Route rule name (4) Security Policy rule name (5) NAT rule name (6) IPsec Site-to-Site Rule name (7) Security Services Profile name Network 1. [Port Group] (1) Port 1 and Port 2 of the USG FLEX 500H and USG FLEX 700H cannot perform Port Group with other ports. (2) Port 13 and Port 14 of the USG FLEX 700H cannot perform Port Group with other ports. 2. [ZNGA-1649][Interface] Not support multiple interfaces connect on the same Network. Different interface cannot configure IP in the same IP subnet that the ARP Flux problem will caused unexpected traffic forward behavior. For example, you configure the interface as following: Ge1 interface set or get IP: 192.168.254.10/24 Ge2 interface set or get IP: 192.168.254.11/24 This means ge1 and ge2 are on the same IP subnet 192.168.254.0/24 IPsec VPN 1. [ZNGA-3935][Remote Access VPN] For native iOS/macOS design, the lifetime minimum value is 10 minutes. If you set the lifetime less than 10mins, then it cannot connect to iOS/macOS VPN client correctly. see reference of the iOS/macOS parameters: https://developer.apple.com/documentation/devicemanagement/vpn/ike v2/ikesecurityassociationparameters Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Known Issue The following issues have been identified in version 1.30P1. To inquire about a particular bug or report a bug, please contact Customer Service & Support. Nebula 1. [ZNGA-5846][Reverse Tunnel] User cannot access web console page when login by Nebula Remote Configurator. 2. [ZNGA-6154][Site-Wide] If the external interface is static IP, the gateway IP information cannot be displayed on the Nebula Monitor > Device > Firewall page. System 1. [ZNGA-5400][DNS] Address Record have same domain cause cannot connect to internet. 2. [ZNGA-5762] PoE configuration is inconsistent with GUI status. 3. [ZNGA-6009] The device shows high CPU usage during bursts concurrent session flows with security features enabled. Network 1. [eITS#240700730] The automatic MAC address assignment is assigning wrong MAC addresses, leading to abnormal behavior in network traffic transfer. [Workaround] Manually set the interface MAC address to override the default MAC address. 2. [ZNGA-4442][eITS#240100505] NAT is not working after works for hours. 3. [ZNGA-4037][eITS#231000192] INTERFACE type should contains the status of physical link (layer1), Layer 2 link and connectivity check. 4. [ZNGA-5044] The upstream interface of DHCP Relay does not support PPPoE interface (GUI selection list still show the PPPoE interface). 5. [ZNGA-5988] [DHCP Table] Certain data will be lost after modifying unsupported hostname data and reserve it. 6. [ZNGA-6109][Bridge][NAT] If NAT loopback is enabled, devices on the same bridged LAN cannot be accessed. IPsec VPN 1. Device needs to have at least one default route for IPsec VPN traffic forward. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com 2. Remote access IPsec VPN does not support secondary authentication server. 3. When there are more than 300 VPN tunnels, the device may sometimes not respond and not display status. 4. [ZNGA-4393][IPsec VPN] Some algorithm combinations fail to ping each other between PCs. 5. [ZNGA-4728][Beta#1518]IKEv2 C2S Routing Issue. 6. [ZNGA-5688] Policy-based IPSec VPN doesn't bypass the direct route to other subnets. User & Authentication 1. [ZNGA-5381] Disable Force change password will reset the Default Authentication Timeout Settings. 2. 2FA valid time does not support the character "+". 3. RADIUS user login with Admin role will pop-up change password message. 4. [ZNGA-4518][AAA] The joining status is "Not join AD Domain yet." after reboot. GUI 1. [ZNGA-5378] From tooltip to edit Zone will not show any Interface in the selection list. 2. System Dashboard widget will loading for a while. Please wait till dashboard widget data displays before switching to other GUI pages. 3. [ZNGA-4999] The error messages on the change password page are not precise. 4. [ZNGA-5458] The display of what's new content will run into auto refresh loop if opened from the dashboard. [Workaround] Switch to other GUI page and then open what's new. 5. [ZNGA-5711] The Member list at Address Group Object page is not sorted alphabetically. 6. [ZNGA-6129] [Session Monitor] session count column will move to the first column after change view. Diagnostics N/A Log 1. [ZNGA-4447][eITS#240101503] The syslog format doesn't comply RFC. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved. www.zyxel.com Appendix 1. Firmware upgrade procedure The following is the firmware upgrade procedure: Use Browser to login into ZyWALL Security Gateway as administrator. Go firmware upgrade wizard step3 (Firmware Upgrade and Reboot) to auto download and upgrade to the latest firmware. After several minutes, the system is successfully boot up with the newest version. Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.Microsoft Word 2016 Microsoft Word 2016