GS1920-8HP as a WAN Switch - Connect to Nebula Cloud
Is it possible to get a WAN Switch GS1920-8HP to communicate with Nebula if it is placed before the firewall? We have a total of 15 WAN IP addresses, but there are available addresses. Should the switch be configured with a public static WAN IP, or is there another way to do it?
Accepted Solution
-
Yes, it’s possible to connect the GS1920-8HP to Nebula CC even if it’s placed before the firewall. Assigning a static public IP to the switch will work, but make sure the switch can ping the default gateway to ensure proper communication with Nebula Cloud.
Additionally, after registering the switch to Nebula CC, you’ll need to configure the static public IP, subnet mask, and gateway on Nebula CC. If these settings are not configured on Nebula, the default Nebula settings will override the switch's local settings once it connects to the cloud.
Feel free to reach out if you need further assistance!
Update:
We recommend limiting access to the Nebula switch for improved security. You can follow this guide to block local access (HTTP, HTTPS, FTP, SSH, Telnet) on Nebula switches:
How to Block Local Access (HTTP, HTTPS, FTP, SSH, Telnet) on Nebula Switches — Zyxel CommunityKay
Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP
0
All Replies
-
Yes, it’s possible to connect the GS1920-8HP to Nebula CC even if it’s placed before the firewall. Assigning a static public IP to the switch will work, but make sure the switch can ping the default gateway to ensure proper communication with Nebula Cloud.
Additionally, after registering the switch to Nebula CC, you’ll need to configure the static public IP, subnet mask, and gateway on Nebula CC. If these settings are not configured on Nebula, the default Nebula settings will override the switch's local settings once it connects to the cloud.
Feel free to reach out if you need further assistance!
Update:
We recommend limiting access to the Nebula switch for improved security. You can follow this guide to block local access (HTTP, HTTPS, FTP, SSH, Telnet) on Nebula switches:
How to Block Local Access (HTTP, HTTPS, FTP, SSH, Telnet) on Nebula Switches — Zyxel CommunityKay
Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP
0 -
Thanks.
I will try to configure the switch locally, then when all the staff are not in the office.
Most likely the switch can update the firmware and I don't want to cause interruptions in the connections for the colleagues :-)
I have already entered the WAN-Ip it should have in Nebula0 -
For security reasons, we don't recommend placing the switch directly on the WAN side with public IP address, as this could expose it to the Internet which has potential attacks and risk the switch going down. Instead, we suggest placing a firewall before the switch and configuring a VLAN segment for enhanced network security.
If you really need to place your switch above your firewall for some reason, we recommend configuring your switch as follows to segment your network:
- First, connect a firewall before the switch and allow the switch to establish a connection to Nebula Control Center (CC).
- Once the switch is online in Nebula CC, configure the switch port as shown above, and wait for the configuration to be updated.
- After that, you can reconnect the switch as illustrated in the diagram.
Kay
Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP
0
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 134 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.5K Security
- 190 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 40 Wireless Ideas
- 6.2K Consumer Product
- 238 Service & License
- 376 News and Release
- 80 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 80 About Community
- 70 Security Highlight