-
[ATP/FLEX] Why the firewall rule set to WAN to Any,but cannot block Geo IP to establish VPN?
Question : Why is the firewall rule set to WAN to Any, but it cannot block Geo IP from establishing a VPN, as shown below? Answer : Because the direction 'Any' doesn't include 'Device', the VPN traffic (UDP 500 and 4500) will still be passed to the firewall normally and won't be dropped by the security. To avoid this,…
-
[ATP/FLEX] How to check the IP belongs to which country by CLI?
Scenario : The user can use the CLI to check which country an IP address belongs to. This FAQ will guide you on how to perform this check. Answer : Please login to the device via SSH or console serial cable and issue the CLI command "show geo-ip geography address IP address". For instance, we issued the CLI command "show…
-
[ATP/FLEX]How can I allow Geo-IP to access the internal client via NAT?
Scenario : If the user wants to allow Geo-IP to access the internal client via NAT, how should it be configured? Answer : First, please navigate to Site-Wide > Configure > Firewall > NAT to add a NAT rule. Second, please navigate to Site-wide > Configure > Firewall > Security policy to add a security policy to allow the…
-
[ATP/FLEX]How can I block VPN services on Nebula firewall?
Scenario : If the user wants to block the VPN services on Nebula firewall? How to configure it? Answer : Please navigate to Site-wide > Configure > Firewall > Security policy to add a security policy to deny traffic from any source to the device for UDP 500 and UDP 4500 ports.
-
[ATP/FLEX] Is it possible for users to bypass the content filter?
Scenario : If the user creates a security policy that applies the Content Filter but still wants to allow a specific user to bypass the Content Filter's detection, how can this be configured? Answer : Please navigate to Site-wide > Configure > Firewall > Security service > IP Exception to add the specific source IP to…
-
[ATP/FLEX]Only can add one FQDN in polciy route
Question: I'm trying to set up FQDN routing addresses on my Nebula device, for instance, *.yahoo.com and *.hinet.com. I can add the first one, but I'm unable to add the second one. What should I do? Answer: This behavior is normal and is described in the online help documentation. Our system allows only one FQDN entry per…
-
[ATP/FLEX] Why are policy routes grayed-out and uneditable?
Question: I have policy routes that cannot be deleted, edited, or modified. They appear grayed-out on Nebula. Answer: The policy routes which are grayed-out are configured with "application" settings that require an active UTM license. In this particular case, the UTM security pack license on the Nebula firewall has…
-
How do I synchronize my security UTM across my sites or organizations?
Question: How do I synchronize my security UTM across my sites or organizations? Answer: You can use the feature Security Profile Sync to share the same Security service configuration with multiple sites in an organization. It would replace the Security Service settings configured for each site. Go to Organization-wide >…
-
[Nebula]How to Unblock an App from Application Usage if We Don't Want to Block a Category
Question How to unblock an app from application usage if we don't want to block a category? Answer We can switch to the application view to block/unblock a specific application if we don't want to apply changes to the whole application category. Site-wide > Applications usage
-
DNS Safe Search
DNS Safe Search Introduction DNS Safe Search is a feature designed to enhance content filtering on firewalls by automatically enforcing safe search mode on popular search engines. This feature ensures that inappropriate or adult-oriented content is filtered out when users perform web searches. DNS Safe Search is currently…
-
[Nebula] Why is Anti-Malware signature not updating?
Question : Users may encounter situations where the antivirus signature cannot be updated normally. This article will guide you on how to resolve this issue. Answer : Please use the CLI command "show anti-virus signatures status" to check if the Anti-Virus signature version and release date are up-to-date or not, as shown…
-
[ATP/FLEX]How to find which country the IP located
Log in Fireawall by SSH and perform the following command Router# configure terminal Router(config)# show geo-ip geography address {IP} For example:
-
[Nebula] In Content Filer, can I add more than 100 URLs in "Allow web site"?
Question: I need to allow more than 100 URLs in Content Filter. Can I add more than 100 URLs in "Allow web site"? Answer: Nebula supports up to 100 URLs in Content Filter profile > Allow web site. You can enter wildcard when configuring URLs.
-
[Nebula] netflix.com is not reachable from lan
Question: I cannot access Netflix from lan interface. What can I check on the firewall? Answer: You can go to Configure > Security Service and and see if the traffic is blocked by any Content Filter profile or Application Patrol profile. Content Filter The website "netflix.com" belongs to the category "Entertainment".…
-
[ATP/FLEX] How to block the specific IP to access or establish VPN with the Nebula firewall?
Question : Users may want to block specific IPs from accessing or establishing VPN connections with the Nebula firewall for security purposes. This article will guide you on how to deploy this feature. Answer : Please navigate to Site-wide > Configure > Firewall > Security Policy > Add a security policy. Choose the Action…
-
[ATP/FLEX] How to check alert event on the Nebula when you got an alert mail from the SecuReporter?
Scenario : The user may get an alert mail from the SeCuReporter but doesn't know how to check the detailed event on the SecuReporter and Nebula, this article will guide you on how to check it. Answer : Please navigate the SecuReporter path History > Alert. Then find the corresponding alert log. Click on the alert to view…
-
[ATP/FLEX] How to block streaming using Application Patrol on Nebula?
Question: How to block access to streaming service such as Netflix, Hulu and Disney Plus using Application Patrol on Nebula? Answer: To block access to streaming service such as Netflix, Hulu and Disney Plus, follow the steps to configure Application Patrol on Nebula. On Nebula, navigate to Configure > Firewall > Security…
-
[ATP/FLEX] How to use CDR to block the client who accesses malicious websites?
Scenario : The network administrator may want to block the client who accesses malicious websites. This article will use CDR(Collaborative detection & response) to achieve this goal. Answer : Please navigate to Site-wide > Configure > Collaborative detection & response and set the category Web Threats, Occurrence: 3,…
-
Why Spotify is blocked on the Nebula firewall?
The root cause is that Spotify uses SSLv3 to communicate with clients, which considered is vulnerable and blocked by Content Filter.
-
Is it possible to only limit the AD users in security policy?
Question: Is it possible to only limit the AD users in security policy? Answer: Yes, Nebula supports the selection of the external user group in the security rule. Go to Firewall > Configure > Firewall settings > External User Group, and create an external user group. After the user group is created, you can select the…