[ATP/FLEX] How to Deploy with Nebula Native Mode for Gateway obtained ZTP Certificate?

Zyxel_Emily · October 2021

In previous firmware versions, we use Zero-Touch Provision (ZTP) to deploy USG FLEX on the cloud. ZTP requires activation via hyperlink or USB Flash drive every time device is assigned to site, and WAN setting must be complete on Nebula Control Center. Since firmware 5.10, Native Mode provides an easier installation to deploy USG FLEX on cloud. You only require local device WAN setting to access Internet, and WAN setting can be complete on Wizard or WEB GUI. This example illustrates how to deploy the device on cloud using Nebula Native Mode.

Image: https://us.v-cdn.net/6029482/uploads/editor/lt/xdo8hjr3v02g.jpg

Native Mode Deployment Flow

1. Verify if the device has ZTP Certificate files

2. Reset the device to factory default settings

3. Select a management mode: Nebula Mode

4. Follow the Initial Setup Wizard to configure wan IP

5. Create Organization and Site on Nebula portal and add the device to Nebula

Verify if the device has ZTP Certificate files

Use the command to check the status of certificate files.

Router> show nativemode cert file status

Factory certificate files: New manufactured devices with factory certificate embedded

ZTP certificate files: Device has done the ZTP flow and gotten the ZTP certificates

Image: https://us.v-cdn.net/6029482/uploads/editor/vp/42cmlyd27555.jpg

Reset the device to factory default settings

Administrator must locally apply factory default settings by pressing reset button of firewall panel before switching to cloud mode. Only the following settings may be changed and still allow firewall to switch to cloud mode:

1. Default admin account’s password

2. WAN settings

Select a management mode: Nebula Mode

After the device is reset to factory default, access the Setup Wizard via https://192.168.1.1.

Select Nebula Mode and click Next.

Image: https://us.v-cdn.net/6029482/uploads/editor/9r/vnilp0kndin6.jpg

Image: https://us.v-cdn.net/6029482/uploads/editor/sj/4bw7bsbe142p.jpg

Configure WAN settings and click Next.

Image: https://us.v-cdn.net/6029482/uploads/editor/mw/gqaj8kp7hph4.jpg

Image: https://us.v-cdn.net/6029482/uploads/editor/vh/rafgo5xxjtsh.jpg

Test wan connection and click Next.

Image: https://us.v-cdn.net/6029482/uploads/editor/4n/quyu6589k0zf.jpg

Click Go to Nebula to create Organization and Site.

Image: https://us.v-cdn.net/6029482/uploads/editor/cd/6teat0nxz91y.jpg

You will be redirected to nebula.zyxel.com. Click Get Started.

Image: https://us.v-cdn.net/6029482/uploads/editor/xh/9mhj7inqi7ec.png

Start the Nebula wizard and click Let's Start.

Create the organization and site.

Enter the MAC address and Serial number to add your device. You can set the device name after entering the MAC address and Serial number. If you do not enter the device name, Nebula will use the MAC address as the device name. Click Next for the next step.

Choose whether you want to upgrade to new firmware during the device registration or not.

Select Nebula native mode and click Next.

Check the information of the device and click Go to Nebula Dashboard.

Select the trial you’d like to activate and click ok.

You will be redirected to Nebula Dashboard. Click Device > Firewall to check the firewall status. The device is going online.

Test the Result

Go to Site-wide > Monitor > Dashboard and check if the device is online.

[ATP/FLEX] How to Deploy with Nebula Native Mode for Gateway obtained ZTP Certificate?

Categories