[ATP/FLEX] How to set up Virtual Server on Nebula

Zyxel_James Posts: 281
Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 25 Answers
 Master Member
edited August 2022 in Networking

The Virtual Server feature is able to publish internal servers to the internet which allows you to access services in the internal network behind Firewall. This article illustrates how to set up Virtual Server on Nebula.

In this example, WAN1 IP is mapped to HFS server 1 and WAN2 is mapped to HFS server 2.

Configuration steps

Go to Firewall > Configure > NAT and create two rules for virtual servers.

Uplink: Select the WAN interface you want to map from.

Public IP/Port: Input the address/port that receives the packets

LAN IP/Port: Input the address/port that you want to map to.

Allow Remote IPs: It's equal to a whitelist. You can fill in a "," syntax for adding multiple IP addresses, or /24 for a range of IP addresses. “Any” means all IP addresses are allowed.

Note: You don't need to create a firewall rule on Nebula as you did in on-premises mode. It will be automatically created while creating the NAT rules.

To check the automatically created firewall rules, please input the CLI command "debug sdwan show firewall running-config" and the rules will be named after "SN_port_forwarding_IndexNumber".

If you want to block an unfriendly IP address or Geo IP instead of an allow list, you can create a security policy to block them.

Test Result

Access the local HFS server by and