How to register the brand new USG FLEX series on Nebula Control Center (NCC)?

Zyxel_Can

SCENARIO DESCRIPTION:

The USG FLEX series are Zyxel’s powerful firewall products that have the precise protection, delivering high level of performance and security for SMB business networks. With the recent integration of USG FLEX firewall series into the NCC, Nebula cloud-managed platform is now further enhanced with zero-trust security network to Nebula users.

 

In this article, we will introduce how to register a brand new USG FLEX on the cloud. 

Scenario:

When users received a brand new USG FLEX and would like to register their device onto NCC.

The following processes are needed

a.    Upgrade the device firmware

b.    Register the device onto NCC

a.    Upgrade the device firmware

1.     Boot up the device. When the SYS LED becomes steady green status, use PC/Laptop and connect to the USG FLEX LAN port by ethernet cable.

2. Launch web browser on the PC/Laptop and connect to the device GUI page “https://192.168.1.1” , login by admin account (default admin login: admin/1234) 

3.     After logging into the device, the system will force users to change the default password.

 

4.     After changing the default password, the system will redirect users to the login page. Login with the new configured password. Then the system will redirect to the “Quick Activation Wizard”

Click “Next”

Choose how will this device connect to the internet. There’re  different connecting method options, here we use Ethernet with DHCP IP address as an example. After confirmed the settings, click “Next”

6.     Click “Connection Test” to verify if the device can access to the internet. Then click “Next”

7.     Synchronize the Date and Time by clicking on “Sync. Now”. After the time synchronizing, click “Next”

8.     After step 7, the device will start to download the current firmware version from cloud.

Once the firmware is downloaded, the device will upgrade the system firmware automatically.

(Note: firmware upgrade procedure may take up to 5 minutes until it finished the upgrading. DO NOT turn off the power during the upgrading process)

9.     Once the firmware upgrading process is done. Users will be redirected to the login page

b.   Register the device onto NCC

Starting from the NCC

To register a device, we can use the wizard when creating a new organization (refer to Figure 1-3) or you can add the device in the existing site on Site-wide> Add devices as shown in Figure 1-1. then run the installation process on USG Flex> Security gateway, as shown in Figure 1-2.

Figure 1-1: Site-wide > Devices > Add devices

Figure 1-2: Click Waiting ZTP then refer to Figure 6

Figure 1-3: In organization drop-down list, you can find the Create organization to start the wizard

Figure 2: Start the wizard and click Let’s Start

Figure 3: Create the organization and site

Figure 4: Add device

 Figure 5: WAN interface and VLAN ID

There are 2 options, one is “install USG Flex by myself” which means the system will send the installation mail to the current account, the other option is that you can specify the email address.

 

Figure 6: Select which option you prefer the installation email to be sent

Installation mail

Once receiving the installation mail, you can prepare the scenario, as in Figure 7. Connect your laptop to the device Port 4 and WAN connection plugin to the Port 2, and please make sure the Internet is accessible.

After that, you can find the hyper link in the email, “click here or copy the link to your browser”, click it to start the ZTP process.

 

Figure 7: installation scenario

Figure 8: ZTP process

Please be aware that before the device going on cloud, you will need to “Reset” it to the factory default state; if not, you will see the message, as shown in Figure 9 and you can see the system LED become blinking green from blinking amber.

 

Figure 9: Reset to the factory default

Figure 10: Device go online

The other option is you can use the USB drive to run the ZTP process. There is a configuration file attached in the installation mail.  First, please make sure your USB is running on FAT32 and then copy the attached file in the USB root folder.

The same condition, mentioned in the above steps will apply. Make sure you have reset the device before plugging the USB drive to the USG FLEX first, then the registration process will run automatically. If you have used the console/SSH to the device, you can find the “ZTP json file in pen-drive” message, as shown in Figure 11.

 

Figure 11: Running the ZTP process to register the device