Nebula SD-WAN home office routers

brischt · March 2019

Hi all,

our company has two main sites with about 10 employees each, and it has a number of employees working from home/home office around the globe. We are considering upgrading our main sites with Zyxel VPN 100 routers. Our employees at home currently use all sort of usually low-grade internet routers with a bit of VPN built in (such as TP-Link, Fritzbox etc...) and obviously, it is quite painful to administer them all. So I am looking for a cheap & cheerful VPN router which I can administer through Nebula Orchestrator, offers WLAN, works behind NAT and has at least one WAN and two LAN ethernet ports (desktop computer and VoIP phone).

The VPN50 seems overkill for a single end-user. The USG20W seems kind of ideal - is this unit getting a firmaware upgrade to be administered through Nebula Orchestrator? Or do you have any other suggestion?

Thanks,

Kind Regards,

Roland

Zyxel_Vic · March 2019

Hi @brischt

Currently the USG20W-VPN doesn’t support Orchestrator.

I think the VPN50 is a proper model if what you need is to central management all the Gateway devices from Nebula Orchestrator.

What you can benefit from Orchestrator/VPN50 is not only to manage those gateways centrally but also to optimize the network quality between your main site and the remote sites with SDWAN feature. Even more, you can use the LTE connection on the VPN50 as a secondary link to achieve WAN load sharing, failover and those only SDWAN supported features to improve your network reliability.

However, if you only deploy VPN100 in your main site. The “Client AutoVPN” feature allows remote users to access your main site network by using the native operating system VPN utility.

Zyxel_Vic · March 2019

Hi @brischt
Yes, this is doable. You can add the Non-SD-WAN Gateways onto the Orchestrator, see the screenshot below:

Image: https://us.v-cdn.net/6029482/uploads/editor/8q/36olwtmud5ke.png

The wizard will guide you to add the Non-SD-WAN gateway step by step and generate the script/configurations (currently the Orchestrator supports Zyxel and Cisco script/configuration) for your reference. Afterward, you'll be able to refer to the generated script and configure your own VPN Gateway manually.

Zyxel_Vic · March 2019

Hi @brischt

Currently the USG20W-VPN doesn’t support Orchestrator.

I think the VPN50 is a proper model if what you need is to central management all the Gateway devices from Nebula Orchestrator.

What you can benefit from Orchestrator/VPN50 is not only to manage those gateways centrally but also to optimize the network quality between your main site and the remote sites with SDWAN feature. Even more, you can use the LTE connection on the VPN50 as a secondary link to achieve WAN load sharing, failover and those only SDWAN supported features to improve your network reliability.

However, if you only deploy VPN100 in your main site. The “Client AutoVPN” feature allows remote users to access your main site network by using the native operating system VPN utility.

Zyxel_Vic · March 2019

Hi @brischt

Here it is the example of "Client AutoVPN" feature:

1. Configure your "Client AutoVPN"

2. After setting up the Client AutoVPN, the specified user will receive a system mail which guides the mail receiver about how to create the VPN tunnel "without" using any 3rd party software.

brischt · March 2019

Thank you, Zyxel_Vic!

One other question: Can I use the VPN firewalls in Nebula SD-Mode and still establish VPN connections with other IPSec gateways? (With manual configuration, of course) That way we could gradually replace the soho routers with VPN50 appliances.

Thanks!

Zyxel_Vic · March 2019

Hi @brischt
Yes, this is doable. You can add the Non-SD-WAN Gateways onto the Orchestrator, see the screenshot below:

The wizard will guide you to add the Non-SD-WAN gateway step by step and generate the script/configurations (currently the Orchestrator supports Zyxel and Cisco script/configuration) for your reference. Afterward, you'll be able to refer to the generated script and configure your own VPN Gateway manually.

brischt · May 2019

Zyxel_Vic said:

Hi @brischt
Yes, this is doable. You can add the Non-SD-WAN Gateways onto the Orchestrator, see the screenshot below:

The wizard will guide you to add the Non-SD-WAN gateway step by step and generate the script/configurations (currently the Orchestrator supports Zyxel and Cisco script/configuration) for your reference. Afterward, you'll be able to refer to the generated script and configure your own VPN Gateway manually.

Thanks, Zyxel_Vic!
I received my first VPN100 unit in one of my main offices and set it up manually. Works like a charm so far. Now I wanted to try to use Orchestrator and have added my device. However, I do not fully understand how I can assign subnets to my sites. Out of historic reasons, we use 10.0.0.0/24 for the first main office, 10.0.2.0/24 for the second main office, and each (permanently connected) home office worker also gets his own subnet, e.g. 10.0.5.0/24. How does this translate into Orchestrator zones?

Thanks,

brischt

Zyxel_Vic · May 2019

Hi @brischt
To change/assign the subnets to the devices individually, you can go to "Site"->"Configuration"-> "Device". In the "Zone" tab, you can manually configure the IP/Subnets/Gateway...etc you preferred. Here it is the screenshot for your reference.

Nebula SD-WAN home office routers

Best Answers

All Replies

Categories

Security Help Center