-
Where will the DHCP subnet be obtained from if there is a two NSG devices with a Site-To-Site VPN?
The client still use the local LAN subnet to communicate with the peer site, so it won't get the IP from the peer site DHCP server. For instance, there are 2 NSG connected with site-to-site VPN as like the following topology. The client under NSGA is still using LAN1 subnet 192.168.10.0/24 to communicate with LAN2 subnet…
-
How can I change the NTP server in gateway?
Nebula production only support the fixed NTP server on domain 0.pool.ntp.org, 1.pool.ntp.org. If your contury or ISP has not support these 2 domains, but only the specific domain then you can set DNS record for it. For instance, if your local network only support domain of "abc.ph.ntp.org" and you can set it to DNS record.…
-
Difference Between Guest VLAN and Layer 2 Isolation.
In networking, both Guest VLAN and Layer 2 Isolation are techniques used to enhance network security and manage traffic within a network. However, they serve different purposes and are implemented in different ways. Below are the key differences between Guest VLAN and Layer 2 Isolation. The guest interface subnet end…
-
Why my PC connect to LAG port on NSG but cannot access Internet?
NSG LAG function must connect with a switch at least. If you connect with a PC, the LAG function cannot work properly. Which causes the PC/client cannot access the Internet or other interfaces.
-
What is the correct scenario for connecting the switch to NSG using link aggregation?
There are simply three different scenarios for connecting link aggregation between NSG and switches. Active-backup mode. Balance-ALB LACP and Balance-ALB
-
How to check if NSG can negotiate with the AD server?
If you have found that fail to do the authentication with the AD server then you might need to check the following CLI to check if it can _debug domain-auth test profile-name [ad profile name] username [username] password [password] if you got the result of "The configure is not ok!" then you might need to confirm your AD…
-
How to block specific website by the NSG Series
Since the NSS license provides Anti-Malware and Content Filtering, how can we block the specific website? You can use Content Filtering and follow the directions below to complete it easily: Configure > Security Gateway > Security Service Content Filtering (Click to enable) > Black List Enter the URL you want to block and…
-
Server and Client VPN
This topic focuses on a NSG Server/Client VPN scenario. The figure below illustrates how a gateway in
server role is free to use a dynamic public IP and does not need to know the IP
of the peer (client role) site. You can find Server-and-Client scenario through the path: Configure > Security gateway > Site-to-Site VPN.…
-
[NEBULA]What is the startup of Nebula Device LED Indicators?
The startup description of Nebula Device LED Indicators is as below matrix table. You can also find it in Nebula, Help> Device LED guide You may also download it from the link.
-
[NEBULA] How to setup L2TP VPN client connection with Authentication-Server?
Nebula Cloud platform offers the option to allow L2TP VPN users to authenticate wired/wireless networks over radius and(or) AD servers, connecting to local domain controllers in the network. Prerequisite: Client VPN IP addresses cannot overlap LAN subnet Scenario: Setup L2TP VPN connection with Radius/AD servers in Windows…
-
How to configure Virtual server (NAT) with security policy?
In most cases, you don't need to configure the firewall rule if there is no virtual server (NAT) rule. NSG has the default rule (running in background) to block the traffic from WAN to LAN. If there is a NAT rule, you can put trust IP in the "Allowed Remote IP" which is equal to a whitelist.In Configure > Security…
-
How to establish Hub and Spoke VPN between Nebula Devices (USG FLEX & NSG)?
In the Hub-and-Spoke VPN topology, there is a VPN connection between each spoke router and the hub router, which uses the VPN concentrator. The VPN concentrator routes VPN traffic between the spoke routers and itself. Scenario: Setup Hub and Spoke VPN between USG FLEX and NSG devices under the same organization. 1.…
-
Interface Port Grouping of NSG50, NSG100 and NSG200
This post will introduce how to configure port grouping on NSG. The user can assign the physical LAN port to the port group. In the picture above, it means port 3 and 4 are in port group 1, and port 5 and 6 in port group 2. For interface, LAN1 interface is port group 1 and LAN2 interface is port group 2 by default. When…
-
Deliver Corporate-level Network Security to Anywhere in the World
Due to the pandemic, businesses now need to ensure their networks can be accessed securely outside the office by their employees working at homes or remotely while still providing the same level of corporate security. What We Offer? Based on the zero-trust network security, Zyxel has developed the Remote Access Point…
-
Interface Port Grouping of NSG300
This post portrays the difference of Interface Port Grouping between "NSG300" and "NSG50,NSG100, and NSG200". And how to configure Interface Port Grouping for NSG300. Let's take a look at port grouping of NSG50,NSG100, and NSG200. There are two port groups as options that users are able to determine each port belongs to…
-
How to register the brand new USG FLEX series on Nebula Control Center (NCC)?
SCENARIO DESCRIPTION: The USG FLEX series are Zyxel’s powerful firewall
products that have the precise protection, delivering high level of performance
and security for SMB business networks. With the recent integration of USG FLEX
firewall series into the NCC, Nebula cloud-managed platform is now further enhanced
with…
-
How Value-added resellers act on behalf of their customer to pre-configure the USG FLEX on Nebula
USG FLEX on Nebula USG FLEX series can be managed and provisioned by Nebula Control
Center (NCC) from ZLD5.00 firmware. This document shows how Value-
added resellers (VARs) act on behalf of their customer to add and
pre-configure the USG FLEX settings on Nebula, before delivering the
device to customer or reseller for…
-
Collaborative Detection & Response (CDR) keeps your network more secured and healthy
In
recent years, rapidly-expanding attacks surface. More and more companies are
encountering a higher risk of transgression than ever before as they are unable
to retain security expertise to keep their network away from current threats. Collaborative
Detection and Response is a feature enhancement that further improves…
-
How to register on-premise USG FLEX series onto Nebula Control Center (NCC)?
The USG FLEX series
are Zyxel’s powerful firewall products that have the precise protection,
delivering high level of performance and security for SMB business networks.
With the recent integration of USG FLEX firewall series into the NCC, Nebula
cloud-managed platform is now further enhanced with zero-trust security…
-
How to establish Site-to-site VPN when both Nebula gateways are in different Organizations?
In Figure1,
there are two Nebula gateways that want to establish site-to-site VPN
connection, but they are in different organizations. Figure 1 Site-to-SIte VPN Configuration Setting: For Demo/Demo: Go
to "Configure > Security gateway > Site-to-Site VPN > Non-Nebula VPN peers"
and configure the parameters. Name:…