Traffic Backhauling from Nebula VPN Spoke to Nebula VPN Hub

RobertoCuz

Dear All,
my first post here, so thanks for everyone's support.
We have a scenario with an ATP100 FW configured as a Nebula VPN Hub and 2 or more ATP100 FWs configured as Nebula VPN Spoke.

The requirement is to send all the Spoke LAN traffic to the HUB (both internet and intranet ).
Traffic will be sent then to another corporate firewall where all the security policies will be applied.

Did you ever manage such kind of topology?

From Nebula CC I can only see and set in the encryption domain the LAN subnet at HQ and LAN subnet at Spokes.
Ideally I should be able to add the 0.0.0.0 (or any ) as local VPN subnets at the Hub firewall

Many Thanks for let me know with any input and suggestion

Zyxel_Cooldia

Hi @RobertoCuz,
Welcome to Zyxel community. 
It does not support at current design in Nebula,  I will move this topic to ideas section for future evaluation. 
As workaround, you can use on premise mode for all sites, spoke sites traffic forward traffic to hub site via policy route.

Ideal section: Traffic Backhauling from Nebula VPN Spoke to Nebula VPN Hub