Best Of

Use Case:
Many enterprise and SMB customers today operate in hybrid environments where part of their infrastructure resides in public cloud services such as Microsoft Azure, AWS, or Google Cloud Platform.
Competitors like Cisco (Meraki vMX), Fortinet (FortiGate VM), and Sophos (XG Firewall VM) already offer virtual firewall appliances that can be deployed directly in the cloud and managed through their respective management platforms.
This allows for secure, direct, and managed connectivity between on-premises networks and cloud environments — including ExpressRoute, IPsec, GRE, or BGP peering setups.

Current Limitation:
Zyxel currently does not offer a virtual equivalent of the USG FLEX H-series that can be deployed in the cloud.
This creates challenges when customers want to:

• Establish site-to-site tunnels between Nebula-managed locations and cloud environments.
• Integrate Nebula networks with Azure Virtual Networks or AWS VPCs using IPsec or GRE.
• Maintain centralized management and visibility for hybrid networks within Nebula Control Center.

The lack of a virtual firewall forces partners to either:

• Deploy physical firewalls in data centers or colocation (costly and impractical), or
• Use native cloud gateways with limited integration into Nebula (reduced visibility, inconsistent policies).

Suggested Solution:
Develop a virtual version of the USG FLEX H-series, for example named “Nebula vFirewall” or “vUSG FLEX”, that can be:

• Deployed as a virtual machine or container in Azure, AWS, and GCP.
• Fully registered and managed in Nebula Control Center, with the same interface and policy structure as physical devices.
• Support IPsec, GRE, and BGP routing, identical to on-prem USG FLEX models.
• Licensed per performance tier (e.g., 500 Mbps, 1 Gbps, 2.5 Gbps).
• Act as a hub in a hub-and-spoke topology for Nebula SD-WAN networks.

Customer Impact:

• Enables true hybrid cloud networking within the Nebula ecosystem.
• Simplifies secure and managed connectivity to Azure ExpressRoute, AWS Transit Gateway, and similar cloud services.
• Removes dependency on physical hardware for cloud deployments.
• Improves competitiveness versus Cisco Meraki, Fortinet, and Sophos.
• Adds significant value for MSPs and enterprise customers building multi-site Nebula environments.

Currently, when manually reserving IP addresses, the DHCP log records its hostname as (NULL). However, for devices obtaining a dynamic IP from the DHCP pool, the hostname is correctly fetched and displayed in the logs.

User @Maverick87 would like to request an enhancement to have consistent and informative DHCP logs for all clients.

This suggestion originated from the post found here:

[USG FLEX 100H] IP Reserved on local DHCP Server and NULL as HostName in the DHCP Log — Zyxel Community

If anyone likes this idea, please show your support by leaving a comment or voting for it.

Currently, the system prevents an entry from being saved if the "Host Name" field is identical to an entry. It shows a "The value in this field is duplicate" error, even when the MAC addresses for the entries are completely different and unique.

While the DHCP server assigns IP addresses based on the device's MAC address, following the standard DHCP process, and does not use the hostname to identify devices, user @Maverick87 would like to request an enhancement to give the validation logic for the "Host Name" field should be treated as a descriptive label for administrative convenience.

This suggestion originated from the post found here:

If anyone likes this idea, please show your support by leaving a comment or voting for it.

User @PeterUK requires BWM function can support FQDN object for USG FLEX H series model.

Anyone who likes this idea, please leave your comments below and vote up for this idea post.

original link