Networking - Zyxel Community

How to properly use Layer2 Isolation on USG ATP/FlEX
Question How can I effectively use Layer2 Isolation on the USG ATP/FLEX to ensure some clients communicate while others remain isolated? Answer: Layer2 Isolation on the USG ATP/FLEX is designed to allow or block communication between clients on the same subnet. If you think it's not working as expected * Try flushing the…
How can I find the mac address of nebula firewall?
Question: How can I find the mac address of nebula firewall? Answer: Please log in SSH and perform following command: Router# debug system ip addr
How to configure two LAN IPs on a Nebula firewall?
Question: How to configure two LAN IPs on a Nebula firewall? Answer: We are unable to configure the secondary IP on Nebula Firewall
How to check Policy Route on Nebula Firewall
Question: How to check policy route on Nebula Firewall? Answer: Log in Firewall by SSH and perform "debug sdwan show bpolicy running-config" The policy route will be present as following format
How to check static route on Nebula Firewall
Question: How to check routing on Nebula Firewall? Answer: Log in Firewall by SSH and perform "debug sdwan show route running-config " The static route will be present as following format
How to Create a Guest Network on Nebula firewall?
Question: How do I create a guest network on Nebula? Answer: To create a guest network on Nebula: Navigate to Site-wide > Configure > Firewall > Interface. Enable the Guest option. Once the guest network is enabled, clients connected to this interface will only have Internet access and will be restricted from accessing…
[ATP/FLEX] When WAN1 comes back online, why does the traffic continue to stay on WAN2?
Question: I have configured Weight Round Robin setting from Nebula firewall and also setup WAN2 interface as Backup interface. But why the traffic still keep on WAN2 interface even the WAN1 interface has fallback completely? Answer: The firewall will keep the old session on WAN2 interface until it has transmitted…
How to Configure NAT 1:1 Firewall on Nebula?
Question: How can I configure a NAT 1:1 firewall on Nebula? Answer: Go to Site-Wide > Configure > Firewall > NAT, and click Add to create a 1:1 NAT rule. Public IP: Wan interface IP LAN IP: The IP address of the LAN host Uplink : Wan1 or Wan2 Note: The public IP address used for NAT cannot be the same as the WAN interface…
How to Route Traffic from One LAN to the Internet via a Specific WAN?
Question: How can I route traffic from one LAN to the internet via a specific WAN? Answer: Navigate to Site-Wide > Configure > Firewall > Routing. Click Add to create a policy route. Source: Internal subnet or interface Destination: Any Type: Internet Traffic Next-Hop: External WAN interface
[ATP/FLEX] Why is Guest network on lan2 interface grayed out?
Question: I would like to turn on Guest network on lan2 interface but it is grayed out. How to turn it on? Answer: This is because this interface is using VPN in the site-to-site VPN. If you need to turn on Guest on the interface, disable VPN usage on this interface and you can turn on Guest on the interface.
[ATP/FLEX] How to configure IPv6 on Nebula firewall?
Question: How to configure IPv6 on wan and lan interfaces on Nebula firewall? Answer: Currently, Nebula firewall does not support IPv6. You can configure IPv6 on the firewall's web GUI and use Cloud Monitoring Mode to manage the device in Nebula.
How do I check the connectivity check failure log on the Nebula firewall?
uestion : Once the user configures the connectivity check the settings, as shown below: How to check the connectivity check failure log on the Nebula firewall? Answer : The user can navigate to Side-wide > Monitor > Firewall > Event log and select the Category to 'System' to search the historical log. For instance, if the…
[ATP/FLEX]Why NAT loopback does not work on USG FLEX/ATP Series?
Question: A user can access an internal website with Internal IP but not on WAN IP. How can this issue be resolved? Answer: It might be NAT loopback does not work as expected. Please ensure the Virutal server WAN address in setting page is bound to the public IP instead of Any. If you use "ANY", the Firewall will not…
Why am I unable to add a NAT rule with a specific port range?
Why am I unable to add a NAT rule with a specific port range? Question: Why can't I add a NAT rule for the port range 51000-52000 on my firewall? Answer: The issue arises because of overlapping port ranges in your existing NAT rules. Specifically, RuleX is already using the port range 49152-65535, which overlaps with the…
How to configure remote access to a PC via Nebula?
Question: I am trying to configure remote access to a PC via Nebula. How to configure on Nebula firewall? Answer: You can follow the guides in these FAQs to configure a NAT rule with RDP port 3389 on Nebula firewall. [ATP/FLEX] How to configure a NAT Rule (Virtual Server) on Nebula? [ATP/FLEX] How to configure a NAT rule…
How do I configure vlan to vlan communication on firewall?
Question: How do I configure vlan to vlan communication on firewall? Answer: Once vlan interfaces are created, they can communicate with each other because of the default implicit allow rule. You can add extra security policy rule (Deny, Source and Destination) to block traffic between vlan interfaces. If you just allow…
[ATP/FLEX] How to add virtual interface on Nebula firewall?
Question: How to add virtual interface on Nebula firewall? Answer: Nebula doesn't support virtual interface. If you need to add virtual interfaces on ATP/USG FLEX, you can switch the operation mode to Cloud Monitoring Mode. [ATP/FLEX] How to set up Nebula Monitor Mode? I want to use cloud monitoring mode, but what should I…
How do I check the DHCP-related settings of an interface using the CLI on a Nebula firewall?
Question : For troubleshooting purposes, the user may want to check the DHCP-related settings of an interface using the CLI on a Nebula firewall. This article will guide you on how to do that. Answer : Regarding this article: How do I check the interface-related settings using the CLI on a Nebula firewall? The user can use…
How do I check the interface related settings using the CLI on a Nebula firewall?
Question : For troubleshooting purposes, the user may want to check the interface-related settings using the CLI on a Nebula firewall. This article will guide you on how to do that. Answer : The user can navigate to Site-wide > Configure > Firewall > Interface to check the current interface settings. Additionally, the user…
How do I display clients from a specific subnet in the ARP table using the CLI on a Nebula firewall?
Question : How do I display clients from a specific subnet in the ARP table using the CLI on a Nebula firewall? Answer : The user may want to check the current clients from a specific subnet for troubleshooting purposes. They can use the CLI command show arp-table | match "subnet IP range" to do this. For example, the user…

Welcome!

It looks like you're new here. Sign in or register to get started.