-
Can I add many allowed IP in a NAT rule?
You can only add 10 allowed IP items in the allowed IP column on Nebula Control Center. If you want to add more items, please consider using IP range, CIDR, or Geo IP (country) objects.
-
Why cannot I add many IPs in NAT rule allowed IP column?
In cloud mode, you can only add 10 allowed IP items in the allowed IP column on Nebula Control Center. If you want to add more items, please consider using IP range, CIDR, or Geo IP (country) objects.
-
Why cannot I add any IP in firewall/NAT rule allowed IP column after I set GEO IP object?
This is a spec limitation. The allowed IP column can only enter the IP/IP range or GEO IP objects at the same time.
-
[Nebula] How to change DHCP settings in LAN interface on Nebula firewall?
Question: How to change DHCP settings in LAN interface on Nebula firewall? Answer: On Nebula, go to Configure > Firewall > Interface. Click "Edit" of the selected lan interface to edit DHCP settings.
-
[Nebula] Where can I find the DHCP lease table on Nebula?
Question: Where can I find the DHCP lease table on Nebula? Answer: On Nebula, go to Devices > Firewall. You can find DHCP leases in Live tools.
-
Static DHCP Binding Enhancement
Static DHCP Binding Enhancement In Nebula 18.00, we have enhanced the static DHCP binding feature to ensure that client devices consistently receive the same IP address, improving network stability and management. This article provides an overview of these enhancements and explains how they benefit both firewalls and…
-
Visible NAT Implicit Rules
Visible NAT Implicit Rules In Nebula 18.00, we’ve introduced a minor but significant enhancement to the firewall's security policy management by making NAT implicit rules visible. This update improves transparency and helps users understand the automatic configurations applied to their network security. Overview of…
-
Firewall Backup Interface I-Note
Firewall Backup Interface I-Note Overview of the Update In the latest update for USG FLEX and ATP firewalls, we have introduced a minor but important enhancement to the WAN load balancing feature. This update includes additional notes in the I-Note section of the WAN load balancing settings, providing users with crucial…
-
Why is there sometimes latency or even a complete network dropout for specific end users?
You can simply check if there is a log shown as in the following figure. If so, it means this client has reached the maximum session limit, causing traffic to be dropped. In Configure > Traffic shaping, you can extend the session. We recommend starting with 1500 and then extending it slightly if the issue persists.
-
[Nebula] What should I check besides raising session limit when I keep reaching the session limit?
Question: I keep reaching the maximum session. In addition to raising the value of the session limit, what else should I check? Answer: By default, the session limit per host is 1000, and sometimes we may see event logs like "Maximum sessions per host(1000)". At this time, the PC host may encounter service outage because…
-
[Nebula] How to put a USG FLEX device into bridge mode on the wan side?
Question: How to put a USG FLEX device into bridge mode on the wan side? Answer: Bridge interface is not supported on Nebula for firewall. In Configure > Firewall > Port > Port Group, you can assign multiple ports to the same LAN group only.
-
[ATP/FLEX]How can I see active sessions on my usg?
Currently Nebula GUI does not show active sessions. Please use the following command as alternative: Router> debug system show conntrack
-
[ATP/FLEX]All the options in the WAN interface configuration
This article explains all the options settings in WAN interface configuration: Port group Select the name of the port group to which you want the interface to (network) belong. SNAT Select this to enable SNAT. When enabled, the Nebula Device rewrites the source address of packets being sent from this interface to the…
-
[ATP/FLEX]How do you setup failover with 2 ISP providers?
Scenario : Users may want to set up a dual WAN configuration with two ISPs for WAN failover purposes in case one of the WAN interfaces fails. This article will guide you on how to set up this feature. Answer : First, please navigate to Site-wide > Configure > Firewall > Interface to check if the firewall is configured for…
-
[ATP/FLEX]How to check multicast DNS packet in the firewall?
Scenario : The user may encounter a problem where there is traffic related to port 5353 (multicast DNS) being dropped by the security policy, but they may not know which client IP is generating the traffic, as shown below: This FAQ will guide you on how to check it. Answer : The user can utilize the CLI command "show sdwan…
-
[Nebula] How to set up a static IP on Nebula firewall?
Question: In Site-wide > Clients, I can set up a static IP on SCR and Access Point but there is no such setting for ATP and FLEX firewall. How to set up a static IP on Nebula firewall? Answer: Navigate to Configure > Firewall > Interface > LAN interface. Edit lan interface. Click "+ Add new" to add the desired static IP…
-
[Nebula] I cannot access my internal server. What steps should I take to check for NAT issues?
Question: On Nebula, I have configured my NAT ports correctly, but I am unable to access my server using the public IP. What steps should I take to ensure visibility of my server with the public IP? Answer: If you've configured NAT ports correctly but still cannot access your server using the public IP, here are some steps…
-
[ATP/FLEX] How to assign a static DHCP IP address to a specific client in Nebula?
Question : The user may want to assign a static DHCP IP address to a device on the internal LAN network for specific usage. How can this be configured in Nebula? Answer : Please navigate to Site-wide > Configure > Firewall > Interfaces > lan interface > Static DHCP table. Here, you can add the DHCP IP address and the…
-
[ATP/FLEX]Add another WAN by Port Group
Scenario: You want to add another WAN for the firewall, but the predefined WAN have already been used. Workaround: Please add another WAN Group then adding the Optional Port into the new Group
-
[ATP/FLEX]Cannot add Ports in LAN/WAN Group
Issue: For example FLEX700, You find the P13 and P14 can't be the member within the exist port group. Workaround: Since P13&P14 are SFP ports, It cannot be in the same group as ethernet. Please add the new one group for SFP ports.