[ATP/FLEX]How to Deploy with Nebula Native Mode for Gateway obtained ZTP Certificate?

Zyxel_Emily
Zyxel_Emily Posts: 910  Zyxel Employee
edited June 29 in Maintenance
In previous firmware versions, we use Zero-Touch Provision (ZTP) to deploy USG FLEX on the cloud. ZTP requires activation via hyperlink or USB Flash drive every time device is assigned to site, and WAN setting must be complete on Nebula Control Center. Since firmware 5.10, Native Mode provides an easier installation to deploy USG FLEX on cloud. You only require local device WAN setting to access Internet, and WAN setting can be complete on Wizard or WEB GUI. This example illustrates how to deploy the device on cloud using Nebula Native Mode.



Native Mode Deployment Flow
1. Verify if the device has ZTP Certificate files
2. Reset the device to factory default settings
3. Select a management mode: Nebula Mode
4. Follow the Initial Setup Wizard to configure wan IP
5. Create Organization and Site on Nebula portal and add the device to Nebula

Verify if the device has ZTP Certificate files

Use the command to check the status of certificate files.

Router> show nativemode cert file status

Factory certificate files: New manufactured devices with factory certificate embedded

ZTP certificate files: Device has done the ZTP flow and gotten the ZTP certificates




Reset the device to factory default settings
Administrator must locally apply factory default settings by pressing reset button of firewall panel before switching to cloud mode. Only the following settings may be changed and still allow firewall to switch to cloud mode: 
1. Default admin account’s password
2. WAN settings

Select a management mode: Nebula Mode
After the device is reset to factory default, access the Setup Wizard via https://192.168.1.1.
Select Nebula Mode and click Next.



Configure WAN settings and click Next.



Test wan connection and click Next.


Click Go to Nebula to create Organization and Site.

You will be redirected to nebula.zyxel.com. Click Get Started.

Start the Nebula wizard and click Let's Start.


Create the organization and site.


Enter MAC address and Serial number to add device.


Click Next.



Select Nebula native mode and click Next.


Check the information of the device and click Go to Nebula Dashboard.


Select if you’d like to activate trial period of the license.

Click Close.



You will be redirected to Nebula Dashboard. The device is going online.


Test the Result
Go to Site-wide > Monitor > Dashboard and check if the device is online.