A comprehensive guide of replacing devices in Nebula

Options
Zyxel_Kay
Zyxel_Kay Posts: 610  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

This article is designed to walk you through the process of replacing a device within Nebula. It will provide a step-by-step guide for device replacement, outline which configurations require reconfiguration, and identify configurations that can remain unchanged after successfully swapping your device due to an RMA or exchange.

Firewall

Note: The following table applies when changing your firewall to the same model (e.g., USG FLEX 500 to USG FLEX 500) and not when transitioning to a new model (e.g., USG FLEX 500 to ATP200).

Section

Configuration

Needs re-config

Site-wide > Devices > Firewall

Firewall Name

Yes

Site-wide > Configure > Firewall > Port

Port Group

No

Site-wide > Configure > Firewall > Interface

WAN interface, LAN/VLAN interface

No

Site-wide > Configure > Firewall > Routing

Policy Route/Traffic Shaping, Static Route, WAN load balancing

No

Site-wide > Configure > Firewall > NAT

Virtual Server, 1:1 NAT

No

Site-wide > Configure > Firewall > Site-to-Site VPN

Site-to-Site VPN, Non-Nebula VPN peers

No

Site-wide > Configure > Firewall > Remote VPN

Domain name, IPSec VPN Server, L2TP over IPSec

No

Site-wide > Configure > Firewall > Security Policy

Security Policy, Anomaly Detection and Prevention, Session Control

No

Site-wide > Configure > Firewall > Security Service

Content Filter, Application Patrol, DNS/URL Threat Filter, IP Reputation, Sandboxing, Intrusion Prevention System (IPS)

No

Site-wide > Configure > Firewall > Captive Portal

Captive Portal

No

Site-wide > Configure > Firewall > Authentication Method

Network Access

No

Site-wide > Configure > Firewall > Firewall Settings

DNS, Dynamic DNS, Authentication Server, Wallet Garden

No

Switch

Section

Configuration

Needs re-config

Site-Wide > Monitor > Switch > "Switch Name"

Configuration (Switch Name), Status (IP Configuration, DNS Configuration

Yes

Site-Wide > Devices > Switches > Switch Name > Port X

Port Name, Tags, Port enable, RSTP, STP Guard, LLDP, Link Port isolation, IPSG Protected, Bandwidth Control, Loop guard, Storm Control, Type, Management Control, PVID, Allowed VLANs, IPTV Settings

Yes

Site-wide > Configure > Switches > ACL

Management Rules, Customization Rules

No

Site-wide > Configure > Switches > IP & Routing

IP Interface, Static Route

No

Site-wide > Configure > Switches > ONVIF Discovery

ONVIF Configuration

No

Site-wide > Configure > Switches > Advanced IGMP

IGMP Configuration

No

Site-wide > Configure > Switches > Authentication

Authentication Server, Authentication Policy

No

Site-wide > Configure > Switches > PoE Schedules

PoE Schedule

No

Site-wide > Configure > Switches > Switch Settings

Auto-configuration recovery, VLAN configuration (Management VLAN only), STP Configuration, Quality of Service, Voice VLAN etc.

No

Access Point

Section

Configuration

Needs re-config

Site-Wide > Monitor > Access Points > AP Name

Configuration (AP Name), Status (IP Configuration, DNS Configuration

Yes

Site-wide > Configure > WiFi SSID Settings

WiFi Name, WiFi Settings, Guest Network

No

Site-wide > Configure > Access Points > SSID Advanced Settings

Network Access, Traffic Options, Advanced Settings

No

Site-wide > Configure > Access Points > Captive Portal Customization

Themes, Click-to-continue/Voucher/sign-on page, External Captive Portal URL, Captive Portal Behavior

No

Site-wide > Configure > Access Points > SSID Availability

SSID Availability, SSID Schedule

No

Site-wide > Configure > Access Points > Radio Settings

Country, Maximum Output Power, Channel width, DCS setting, Smart Steering, WLAN Rate Control

No

Site-wide > Configure > Access Points > Radio Settings > Edit (AP List - 2,4/5/6GHz Radios)

Radio mode, Channel, Channel Width, Maximum Output power, Airtime Fairness, Smart Steering (all parameters per AP)

Yes

Site-wide > Configure > Access Points > Traffic Shaping

WLAN Traffic Shaping

No

Site-wide > Configure > Access Points > Security Service

Application Visibility & Optimization, Threat Protection

No

Site-wide > Configure > Access Points > AP Port Settings

General Setting, Load Balancing, Port Setting

No

Site-wide > Configure > Access Points > AP Port Settings > Edit (AP List)

Enabled, PVID, Allowed VLANs

Yes

Save Configuration via Configuration Management

Configuration synchronization allows you to easily copy configurations from one site or Nebula Device to another. Use this screen to synchronize the configuration between sites or switch ports. You can also back up the current configurations for sites or switches to the NCC and restore the configuration at a later date.

You may clone a site configuration to a new site or clone a particular switch configuration to another switch in the same site via the Backup & Restore section of the "Configuration management" settings.

Replace/Swap a Device in Nebula

Note: Before proceeding with the device exchange, ensure you have the necessary owner privileges to perform actions within the NCC.

Navigate to Organization-wide > Administrators

Step 1: Remove the Old Device from the Organization

  • Navigate to Organization-wide > License & inventory > Devices
  • Locate the old device that you wish to swap and mark it
  • Click on "Actions" and then choose "Remove from Organization"
  • Confirm the action by clicking "Yes" when prompted

Step 3: Add the New Device to the Organization

  • Navigate to Organization-wide > License & inventory > Devices
  • Click on the "Add Device" button
  • Enter the serial number and MAC address of the new device, or scan the QR code using the Nebula mobile application
  • Follow the on-screen instructions to complete the device registration process

Step 4: Assign the New Device to the Organization

  • Once the new device is successfully added, go to the "Devices" list under "License & Inventory"
  • Locate the newly added device and ensure it is selected
  • Click on "Actions" and choose "Assign to Organization"
  • Select the same organization that the old device was assigned to

Step 5: Configure the Device Deployment Method

If you have a firewall in your network, you need to choose the appropriate deployment method for the new Zyxel device.

Nebula Native Mode (Recommended):

  • Navigate to "Organization-wide" and select "Network-wide Settings"
  • Click on "Deployment Method" and choose "Nebula Native Mode"
  • Save the settings to apply Nebula Native Mode to the new device.

ZTP Mode (if Nebula Native Mode is not available):

  • Connect a PC locally to Port 4 (P4) and your WAN connection to Port 2 (P2) of the new device.
  • Log in to Nebula Cloud Center and go to "Site-wide" select "Monitor" and then "Devices"
  • Locate the new device and click on "Firewall" settings.
  • Select "ZTP Process" and follow the provided instructions to complete the ZTP configuration.

Step 6: Verify Device Online Status

  • Allow some time for the new device to come online (maximum 5 minutes) and establish a connection to Nebula
  • Cloud Center. Check the device's online status in the "Devices" section to ensure it is functioning correctly.

Congratulations! You have successfully exchanged a Zyxel device in Nebula Cloud Center, and the new device is now fully operational within your organization's network.

Kay