-
Why does my Nebula-to-NonNebula VPN tunnel disconnect frequently?
I configure Nebula-to-NonNebula VPN with the correct configuration, but there is disconnected frequently, and there is not complete VPN connection shown on Nebula Control Center (NCC). * Topology * You may see the incomplete VPN connection info shown on NCC * The disconnected status * Short tunnel uptime * No Last…
-
Which ports have been enabled on Nebula Security Gateway by default?
The following ports have been enabled on NSG by default, please kindly avoid these ports be enabled on settings, such as Virtual Server * port 22: SSH for TCP and UDP * port 47: for GRE * port 50: for ESP * port 51: for AH * port 80: web for http * port 443: web for https * port 500: for IKE * port 4500: for NATT
-
[NEBULA] How can I have the pie chart for Traffic Summary on Dashboard?
How can I have the pie chart for Traffic Summary on Dashboard? There are three items you need to check with, 1. You need to have Nebula Security Gateway (NSG) in your side. 2. You have the valid Nebula Security Service License in your organization. * Go to License & Inventory, the NSS status should be OK. 3. Application…
-
How can I know if a user connected L2TP VPN?
User is able to check L2TP VPN clients through Monitor > Security gateway > VPN connections page at "Client to site VPN login account" section. NCC lists down all L2TP login Accounts there, including * Who connected with - User Name and Hostname * What IP address is being assigned/used - Assigned IP and Public IP
-
How to packet capture on Nebula Security Gateway?
You can capture packet from Nebula Security Gateway (NSG) web gui first as below, * Login NSG web gui * Click Maintenance on the left menu bar * In the Diagnostic page, you can see the Packet Capture tag * Add the interface you want to capture from the block of Available interface to Capture * Click Capture button * You…
-
[NEBULA] VoIP port on Nebula Security Gateway
If there is no specific port for VoIP service on your side, you have to set outbound rule to allow port 5060 which is default port to pass the traffic from WAN to LAN. On the contrary,
it should work.
-
What's wrong with Site-to-Site VPN on Nebula Control Cente?
When Site-to-Site VPN tunnel cannot be established successfully, please check the following actions, * If your Nebula Security Gateway (NSG) is behind NAT/Router, * Go to Configure > Security gateway > Site-to-Site VPN and switch the Nebula VPN enable from off to on * Check your NAT traversal, please enter your public IP…
-
What is the default proposal for Nebula-to-Nebula VPN on Nebula Security Gateway?
The default proposal for Nebula-to-Nebula VPN is as following: [Nebula Security Gateway] IKE version: IKEv1 Negotiation Mode: Main Phase 1 -Encryption: 3DES -Authentication: SHA256 -Diffie-Hellman group: DH1 -SA Lifetime (seconds): 84600 Phase 2 -Encryption: 3DES -Authentication: SHA256 -PFS group: none -Lifetime…
-
[NEBULA] How to enable Dynamic DNS on Nebula Security Gateway?
Before enabling DDNS, you need to register DDNS service on provider website, and NSG should be connected the public IP directly. * Go to Configure > Security gateway > Interface addressing. * Scroll down to the part of Dynamic DNS. * Switch Automatic registration from OFF to ON. * Select your DDNS provider, and we take…
-
[NEBULA] What is the difference between All sites and This Site for Availability configuration?
When user want to establish VPN tunnel between Non-Nebula and Nebula device, they have to go to Configure > Security gateway > Site-to-Site VPN to create Non-Nebula VPN peers on NCC. Then you will see Availability option there, and in dropdown list, there are All sites and This site you can select. What is the difference…
-
[NEBULA] How to remote access to NSG Local GUI ?
Prerequisite: NSG is online on NCC. 1. Check your device's (e.g.: PC) public IP Click Where is my public IP 2. Allow your public IP to access NSG local GUI Configure > Firewall > Security Policy > Security gateway services > Web (local status & configuration) > Enter your device's public IP > then click Save 3. Check NSG…
-
[NEBULA] How to configure PPPoE or static IP address for WAN interface of NSG?
NSG's WAN interface is configured as DHCP by default. If you want to configure PPPoE or static IP address, you may access the WebGUI of NSG and go to Configuration > Interface to edit the WAN interface. PPPoE: Static IP: Remember to fill the required information and click OK. P.S. 1. If your NSG has never been online on…
-
[NEBULA] How to setup L2TP VPN client connection with Authentication Server?
Nebula Cloud platform offers the option to allow L2TP VPN users to authenticate wired/wireless networks over radius and(or) AD servers, connecting to local domain controllers in the network. Prerequisite: Client VPN IP addresses cannot overlap LAN subnet Scenario: Setup L2TP VPN connection with Radius/AD servers in Windows…
-
[NEBULA] How to establish Site to Site IPSec VPN between Nebula Devices (NSGs) ?
Prerequisite: LAN (Private subnet) Networks cannot overlap between each site Scenario 1 : Setup site to site VPN between Nebula devices (eg: NSG100 and NSG200) under the same organization Configure Site to Site IPSec VPN on NSG200 in NSG200 site 1. Configure > Security gateway > Site-to-Site VPN 2. Select Outgoing…
-
[NEBULA] How to establish Site to Site IPSec VPN between Nebula and Non-Nebula devices ?
The following is an example to setup site to site VPN between Nebula device(NSG100) and Non-Nebula device(ZyWall USG 200) Nebula Device Configuration 1. Go to Configure > Security gateway > Site-to-Site VPN 2. Go to Gateway > Configure > Site-to-Site VPN > Outgoing Interface to choose WAN interface Local networks > Toggle…