Cloud Configuration Management & Sync for H Series Firewalls in Nebula 18.30
Zyxel Employee
With Nebula 18.30, Zyxel introduces cloud configuration management and synchronization for H Series firewalls.
To ensure consistency between cloud and local settings, Nebula 18.30 implements a structured configuration sync mechanism that prevents conflicts and allows seamless management.
1. Understanding Configuration Sync: How Cloud & Local Settings Interact
Since H-Series firewalls support both Nebula Cloud Management and local on-premise control, a key challenge is avoiding conflicts between settings.
How Does Synchronization Work?
Two-way Sync Mechanisms:
- Users change settings on NCCProvisioning NCC → Firewall (Cloud settings applied to the firewall)
- Users change settings on local GUIPolling – Firewall → NCC (Local changes updated in NCC)
These mechanisms ensure synchronization, but what happens when both configurations are changed at the same time?
2. Conflict Handling: Cloud vs. Local Override Rules
Override Conditions:There are two scenarios where the local firewall forces a full override of Nebula Cloud:
- Device is in default settings – When first connecting, the local configuration takes priority.
- Firmware Update or Configuration File Apply – If a configuration file is applied, the local firewall overrides NCC settings.
After this initial override, future syncs are handled via normal polling and provisioning.
What Happens When Conflicts Occur?
Polling before provisioning → Local settings will overwrite cloud setting
Provisioning before polling → Firewall rejects the provision. The next polling cycle then updates NCC with the local device’s settings
Users should avoid configuring the USG FLEX H Series from both Cloud and Local GUI simultaneously to prevent setting conflicts, as the final state will always ensure consistency.
3. Force Synchronization with Config Override
If NCC and the firewall settings become mismatched, users can manually force a configuration override using the Live Tool: Config Override in Nebula.
When to use Config Override?
- After upgrading to uOS 1.31, to synchronize cloud and local settings
- To force an immediate sync instead of waiting for the 5-minute polling interval
- If a discrepancy is detected between NCC and local settings
Categories
- All Categories
- 426 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 345 USG FLEX H Series
- 289 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 404 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight