ZyXEL Communications USG FLEX 100AX Release Notes
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. USG FLEX 100AX
  6. Release notes
ZyXEL Communications USG FLEX 100AX Release Notes

ZyXEL Communications USG FLEX 100AX Release Notes

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
www.zyxel.com

Release Note

USG FLEX 100AX
Version 5.39(ACFN.1)C0
November 16, 2024
1/37
Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the USG FLEX 100AX and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications USG FLEX 100AX

Summary of Contents for ZyXEL Communications USG FLEX 100AX

  • Page 1: Release Note

    Release Note USG FLEX 100AX Version 5.39(ACFN.1)C0 November 16, 2024 1/37 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

  • Page 2: Table Of Contents

    www.zyxel.com Contents Release Note ........................1 Supported Platforms: ....................... 4 Versions: ........................... 4 Files lists contains in the Release ZIP file ............... 4 Read Me First ........................5 Design Limitations: ......................7 Build in Service ........................7 DNS ............................7 GUI .............................
  • Page 3 www.zyxel.com Features: V5.39(ACFN.0)C0 ..................20 Features: V5.38(ACFN.0)C0 ..................22 Features: V5.37(ACFN.2)C0 ..................25 Features: V5.37(ACFN.1)C0 ..................26 Features: V5.37(ACFN.0)C0 ..................30 Appendix 1. Firmware upgrade / downgrade procedure ........31 Appendix 2. SNMPv2 private MIBS support ..............32 Appendix 3. Firmware Recovery ................. 33 3/37 Copyright ©...

  • Page 4: Supported Platforms

    USG FLEX 100AX Release V5.39(ACFN.1)C0 Release Note Date: November 16, 2024 Supported Platforms: USG FLEX 100AX Versions: ZLD Version: V5.39(ACFN.1) | 2024-11-16 08:04:18 Files lists contains in the Release ZIP file File name: 539ACFN1C0.bin Purpose: This binary firmware image file is for normal system update.

  • Page 5: Read Me First

    www.zyxel.com Note: The ZyWALL Firewall firmware could be damaged, for example if the device is powered off or the Reset button is pressed in the middle of firmware update process. File name: USG FLEX 100AX_V5.39(ACFN.1)C0-foss.pdf Purpose: The PDF file is ZNet only grants you the software license declaration document.
  • Page 6 www.zyxel.com 8. [APC] Support AP List APC Version ZLD version Support AP (Managed AP) APC6.75 ZLD5.39 NWA3160-N NWA3550-N NWA3560-N NWA5160N NWA5550-N NWA5560-N NWA5121-NI NWA5123-NI NWA5121-N NWA5301-NJ WAC6502D-E WAC6502D-S WAC6503D-S WAC6553D-E WAC6552D-S WAC6103D-I NWA5123-AC WAC5302D-S NWA5123-AC-HD WAC6303D-S WAX650S WAX510D WAX610D WAC5302D-Sv2 WAC500 WAC500H WAX630S...

  • Page 7: Design Limitations

    www.zyxel.com Design Limitations: Note: Design Limitations described the system behavior or limitations in current version. They will be created into knowledge base. Build in Service 1. [SPR: 061208575] [Symptom] If users change port for built-in services (FTP/HTTP/SSH/TELNET) and the port conflicts with other service or internal service, the service might not be brought up successfully.

  • Page 8: Ipsec Vpn

    www.zyxel.com 10 latest version 10.3.2 (Safari) Safari10 latest version 10.3.2 latest version 5.0 (Chrome) latest version 5.0 (Chrome) Apple MAC OS X Firefox latest version Firefox latest version Latest Safari version 13.1.2/ 14.1/15.0 Latest Safari version 13.1.2/ 14.1/15.0 Apple iOS (Tablet) latest version 5.0 (Chrome) latest version 5.0 (Chrome) Android (Tablet)
  • Page 9 www.zyxel.com c. On ZyWALL Firewall-B  Create one WAN interface  Create one VPN Gateway. The Primary Peer Gateway Address is configured as WAN1 IP address of ZyWALL Firewall-A and the Secondary Peer Gateway Address is configured as WAN2 IP address of ZyWALL Firewall-A d.

  • Page 10: Ssl Vpn

    www.zyxel.com b. IPv4 rules with User-based PSK authentication c. IPv6 rules 7. Not support site to site VPN behind NAT scenario both in On-Premises mode and On-Cloud mode SSL VPN 1. Following are the list for SSL VPN supporting applications and operating systems: SecuExtender SSL VPN Client support: Windows 10/11 (32- and 64-bit) and ...

  • Page 11: Mac Authentication

    www.zyxel.com 1. HTTP/HTTPS don’t support IPv6 link local address in IE7 and IE8. 2. Windows XP default MS-DOS FTP client cannot connect to device's FTP server via iPv6 link-local address. 3. [SPR: 110803280] [Symptom] Safari cannot log in web with HTTPS when using IPv6 4.

  • Page 12: Known Issues

    www.zyxel.com Known Issues: Note: These known issues listed below represent are not fixed in the current firmware release. And we already plan to fix them in the future firmware release. [On Premises mode] IPSec VPN 1. [SPR: 141209575] [Symptom] IPSec VPN tunnel sometimes can be built up while initiator and responder devices use CA with the same subject name in IKE authentication.

  • Page 13: Ssl Inspection

    www.zyxel.com [Workaround] You can configure Windows cipher with following information http://support.microsoft.com/kb/980868/en-us 2. [SPR: 160309776] [Symptom] GUI login can’t auto connect/disconnect new SecuExtender tool in windows. 3. [SPR: 170517424] [Symptom] SecuExtender after ZLD4.30 will not support Windows XP due to strong cipher suite activated by default.
  • Page 14 www.zyxel.com It takes 30 seconds or above to update the AP controller information when using Zyxel Wireless Optimizer (ZWO) tool to monitor the status. 5. [SPR: 160603272] [Symptom] AP traffic Tx/Rx value show incorrectly in Email Daily Report. 6. [SPR: 170830306] [Symptom] [Station info] When client from 2.4G Wi-Fi to 5G Wi-Fi, the station info will show client connect to 2.4G Wi-Fi.

  • Page 15: Apc

    www.zyxel.com 14. [SPR: 201223508] [Symptom] AP information will not hide advanced settings after reloading the page. 15. [eITS: 210200970] [Symptom] NWA1123ACv3 --- LTE3316 --- 4G NWA1123ACv3 cannot be online. Must adjust MTU size of the AP to be smaller to make it be online. 16.

  • Page 16: Device Ha Pro

    www.zyxel.com Device HA Pro 1. [SPR: 160226958] [Symptom] When the physical interface link down, the HTTP file downloading will terminate after failover to passive device. 2. [SPR: 160623509] [Symptom] Upgrade firmware from Active device and the upgrade process is to upgrade Passive device first.

  • Page 17: Routing Traces

    www.zyxel.com Routing traces 1. [SPR: 210310085] [Symptom] When device with heavy traffic load and complex routing rules may cause unexpected reboot. Web Content Filter 1. [SPR: 210324205, 210324206] [Symptom] [VPN][L2TP] Remote access VPN_The html picture is broken on warning page (Content Filter/URL threat filter) for http website. 2.

  • Page 18: Cloud Auth

    www.zyxel.com [On Cloud mode] Cloud Auth 1. [eITS: 230801049] [Symptom] Incorrect device GUI landing page when the device is managed by Nebula & enabled cloud-auth 18/37 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

  • Page 19: Features: V5.39(Acfn.1)C0

    www.zyxel.com Features: V5.39(ACFN.1)C0 Modifications in V5.39(ACFN.1)C0 - 2024/11/16 [On Premises mode & On Cloud mode] 1. Vulnerability Fix [AP Controller] 19/37 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

  • Page 20: Features: V5.39(Acfn.0)C0

    www.zyxel.com Features: V5.39(ACFN.0)C0 Modifications in V5.39(ACFN.0)C0 - 2024/08/22 [On Premises mode] 1. [ENHANCEMENT] CLI created to enable "Drop TCP SYN packets with data". 2. [ENHANCEMENT] Optimize URL Threat Filter/Content Filter scan flow to avoid unnecessary inspections. 3. [Bug Fixed] eITS#240401350, 240401693, 240501058, 240701813 a.
  • Page 21 www.zyxel.com CVE-2024-3596  CVE-2024-6343  CVE-2024-6387  CVE-2024-7203  CVE-2024-42057  CVE-2024-42058  CVE-2024-42059  CVE-2024-42060  CVE-2024-42061  21/37 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

  • Page 22: Features: V5.38(Acfn.0)C0

    www.zyxel.com Features: V5.38(ACFN.0)C0 Modifications in V5.38(ACFN.0)C0 - 2024/03/29 [On Premises mode] 1. [ENHANCEMENT] [eITS#230800065, 230801657, 240100888]: ADP allow list support extend to include protocol anomaly. 2. [ENHANCEMENT]: Add last update time on SecuReporter Allow list table. 3. [ENHANCEMENT]: System protection log category change to system. 4.
  • Page 23 www.zyxel.com 18. [Bug Fix] eITS#231200559 a. Fix: Configuration synchronize issue when device ha role swap. 19. [Bug Fix] eITS#231200687 a. Enhancement: Cache memory recycling mechanism. 20. [Bug Fix] eITS#231200814 a. Fix: The tftp traffic can't get files from the tftp server through the VPN tunnel.
  • Page 24 www.zyxel.com [On Cloud mode] 1. [ENHANCEMENT]: DNS Content Filter support Google/ YouTube/ Microsoft Bing Safe Search. 2. [ENHANCEMENT]: Support change to a different ISP (WAN fallback). 3. [Bug Fix] eITS#231201567 a. Fix: pppoe connection issue when multiple pppoe instances are configured 4.

  • Page 25: Features: V5.37(Acfn.2)C0

    www.zyxel.com Features: V5.37(ACFN.2)C0 Modifications in V5.37(ACFN.2)C0 - 2024/01/22 [On Premises mode] 1. [Bug Fix] eITS#231101413, 231101432 a. Fix: 802.1X wireless station authentication failure. 2. [Bug Fix] eITS#231101439 a. Fix: Failed to apply configuration file due to certificate. 3. [Bug Fix] eITS#231200479 a.

  • Page 26: Features: V5.37(Acfn.1)C0

    www.zyxel.com Features: V5.37(ACFN.1)C0 Modifications in V5.37(ACFN.1)C0 - 2023/11/13 [On Premises mode] 1. [ENHANCEMENT]: IP Reputation to scan device local in/out traffic. 2. [ENHANCEMENT]: Show allow action from SecuReporter including IP Reputation, DNS & URL Threat Filter. 3. [ENHANCEMENT]: New network tools - Speed Test. 4.
  • Page 27 www.zyxel.com 15. [Bug Fix] eITS#230700228 a. Fix: Move "Radius Server is enable" log to debug level. 16. [Bug Fix] eITS#230700420 a. Fix: DHCP server cannot release IP address. 17. [Bug Fix] eITS#230700642 a. Fix: Go to CONFIGURATION > Mgmt. & Analytics > Nebula but the page keeps loading.
  • Page 28 Fix: When web authentication is disabled, client is not able to query walled garden list domain via external DNS server. 5. [Bug Fix] eITS#231100485 a. Fix: Connecting using WiFi 6 clients to USG FLEX 100AX only shows WiFi 5 even if "5GHz band only" is configured in SSID settings. [AP Controller] [Common vulnerabilities and Exposures] ZLD5.37 Patch1 is no longer vulnerable to the following CVE References:...
  • Page 29 www.zyxel.com CVE-2023-4397  CVE-2023-4398  CVE-2023-5650  CVE-2023-5797  CVE-2023-5960  29/37 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

  • Page 30: Features: V5.37(Acfn.0)C0

    www.zyxel.com Features: V5.37(ACFN.0)C0 Modifications in V5.37(ACFN.0)C0 - 2023/09/19 First release. 30/37 Copyright © 2024 Zyxel and /or its affiliates. All Rights Reserved.

  • Page 31: Appendix 1. Firmware Upgrade / Downgrade Procedure

    www.zyxel.com Appendix 1. Firmware upgrade / downgrade procedure The following is the firmware upgrade procedure: 1. If user did not backup the configuration file before firmware upgrade, please follow the procedures below:  Use Browser to login into ZyWALL Firewall as administrator. ...

  • Page 32: Appendix 2. Snmpv2 Private Mibs Support

    www.zyxel.com  After system upload and boot-up successfully, login into ZyWALL Firewall via Console/Telnet/SSH.  Router>enable  Router#write Now the system is successfully downgraded to older version. Note: ZyWALL Firewall might lose some configuration settings during this downgrade procedure. It is caused by configuration conflict between older and newer firmware version.

  • Page 33: Appendix 3. Firmware Recovery

    www.zyxel.com Appendix 3. Firmware Recovery In some rare situation(symptom as following), ZyWALL Firewall might not boot up successfully after firmware upgrade. The following procedures are the steps to recover firmware to normal condition. Please connect console cable to ZyWALL Firewall. 1.
  • Page 34 www.zyxel.com  Startup message displays “Invalid Recovery Image”.  The message here could be “Invalid Firmware”. However, it is equivalent to “Invalid Recovery Image”. 2. Recover steps  Press any key to enter debug mode  Enter atkz –f –l 192.168.1.1 to configure FTP server IP address ...
  • Page 35 www.zyxel.com  You will use FTP to upload the firmware package. Keep the console session open in order to see when the firmware update finishes.  Set your computer to use a static IP address from 192.168.1.2 ~ 192.168.1.254. No matter how you have configured the ZyWALL Firewall’s IP addresses, your computer must use a static IP address in this range to recover the firmware.
  • Page 36 www.zyxel.com  The console session displays “done” when the firmware recovery is complete. Then the ZyWALL Firewall automatically restarts.  The username prompt displays after the ZyWALL Firewall starts up successfully. The firmware recovery process is now complete and the ZyWALL Firewall is ready to use.
  • Page 37 www.zyxel.com If one of the following cases occurs, you need to do the “firmware recovery  process” again. Note that if the process is done several time but the problem remains, please collect all the console logs and send to ZyXEL/USG for further analysis.

Table of Contents