-
Is it possible to configure the LAN on a Nebula firewall to go out via a different public IP?
Question: Is it possible to configure the LAN on a Nebula firewall to go out via a different public IP? Answer: The current Nebula mode firewall doesn't support forcing client SNAT with a different public IP directly. You need to configure your firewall in on-premise mode or cloud monitoring mode to achieve this.
-
How to check the most used websites?
Question: How to check the most used websites? Answer: We can check the website usage on SecuReporter. Go to SecuReporter > Analysis > Network Activity > Web Content Filter, and scroll down to the button of the page, you can see two sections. Blocked Website Access History Allowed Website Access History With these two…
-
Guest WiFi is not working. It's connected but no internet access, do you know why?
Question: Guest WiFi is not working. It's connected but no internet access, do you know why? Answer: Go to Configure > Access points > SSID advanced settings > Advanced settings > Layer 2 isolation, enable Layer 2 isolation, and add the DNS server's MAC address to the white list, next to the gateway's MAC address. It…
-
How many NAT rules can I add on Nebula firewall?
Question: How many NAT rules can I add on Nebula firewall? Answer: USG FLEX 100(W): 50 USG FLEX 200: 50 USG FLEX 500: 100 USG FLEX 700: 200 USG FLEX 50: 50 ATP100(W): 50 ATP200: 50: 100 ATP500: 100 ATP700: 200 ATP800: 200 USG FLEX 50AX: 50
-
How long will the WAN failover feature take?
Scenario : Users can follow this article : [ATP/FLEX]How do you setup failover with 2 ISP providers? to set up dual WAN failover feature, but how long will the WAN failover feature take? Answer : It shall be fast, please refer to our lab test result: The ATP100 has two WAN interfaces. The backup interface is set to WAN2.…
-
Can I create two Virtual server rules with the same public port?
Indeed, a single public port can only be assigned to one virtual server rule. If you attempt to create two virtual server rules with the same public port in the Nebula Control Center, the configuration will not be able to save.
-
How many Allowed IP can I use in NAT rule?
You can only add 10 allowed IP items in the allowed IP column on Nebula Control Center. If you want to add more items, please consider using IP range, CIDR, or Geo IP (country) object.
-
Can I add many allowed IP in a NAT rule?
You can only add 10 allowed IP items in the allowed IP column on Nebula Control Center. If you want to add more items, please consider using IP range, CIDR, or Geo IP (country) objects.
-
Why cannot I add many IPs in NAT rule allowed IP column?
In cloud mode, you can only add 10 allowed IP items in the allowed IP column on Nebula Control Center. If you want to add more items, please consider using IP range, CIDR, or Geo IP (country) objects.
-
Why cannot I add any IP in firewall/NAT rule allowed IP column after I set GEO IP object?
This is a spec limitation. The allowed IP column can only enter the IP/IP range or GEO IP objects at the same time.
-
[Nebula] How to change DHCP settings in LAN interface on Nebula firewall?
Question: How to change DHCP settings in LAN interface on Nebula firewall? Answer: On Nebula, go to Configure > Firewall > Interface. Click "Edit" of the selected lan interface to edit DHCP settings.
-
[Nebula] Where can I find the DHCP lease table on Nebula?
Question: Where can I find the DHCP lease table on Nebula? Answer: On Nebula, go to Devices > Firewall. You can find DHCP leases in Live tools.
-
Static DHCP Binding Enhancement
Static DHCP Binding Enhancement In Nebula 18.00, we have enhanced the static DHCP binding feature to ensure that client devices consistently receive the same IP address, improving network stability and management. This article provides an overview of these enhancements and explains how they benefit both firewalls and…
-
Visible NAT Implicit Rules
Visible NAT Implicit Rules In Nebula 18.00, we’ve introduced a minor but significant enhancement to the firewall's security policy management by making NAT implicit rules visible. This update improves transparency and helps users understand the automatic configurations applied to their network security. Overview of…
-
Firewall Backup Interface I-Note
Firewall Backup Interface I-Note Overview of the Update In the latest update for USG FLEX and ATP firewalls, we have introduced a minor but important enhancement to the WAN load balancing feature. This update includes additional notes in the I-Note section of the WAN load balancing settings, providing users with crucial…
-
Why is there sometimes latency or even a complete network dropout for specific end users?
You can simply check if there is a log shown as in the following figure. If so, it means this client has reached the maximum session limit, causing traffic to be dropped. In Configure > Traffic shaping, you can extend the session. We recommend starting with 1500 and then extending it slightly if the issue persists.
-
[Nebula] What should I check besides raising session limit when I keep reaching the session limit?
Question: I keep reaching the maximum session. In addition to raising the value of the session limit, what else should I check? Answer: By default, the session limit per host is 1000, and sometimes we may see event logs like "Maximum sessions per host(1000)". At this time, the PC host may encounter service outage because…
-
[Nebula] How to put a USG FLEX device into bridge mode on the wan side?
Question: How to put a USG FLEX device into bridge mode on the wan side? Answer: Bridge interface is not supported on Nebula for firewall. In Configure > Firewall > Port > Port Group, you can assign multiple ports to the same LAN group only.
-
[ATP/FLEX]How can I see active sessions on my usg?
Currently Nebula GUI does not show active sessions. Please use the following command as alternative: Router> debug system show conntrack
-
[ATP/FLEX]All the options in the WAN interface configuration
This article explains all the options settings in WAN interface configuration: Port group Select the name of the port group to which you want the interface to (network) belong. SNAT Select this to enable SNAT. When enabled, the Nebula Device rewrites the source address of packets being sent from this interface to the…