Best Of
Support FQDN wildcard for both root domain and subdomains on USG FLEX H
Currently on uOS, the FQDN object only supports the format *.domain.com, which matches subdomains (e.g., www.domain.com, mail.domain.com) but does not include the root domain (domain.com).
In ZLD systems, the format *domain.com was supported, allowing both the root domain and subdomains to be covered by a single entry.
User @PeterUK would like to request an enhancement to bring this behavior to uOS, so that a single wildcard can cover both the root domain and its subdomains.
This suggestion originated from the post found here: FQDN problem www.grc.com vs grc.com under wildcard — Zyxel Community
If anyone likes this idea, please show your support by leaving a comment or voting for it.
Lockout users by username or IP
Hello,
after reading another security idea I focused on how locking-out users with too much failed attempts really work.
Differently from my idea it does not lock the user while it lock its public IP
MY IDEA IS: add the choice in configure —> user group —> setting between locking by username provided and or by IP
this IMHO would be an advancement because:
- if you ban that it ip it might happen that you are banning even other users. scenario: 5 employees of the same company go to a conference, they need to connect to thei VPN, they all use the hotel's WiFi, the first users inserts the wrong password too many times, they are all stuck for 30 minuts (or the time set)
- an attacker can spoof it's IP every 5 attemps and apparently change it (via a vpn or whatever) and performe a brute force attack bypassing the lockout security settings
if one wants to be hyper protected i would leave the choice to block by IP and eventually by both
[USG FLEX/ATP] User account can change its password by themselves
User @kaktusus hopes USG FLEX/ATP user account can change its password by themselves.
Anyone who likes this idea, please leave your comment below and give this post a vote.
USG Lite 60AX DHCP Option 61
User @too_many_accounts need USG Lite 60AX to support DHCP Option 61 for his ISP in the UK (SKY).
Anyone who also needs this option, please leave your comment and give it a vote.
VLAN Names
It would be useful if there was a way to give a VLAN a name in Nebula and have the name appear in other parts of the GUI e.g.
1 = Default
2 = Printers
3 = CCTV
Current
Proposed
Current
Proposed
Having just VLAN numbers works okay when you only have a small number of people managing Nebula, but if you have lots of people and lots of VLANs, mistakes can be made and devices added to the wrong VLANs.
SkyGoat
ordering listst
Hi all,
It would be nice when it would be possible to order lists.
like when you create vlans, i like to have nice ordered lists, but for example you have vlan 1 3 and 5, and then you want to add an new vlan nr. 2, then your list becomes 1, 3, 5, 2. It would be nice if you can order it afterwards.
the same with dhcp reservations, and maybe other lists also.
yours dennis
Dpj
Client Description on Switch Monitoring Page
If I go to a Switches monitoring page and click on an active port, the MAC addresses detected on that port are displayed.
It would be useful if this box had an additional column for the 'Description' that would display the names of any devices that have been named.
Example
SkyGoat
Clients Page Search by VLAN
In the Site-wide > Clients page, the "All" search box doesn't have an option to search by VLAN. Can this please be added.
I know that if you select "Access point clients", "Switch clients" or "Security gateway clients", then you do have the option to search by VLAN, but would like to have this ability on the "All" list as well.
SkyGoat
Organisation Wide Client Page
In Site-wide > Clients you can see the devices connected on the currently selected site.
Please make an additional menu option, view or page that combines all the Clients from All Sites into one list.
If you have a highly mobile workforce that can connect from a number of different sites, it means having to click through each site one by one and performing a search on the Clients page of each until you find the client you're looking for. Having the option a combined Orgnisation Clients page of all sites would make it easier to track down Clients and diagnose issues.
SkyGoat
Nebula Switch Authentication allow to use both External Radius and Nebula Cloud
User @SkyGoat hopes the Nebula switch authentication can enable both External radius server and Nebula cloud authentication at the same time.
If any user likes this idea, please feel free to leave a comment and give it a vote.