Can't get a new Zyxel USG Flex 200 connected and managed from Nebula

IctPk

Dear Zyxel experts,

We have a lot of Zyxel Gateways and now our second USG 200 Firewall.

It used to be very easy, to get the new Gateway / firewall connected to Nebula.

But with this one, I do not get the Nebula connection.

It runs firmware 5.37.
All functions are running. It is routing. Etc. But as soon as I choose the management mode: Nebula Cloud Mode, I get a message, that I can not manage localy, but only from Nebula Control Center. But even after waiting several hours, even after rebooting, is does get connected to Nebula.

When I do a reset (with a paperclip in the hole on the front) and try again, and again (with default settings), it does not work.

What else can i try?

Thank you very much for your help.

Danny

IctPk

Thank you very much James for all your time helping me remotely with the configuration of the Zyxel Flex 200. I am so glad you found out that the SNAT setting on both WAN connections were turned off. After changing this setting, internet traffic could flow again. Problem solved. Thanks a million, regards, Danny

Zyxel_James

@IctPk I checked the USGFLEX 200 through your email and found out that the device is still assigned to a Nebula site, once the device has internet connection, it will connect to the Nebula. Please remove the device from the Nebula site then press the reset button again.

IctPk

Dear James,

Thank you very much for your help. You are right, the device is assigned to the correct site. But I understand from your answer, that a new device can only connect to Nebula if devices are un assigned? Why is this? I will try after working time. Since I do not want to disturb the network right now. I have setup the device from local web page and it works now, but can not be remotely administered and monitored. Thanks Danny

Zyxel_James

To use the on-premises mode, please make sure the device is not added to Nebula org or assigned to a Nebula site.

IctPk

Dear James,

I am sorry to tell you that I had to look up the difference between "on premise" and Cloud mode. We are using cloud mode. As I approach it:
I unbox the device. I add the device to Nebula cloud (scan the QR code). Assign it to the right nebula Site. Tweak the settings in nebula cloud for the firewall.
Than I connect the device to the internet router. I log in to the local web page and fill in the correct IP adresss to connect to the cloud. And I hoped than that the device would automaticaly recgonize it is part of a Nebula site and download the nebula pre configured settings?

Regards, Danny

IctPk

Dear james,

I have deleted the Flex 200 from the site, and even from the organisation.
Than I have added the device again (with serial number and mac address).

How can I now pre configure it? It seems to me that there is no option to configure the settings, if the device is not already assigned to a Site? I can not find a menu in nebula portal where I can configure Flex settings for devices that are not part of a site?

Zyxel had all beautiful instructions and installation video's but it seems that non of these apply to how this is used. A few months ago the nebula portal interface (menu structure had changed), could it be that some options to configure siteless devices have disappeared?

regards,

Danny

IctPk

Dear James,

Tonight I spend another 4 (!) hours trying to get the Flex 200 to work.
I have never had such a problem with Nebula devices.
We choose Nebula, because it is always (almost) plug and play, zero touch.

Tonight i succeeded to get the Flex 200 connected to Nebula.
It automatically downloaded the LAN configuration, that is defined in Nebula.
Than my connected laptop got the new LAN IP adress and Windows network center showed the sign of connected to internet.
But the LAN connected devices could not connect to the internet?
Ik could ping the router. But I could not ping internet servers.
Tracert did not get further than the Firewalll/Gateway.
When i went to the local management page of the router and logged in with the support account, it was telling me that the internet connection was fine. Also all connection tests in that web interface were positive. But still no working internet connection in my clients.

To Summarize:
When my router is reset and I manually configure the WAN en LAN settings, everything works well, but I am not able to manage the device from Nebula.
When my router is reset and i keep de default config, connect the device to Nebula. The Nebula connection seems to work ok. I can even change some settings from Nebula control console that are applied to the router. But than the LAN clients can not connect to the internet. I use the same WAN/LAN/VLAN/IP/MASK and GW settings as in the manual local configuration.

It seems to me that there is some kind of bug in version 5.37?

Is there something that Zyxel support can do for me? Perhaps do a remote support session in which I can show you the steps i take?

Thank you very much for all your help. Its is really appreciated.

regards,

Danny

Zyxel_James

@IctPk

Once the device is in cloud mode and assigned to a Nebula site, then you cannot configure the device by local web GUI. All the configure needs to be done on Nebula page.
So how can you pre-configure it, you can configure it on the Nebula site and assign the device to the site. Then once the device connects to Nebula, it will turns into the site setting on the Nebula page of the site. ( it required that the device already registered to Nebula)
Anyway, as I checked, the device is offline from the Nebula now. I'm not sure how's your device configuration right now. Please contact me via private message, let's work this out, thank you.

IctPk

Thank you very much James for all your time helping me remotely with the configuration of the Zyxel Flex 200. I am so glad you found out that the SNAT setting on both WAN connections were turned off. After changing this setting, internet traffic could flow again. Problem solved. Thanks a million, regards, Danny