Nebula Security Gateway - Zyxel Community

Does Nebula Security Gateway support DMZ feature?
No, Nebula Security Gateway(NSG) does not support the DMZ feature. But there’s a workaround solution to have an interface/LAN to act as a DMZ. Please reference:
Why my Security gateway’s interface cannot enable the guest interface?
This is because this interface is using VPN in the site-to-site VPN page. If you need to enable the guest interface, please disable VPN usage on this interface.
How to create DMZ on NSG?
A DMZ (Demilitarized Zone) is a concept in your network to create a public area where you can place public servers for external network access. The typical rule is to allow traffic from both the WAN and LAN, but not to allow traffic from the DMZ to the LAN. This helps prevent external attackers from using it as a stepping…
Can NSG and USG FLEX create Nebula site-to-site VPN?
You can create a Nebula site-to-site VPN for NSG and USG FLEX. You only need to enable site-to-site VPN on both sites. Nebula will automatically generate the suitable VPN configuration and apply it to them. You can check the VPN connectivity in Menu > Site-wide > Monitor > Firewall/Security gateway > VPN connections five…
Can the NSG seires configure QoS?
No, the NSG50 model does not support Quality of Service (QoS) configurations. For advanced QoS features, please consider upgrading to newer firewall models. Cloud Managed Firewalls: USG FLEX series ATP series Cloud Monitoring Firewalls: USG FLEX H series If you encounter any other issues, please help create a post here and…
Where will the DHCP subnet be obtained from if there is a two NSG devices with a Site-To-Site VPN?
The client still use the local LAN subnet to communicate with the peer site, so it won't get the IP from the peer site DHCP server. For instance, there are 2 NSG connected with site-to-site VPN as like the following topology. The client under NSGA is still using LAN1 subnet 192.168.10.0/24 to communicate with LAN2 subnet…
How can I change the NTP server in gateway?
Nebula production only support the fixed NTP server on domain 0.pool.ntp.org, 1.pool.ntp.org. If your contury or ISP has not support these 2 domains, but only the specific domain then you can set DNS record for it. For instance, if your local network only support domain of "abc.ph.ntp.org" and you can set it to DNS record.…
Difference Between Guest VLAN and Layer 2 Isolation.
In networking, both Guest VLAN and Layer 2 Isolation are techniques used to enhance network security and manage traffic within a network. However, they serve different purposes and are implemented in different ways. Below are the key differences between Guest VLAN and Layer 2 Isolation. The guest interface subnet end…
Why my PC connect to LAG port on NSG but cannot access Internet?
NSG LAG function must connect with a switch at least. If you connect with a PC, the LAG function cannot work properly. Which causes the PC/client cannot access the Internet or other interfaces.
What is the correct scenario for connecting the switch to NSG using link aggregation?
There are simply three different scenarios for connecting link aggregation between NSG and switches. Active-backup mode. Balance-ALB LACP and Balance-ALB
How to check if NSG can negotiate with the AD server?
If you have found that fail to do the authentication with the AD server then you might need to check the following CLI to check if it can _debug domain-auth test profile-name [ad profile name] username [username] password [password] if you got the result of "The configure is not ok!" then you might need to confirm your AD…
How to block specific website by the NSG Series
Since the NSS license provides Anti-Malware and Content Filtering, how can we block the specific website? You can use Content Filtering and follow the directions below to complete it easily: Configure > Security Gateway > Security Service Content Filtering (Click to enable) > Black List Enter the URL you want to block and…
Server and Client VPN
This topic focuses on a NSG Server/Client VPN scenario. The figure below illustrates how a gateway in server role is free to use a dynamic public IP and does not need to know the IP of the peer (client role) site. You can find Server-and-Client scenario through the path: Configure > Security gateway > Site-to-Site VPN.…
[NEBULA]What is the startup of Nebula Device LED Indicators?
The startup description of Nebula Device LED Indicators is as below matrix table. You can also find it in Nebula, Help> Device LED guide You may also download it from the link.
[NEBULA] How to setup L2TP VPN client connection with Authentication-Server?
Nebula Cloud platform offers the option to allow L2TP VPN users to authenticate wired/wireless networks over radius and(or) AD servers, connecting to local domain controllers in the network. Prerequisite: Client VPN IP addresses cannot overlap LAN subnet Scenario: Setup L2TP VPN connection with Radius/AD servers in Windows…
How to configure Virtual server (NAT) with security policy?
In most cases, you don't need to configure the firewall rule if there is no virtual server (NAT) rule. NSG has the default rule (running in background) to block the traffic from WAN to LAN. If there is a NAT rule, you can put trust IP in the "Allowed Remote IP" which is equal to a whitelist.In Configure > Security…
How to establish Hub and Spoke VPN between Nebula Devices (USG FLEX & NSG)?
In the Hub-and-Spoke VPN topology, there is a VPN connection between each spoke router and the hub router, which uses the VPN concentrator. The VPN concentrator routes VPN traffic between the spoke routers and itself. Scenario: Setup Hub and Spoke VPN between USG FLEX and NSG devices under the same organization. 1.…
Interface Port Grouping of NSG50, NSG100 and NSG200
This post will introduce how to configure port grouping on NSG. The user can assign the physical LAN port to the port group. In the picture above, it means port 3 and 4 are in port group 1, and port 5 and 6 in port group 2. For interface, LAN1 interface is port group 1 and LAN2 interface is port group 2 by default. When…
Deliver Corporate-level Network Security to Anywhere in the World
Due to the pandemic, businesses now need to ensure their networks can be accessed securely outside the office by their employees working at homes or remotely while still providing the same level of corporate security. What We Offer? Based on the zero-trust network security, Zyxel has developed the Remote Access Point…
Interface Port Grouping of NSG300
This post portrays the difference of Interface Port Grouping between "NSG300" and "NSG50,NSG100, and NSG200". And how to configure Interface Port Grouping for NSG300. Let's take a look at port grouping of NSG50,NSG100, and NSG200. There are two port groups as options that users are able to determine each port belongs to…

Welcome!

It looks like you're new here. Sign in or register to get started.