Nebula controlled Flex 100 wan settings / fallback

PuuhaPete
PuuhaPete Posts: 8
First Comment Friend Collector
edited February 21 in Nebula
Hi,

I need to send a few Flex 100 firewalls to customers. I Would like to configure these firewalls at our office in advance with WAN settings and all.

As I understand the firewalls have a fallback function where they default to the last known good WAN config if they can not access Nebula with the new settings. Can this be disabled?

BR,

Petri


Accepted Solution

All Replies

  • PuuhaPete
    PuuhaPete Posts: 8
    First Comment Friend Collector
    edited February 15
    Hi,

    Yes I know how the WAN settings are done through the local interface.
    However doesn't the firewall default to last known good WAN configuration if it can not get an Internet connection after the changes?

    The problem here is that I am not going to visit the sites where these firewalls are going to be sent. I am preconfiguring them on another site and sending then for the customer to connect. 


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,137
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member
    Hi PuuhaPete,
    It is unable to turn off this mechanism. what are those devices wan interface type? DHCP, PPPoE, or static public IP?
  • PuuhaPete
    PuuhaPete Posts: 8
    First Comment Friend Collector
    edited February 17
    Hi PuuhaPete,
    It is unable to turn off this mechanism. what are those devices wan interface type? DHCP, PPPoE, or static public IP?
    Hi, They are mostly with static public IP-addresses. Some are with DHCP and that is easy to setup in advance. 
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,137
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Guru Member

    Hi @PuuhaPete ,

    You can bind a fake IP in uplink router to simulate cusotmer's ISP gateway. Once the device provision to NCC succesfully, just shutdown the device.

  • Pook
    Pook Posts: 103
    First Answer First Comment Friend Collector Nebula Gratitude
     Ally Member

    I always preconfigure the firewalls I send out. First I always choose DHCP for WAN1on the initial setup and just plug in a network lead from our LAN in to P2. Once online in Nebula I set up Wan2 as DHCP and swap the cables over.

    Once online via WAN2 I can then saflely modify WAN1 with the required PPPOE detail or static IP and ship out. Never had any issues doing it this way. And I send out several firewalls a week!

  • PuuhaPete
    PuuhaPete Posts: 8
    First Comment Friend Collector

    Hi, Thanks for the great idea. Will use this on firewalls that have two or more WAN ports.

    Unfortunatelly we have to send out some Flexx 100 firewalls and they don't have the possibility to use another WAN-port.

    I will make a new network in our lab and spoof the static ip this way.

Nebula Tips & Tricks