Nebula SD-WAN home office routers

brischt
brischt Posts: 9  Freshman Member
First Comment Friend Collector Second Anniversary
edited April 2021 in Security
Hi all,

our company has two main sites with about 10 employees each, and it has a number of employees working from home/home office around the globe. We are considering upgrading our main sites with Zyxel VPN 100 routers. Our employees at home currently use all sort of usually low-grade internet routers with a bit of VPN built in (such as TP-Link, Fritzbox etc...) and obviously, it is quite painful to administer them all. So I am looking for a cheap & cheerful VPN router which I can administer through Nebula Orchestrator, offers WLAN, works behind NAT and has at least one WAN and two LAN ethernet ports (desktop computer and VoIP phone).
The VPN50 seems overkill for a single end-user. The USG20W seems kind of ideal - is this unit getting a firmaware upgrade to be administered through Nebula Orchestrator? Or do you have any other suggestion?

Thanks,

Kind Regards,

Roland

Best Answers

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary

    Hi @brischt

    Here it is the example of "Client AutoVPN" feature:

    1. Configure your "Client AutoVPN"



    2. After setting up the Client AutoVPN, the specified user will receive a system mail which guides the mail receiver about how to create the VPN tunnel "without" using any 3rd party software.


  • brischt
    brischt Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    Thank you, Zyxel_Vic!
    One other question: Can I use the VPN firewalls in Nebula SD-Mode and still establish VPN connections with other IPSec gateways? (With manual configuration, of course) That way we could gradually replace the soho routers with VPN50 appliances.

    Thanks!
  • brischt
    brischt Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    Zyxel_Vic said:
    Hi @brischt
    Yes, this is doable. You can add the Non-SD-WAN Gateways onto the Orchestrator, see the screenshot below:

    The wizard will guide you to add the Non-SD-WAN gateway step by step and generate the script/configurations  (currently the Orchestrator supports Zyxel and Cisco script/configuration)  for your reference. Afterward, you'll be able to refer to the generated script and configure your own VPN Gateway manually. 


    Thanks, Zyxel_Vic!
    I received my first VPN100 unit in one of my main offices and set it up manually. Works like a charm so far. Now I wanted to try to use Orchestrator and have added my device. However, I do not fully understand how I can assign subnets to my sites. Out of historic reasons, we use 10.0.0.0/24 for the first main office, 10.0.2.0/24 for the second main office, and each (permanently connected) home office worker also gets his own subnet, e.g. 10.0.5.0/24. How does this translate into Orchestrator zones?

    Thanks,

    brischt
  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    25 Answers First Comment Friend Collector Seventh Anniversary
    Hi @brischt
    To change/assign the subnets to the devices individually, you can go to "Site"->"Configuration"-> "Device". In the "Zone" tab, you can manually configure the IP/Subnets/Gateway...etc  you preferred. Here it is the screenshot for your reference.




Security Highlight