How Value-added resellers act on behalf of their customer to pre-configure the USG FLEX on Nebula

Zyxel_Carter
Zyxel_Carter Posts: 62  Zyxel Employee
First Comment Friend Collector Seventh Anniversary
edited June 2023 in Nebula Security Gateway

USG FLEX on Nebula

USG FLEX series can be managed and provisioned by Nebula Control Center (NCC) from ZLD5.00 firmware. This document shows how Value- added resellers (VARs) act on behalf of their customer to add and pre-configure the USG FLEX settings on Nebula, before delivering the device to customer or reseller for on-site installation.




1. Creates the organization and site

1)  Creates the organization and site on Nebula portal

  • Log in Nebula Control Center with your myZyxel account. Click Create organization


  • Name the organization and site, then click to Next.


  • Click Next to skip adding the device to Nebula


  • Click Skip WiFi settings to continue


  • Click Go to Nebula Dashboard


  • On the Nebula Dashboard, click Device > Firewall, then select the firewall model you have configured for client. In this example, we have selected USG FLEX 200 model.


2)  Alternatively, you also can create the organization and site on Nebula App

  • This can be achieved by opening the Nebula mobile app, login with your account and tap Create New Organization to start the wizard/ initial setup process. Name the organization and site, then tap Next.



2. Pre-configuretheUSGFLEXonNebulaportal

Before doing these steps, please have the network topology, firewall setting and WAN configuration in advance. This information will allow you to pre-configure the firewall settings ahead of being turned on within Nebula. The USG FLEX will automatically synchronize this configuration when it connects to Nebula. Here are some examples how to configure the port group and interface within Nebula.


1)  Configure Port Group 

  • Go to Configure > Firewall> Port, you can configure the WAN/LAN port group, or add WAN/LAN group to match your scenario.


2)  Configure Interface 

  • Go to Configure > Firewall > Interface, you can change the WAN/LAN interface’s IP address to match your scenario.
  • By default, the WAN interface is configured as DHCP client.


3)  Delegate the owner authority

  • Go to Administrators, add customer’s account be an organization full admin


  • Please enable Delegate owner’s authority if you want the end user/customer to have full authority to manage the organization including license transferring, remote access etc.


3. Registers device and do Zero Touch Provisioning (ZTP)

1)  Register device and do ZTP on Nebula portal 

    a)  Register device

  • In the customer’s organization, choose License & inventory, go to device page, click "Add" to register device. You can register multi-devices by entering the MAC address and Serial number

  • Assign the device to required site. A customer may have several devices, from here you can select a specific device and assign it to corresponding site.



b) ZTP (process)

  • Click Waiting ZTP to send the installation guide via email.
  • By default, Nebula will send to your MZC account/s email address. You also can enter an alternate email address.



2) Alternatively, you also can register device and do ZTP on Nebula App

    a) Register device, select the site you want to add the USG FLEX to, and scan this QR code.


    b) Do ZTP

  • Select the gateway, tap Initial Setup to configure the WAN interface, then send the installation guide via email.


  • Here is an example of the email you or customer will receive from the Nebula. The email outlines the final steps on how to activate the USG FLEX and connect to Nebula either by URL or USB.


  • Activate the USG FLEX by USB could reduce customer effort. You can copy the ZTP file/s to the USB’s root folder. Multiple ZTP files can be located in the same USB for multi-deployment.



4. Upgrade the firewall firmware to ZLD5.00 via Zyxel One Network Utility (ZON)

1)  Make sure you have installed the ZON on your computer. If not, you can download here:
     ZON Utility

2)  Connect the power port to power source and turn on the firewall. Wait for the SYS LED to turn solid green. Connect your computer to the firewall port number 4 (P4).


3)  Open ZON on your computer to scan the firewall. Select the firewall, then click to Firmware Upgrade icon


  • Select the latest firmware version from cloud, and input default password “1234” to upgrade. The firmware process takes about 5 minutes to complete.



5. ActivatetheUSGFLEX(viaURL)

Once the Upgrade has been completed, connect the power port to an appropriate power source and turn on the firewall. Wait for the SYS LED to turn solid green. Then, connect the WAN (P2) interface to the Internet.


1) Activate the Firewall by URL
    a) Connect LAN (P4) interface to customer computer.


    b) Open the email received from Nebula, click to Allow Nebula to Manage My Device


    c) Wait until Nebula Zero Touch Provisioning is successfully. Click Go to Nebula Control Center to access the Nebula portal


Active the USG FLEX (via USB)

Alternatively, you also can activate the USG FLEX by USB

a)  Copy the File to a new/clean USG stick

b)  Connect the USB drive to the USG FLEX

c)  Power On device, the SYS LED blinks in red when device is connecting to Nebula, and steady in green when connected.


d)  Check device status on the Nebula portal

  • Go to Dashboard to check the gateway status


6. Troubleshooting

1) Web Browser shows the Internet connection downs when customer clicks to URL link in the email


  • Check your internet connection and make sure you connect to the WAN (P2) interface. Then, click Retry to redo ZTP.


  • You also can click Network Test Tools to log in device Web GUI for further troubleshooting. Type the password “firewall’s serial number”.



2) Zero Touch Provisioning (ZTP) fails because this device is not in factory default state

  • Please hold the reset button for 5 seconds to reset device to factory default. Then click to URL link to redo ZTP.


3) ZTP by USB, the SYS LED does not stop blinking in red, Nebula Dashboard shows firewall offline.

  • ZTP by USB fails, please check the Internet connection. Open the ztpresult.log in USB to check the status


  • Here is an example, ZTP fails because there is no matching ZTP file in the USB for this device. Please make sure you copy the correct ZTP file.



Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)