USG FLEX H Series - Security Profile Sync
The latest Zyxel firmware release introduces the Security Profile Sync feature, which enables centralized management and synchronization of security profiles across multiple devices in an organization. This feature was supported on the USG FLEX and ATP series models. In this release, the USG FLEX H Series is also supported, providing administrators with a streamlined way to manage consistent security settings across their network.
Overview of Security Profile Sync
Security Profile Sync allows administrators to centrally manage various security configurations from the Nebula Control Center (NCC). When activated, it automatically syncs specific security settings across all registered devices within a designated “sync site” in the organization. This feature helps ensure that network security policies remain consistent, reducing the chance of configuration drift or misalignment across devices.
Key Security Profiles Available for Sync
The profiles that can be synchronized via Security Profile Sync include:
- Content Filter: Filters web traffic based on categories and predefined rules.
- Application Patrol: Manages applications with usage restrictions or priorities.
- DNS Threat Filter: Blocks malicious or suspicious DNS requests.
- IP Reputation Filter: Identifies and blocks requests from known malicious IP addresses.
- Anti-Malware: Provides malware scanning and threat detection.
- Sandboxing: Testing a suspicious file to an isolated cloud environment.
- Intrusion Prevention System (IPS): Detects and prevents network intrusions.
- External Block List
Requirements for Security Profile Sync
Security Profile Sync requires USG FLEX H Series running firmware versions 1.30 to ensure compatibility.
Configuring Security Profile Sync in the Nebula Control Center
- Enable Security Profile Sync: In NCC, navigate to Organization-Wide Manage > Security Profile Sync. Here, administrators can define which sites of devices should share synchronized security profiles.
- Sync Site Selection: Each device must be part of a “sync site” within NCC to participate in Security Profile Sync. This allows administrators to define specific sites for profile synchronization.
Conditions for Joining Security Profile Sync
For a device to successfully join the Security Profile Sync, NCC checks for the following:
- Matching Profile Names: The profile names on both NCC and the local device must match to avoid configuration conflicts.
- Profile Count Compliance: The number of profiles configured locally on the device should be equal to or less than those defined in NCC.
If these conditions are not met, the device will be unable to join the sync site, and administrators will receive notifications.
Configuration Update Flow: Sync Behavior and Overrides
Security Profile Sync enables settings to flow one-way from NCC to local devices, helping maintain centralized control. Here’s how it works:
- One-Way Sync: Changes made to synchronized profiles in NCC are pushed to the device automatically. However, if configurations are modified locally on the device GUI, these changes will not be reflected in NCC, leading to the firewall will be removed from Security Profile Sync.
- Overriding Local Configurations: NCC settings take precedence over local configurations on the device. For instance, Administrator can reassign firewall back to the Security Profile Sync list to re-apply cloud security settings..
Summary
The Security Profile Sync feature provides an effective way for organizations to centralize and enforce security policies across Zyxel firewalls. By consolidating security profile management in NCC, organizations gain consistency and simplified administration.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 272 USG FLEX H Series
- 274 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight