There is a hole in the firewall of the USG20 in its default configuration that you need to plug. The entry in the firewall looks like this:
There isn’t anything dangerous about this hole. It won’t allow your computers inside your network to be attacked. It simply allows traffic to the Zywall itself for the Default_Allowed members (AH, ESP, HTTPS, IKE, NATT, GRE, VRRP). But to the world, your router now responds on the ports defined by those services and there will be attempts to connect to your router using those. I recommend disable or deleting this entry in your firewall. Recently I saw a USG50 attacked every few hours on these ports and it would bring down the entire connection. Just disable them if you aren’t using them.