-
Nebula Firewall Matrix Table(ZLD5.37)
Model Name USG20-VPN USG20W-VPN USG FLEX 50 USG FLEX 50AX USG FLEX 100 USG FLEX 100W USG FLEX 100AX USG FLEX 200 USG FLEX 500 USG FLEX 700 ATP100 ATP100W ATP200 ATP500 ATP700 ATP800 Interface VLAN 8 8 8 8 8 8 8 16 32 64 8 8 16 32 64 64 Routing Static Route 30 30 30 30 30 30 30 50 100 200 30 30 50 100 200 200 Policy Route…
-
[ATP/FLEX] How to add the last Optional port to LAN1 in port group?
Once you have successfully executed ZTP (Zero Touch Provisioning), if you wish to exclusively use the LAN1 subnet while facing difficulty in saving the last optional port to LAN1 port group, refer to the illustration below: Why cannot save it? This issue arises due to the firewall's default configuration, which comprises…
-
[ATP/FLEX] How to access SSH service of Nebula Firewall?
Scenario: Sometimes, when troubleshooting network issues, we might need to access a device via SSH. You can follow the steps below to access the device's SSH service for troubleshooting. Steps: You may skip step 1) if you access SSH service from LAN interface of the device. 1) Create a security policy to allow SSH service…
-
[ATP/FLEX] How to set up Nebula Monitor Mode?
Nebula Monitor Mode provides remote SSH, remote Web-GUI,and backup configuration file functions, allowing users to manage on-premise devices more easily. This article will guide you on how to set up Nebula Monitor Mode. *Please ensure that the on-premise firewall has already been registered on the Nebula account (same as…
-
[ATP/FLEX] How to add existing SecuReporter account to monitor Nebula firewall?
Question : If your SecuReporter account and the Nebula account are different, but you would like to use the existing SecuReporter account to monitor the Nebula firewall, how can you deploy this? Answer : Please navigate to Organization-wide > Administrators to add the existing SecuReporter account to this org and site.…
-
[ATP/FLEX] How to schedule backup the configuration file in Nebula Monitor Mode?
Purpose: To allow the user to schedule back up the configuration on the Nebula by schedule and prevent it from being lost due to unexpected reasons. Question: How to schedule backup the configuration file in Nebula Monitor Mode? Answer : Ensure the device is in Nebula Monitor Mode. Side-wide > Monitor > Devices > Firewall…
-
[ATP/FLEX] How to backup the configuration file in Nebula Monitor Mode?
Purpose: To allow the user to back up the configuration on the Nebula and prevent it from being lost due to unexpected reasons. Question: How to backup the configuration file in Nebula Monitor Mode? Answer : Ensure the device is in Nebula Monitor Mode. Side-wide > Monitor > Devices > Firewall > Configuration Side-wide >…
-
[ATP/FLEX] How to use remote Web-GUI in Nebula Monitor Mode?
Question: How to use the Remote configurator to generate a remote Web-GUI link in Nebula Monitor Mode? Answer : Ensure the device is in Nebula Monitor Mode. Side-wide > Monitor > Devices > Firewall > Configuration Side-wide > Monitor > Devices > Firewall > Live tools > Remote configurator Click the "Establish" button.…
-
[ATP/FLEX] How to use Remote SSH in Nebula Monitor Mode?
Question: How to use Remote SSH in Nebula Monitor Mode? Answer : Ensure the device is in Nebula Monitor Mode. Side-wide > Monitor > Devices > Firewall > Configuration Side-wide > Monitor > Devices > Firewall > Live tools > Remote SSH Click the "Establish" button. Click "OK" to proceed. The remote SSH link has been…
-
[ATP/FLEX] Why I cannot add port1 to LAN1 or LAN2 Group in Port Group?
Question: Why I cannot add port1 to LAN1 or LAN2 Group? Answer: Port1 is the SFP which cannot be in the same LAN group as ethernet ports. Meanwhile, ethernet port 3,4,5 are in LAN1 group, so por1(SFP port) cannot be added into LAN1 group Solution: You may click +Add to create a new LAN group for the SFP port, or you can…
-
[ATP/FLEX] How to find the Cloud Monitoring Mode ID?
Log into the Cloud Monitoring portal at Nebula (https://nebula.zyxel.com). Click the icon "Organization-wide manage" and click "Organization settings". Click the icon to copy the Cloud Monitoring Mode ID.
-
[ATP/FLEX] How to access Local WEB GUI of Nebula Firewall?
From LAN interface In this example, the IP address of lan1 interface is 192.168.8.1. Connect a laptop to lan1 interface. Open a browser and enter the IP address of lan1 https://192.168.8.1. From WAN interface 1) Create a security policy to allow HTTPS service from wan interface. By default, it is unable to access device…
-
[ATP/FLEX] How to turn on support request on nebula?
On nebula, click “More” and “Help”. Click “Support request” and turn on “Invite Zyxel support as administrator”.
-
[ATP/FLEX] How to check Real-Time traffic on Nebula
Scenario Sometimes
when we troubleshoot network issues, we may need to check at all established
sessions that passed through the Zyxel Device by user, service, source IP
address, or destination IP address. You can also filter the information by
user, protocol / service or service group, source address, and/or…
-
[ATP/FLEX] How to capture packets on Nebula Firewall Local WEB GUI?
Scenario Packets
analysis is a common troubleshooting technique for network administrators, and
is also used to examine network traffic for security threats, performance, and
connection issues. This example illustrates how to capture packets on Nebula Firewall Local WEB GUI. Demonstration You may skip step 1)
if you access…
-
[ATP/FLEX] How to capture packets on Nebula Firewall
Scenario Packet-trace is
a CLI-based packet capturing tool on device. It can be used to sniffer and
analyze network traffic by intercepting and displaying packets transmitted in
the network interface. This
example illustrates how to capture packets in CLI mode on Nebula. Demonstration You may skip step 1)
if you access SSH…
-
[ATP/FLEX] How to configure remote Syslog server on Nebula?
Syslog is a protocol for message logging that Firewall uses
to send event logs to a remote server for logging. On Firewall, Syslog can be
used to log events such as Link status, system build-in service, security
policy control, etc. A lot of different types of events can be logged. Logs are
essential when troubleshooting…
-
[ATP/FLEX] Why clicking “Upgrade Now” button on NCC server did not upgrade firmware continually?
Due to Application Patrol signature parsing error, it may cause device unable to boot any more after rebooting the system. And also include system is unable to upgrade firmware from Nebula server no matter which App Patrol signature version was installed on your device. Connection#1 If you clicked “Upgrade Now” button on…
-
[ATP/FLEX] How to Choose Management Mode?
When you log in to device Web GUI for the first time, you are able to select the management mode in the Initial Setup Wizard. Note that, your device must be in factory default setting if you want to choose the management mode. There are 2 selections:• On premises mode: Manage device directly using either the Web GUI or the…
-
[ATP/FLEX] How to Deploy with Nebula Native Mode for Gateway obtained ZTP Certificate?
In previous firmware versions, we use Zero-Touch Provision (ZTP) to deploy USG FLEX on the cloud. ZTP requires activation via hyperlink or USB Flash drive every time device is assigned to site, and WAN setting must be complete on Nebula Control Center. Since firmware 5.10, Native Mode provides an easier installation to…