Nebula controlled Flex 100 wan settings / fallback

PuuhaPete
PuuhaPete Posts: 11  Freshman Member
First Comment Friend Collector Second Anniversary
edited February 2023 in Nebula
Hi,

I need to send a few Flex 100 firewalls to customers. I Would like to configure these firewalls at our office in advance with WAN settings and all.

As I understand the firewalls have a fallback function where they default to the last known good WAN config if they can not access Nebula with the new settings. Can this be disabled?

BR,

Petri


Accepted Solution

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited February 2023 Answer ✓
    Hi @PuuhaPete,

    We can pre-configure settings in Nebula in office.
    When you go to customer's site to deploy firewall, just log in device local Web GUI to modify Wan interface.

    Local Web GUI Wan Settings.

    How to log in device local web gui
    https://community.zyxel.com/en/discussion/14846/atp-flex-how-to-capture-packets-on-nebula-firewall-local-web-gui#latest
  • PuuhaPete
    PuuhaPete Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary
    edited February 2023
    Hi,

    Yes I know how the WAN settings are done through the local interface.
    However doesn't the firewall default to last known good WAN configuration if it can not get an Internet connection after the changes?

    The problem here is that I am not going to visit the sites where these firewalls are going to be sent. I am preconfiguring them on another site and sending then for the customer to connect. 


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi PuuhaPete,
    It is unable to turn off this mechanism. what are those devices wan interface type? DHCP, PPPoE, or static public IP?
  • PuuhaPete
    PuuhaPete Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary
    edited February 2023
    Hi PuuhaPete,
    It is unable to turn off this mechanism. what are those devices wan interface type? DHCP, PPPoE, or static public IP?
    Hi, They are mostly with static public IP-addresses. Some are with DHCP and that is easy to setup in advance. 
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @PuuhaPete ,

    You can bind a fake IP in uplink router to simulate cusotmer's ISP gateway. Once the device provision to NCC succesfully, just shutdown the device.

  • Pook
    Pook Posts: 143  Ally Member
    First Comment First Answer Friend Collector Nebula Gratitude

    I always preconfigure the firewalls I send out. First I always choose DHCP for WAN1on the initial setup and just plug in a network lead from our LAN in to P2. Once online in Nebula I set up Wan2 as DHCP and swap the cables over.

    Once online via WAN2 I can then saflely modify WAN1 with the required PPPOE detail or static IP and ship out. Never had any issues doing it this way. And I send out several firewalls a week!

  • PuuhaPete
    PuuhaPete Posts: 11  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hi, Thanks for the great idea. Will use this on firewalls that have two or more WAN ports.

    Unfortunatelly we have to send out some Flexx 100 firewalls and they don't have the possibility to use another WAN-port.

    I will make a new network in our lab and spoof the static ip this way.

Nebula Tips & Tricks