[Nebula 19.10] Unified Site-Wide Device Access Settings for Switches & APs
Zyxel Employee
In Nebula version 19.10, we’ve streamlined how you control local management access to your switches and access points. This update consolidates multiple settings into a single, site-wide configuration, making it easier to secure your devices and manage SNMP access.
Background
Before 19.10, each cloud-managed Zyxel products address device management access differently. Firewalls used firewall security/policy control rules to allow or block local management. Switches had an Access Management page where you could allow/deny management from specific IP ranges. Access points had no built-in feature to restrict local management access.
What’s New in 19.10
In Nebula 19.10, we’ve introduced a unified “Administrative Access” section under
NCC > Site-wide > Configure > Site Settings. From here, you can enable/disable specific management protocols such as SSH, HTTP / HTTPS, and SNMP.
As for the option Permit access only from designated IP ranges, if this option is disabled, all LAN clients can access devices. On the other hand, if this option is enabled, only clients from specified IP ranges can access devices.
SNMP Management Integration
SNMP settings are now part of the same Administrative Access section. When SNMP is enabled, additional settings (e.g., SNMP version, community string) become available. Also, SNMP is simplified to one toggle: Disabled or v1/v2.
Migration from Previous Versions
If you were using these features before 19.10, Nebula Sites with pre-existing SNMP settings are updated with its equivalent settings in the new Administrative Access settings. For instance, the previously v1/v2 enabled SNMP access feature would remain enabled after upgraded, and the Community string values are carried over automatically.
As for the pre-existing Switch Access Management Settings, any existing allowed IP ranges are migrated to the new site-wide settings, and Switch settings now show a redirect link to the site-wide page.
Captive Portal Compatibility
Captive portal requires both HTTP and HTTPS enabled. If you restrict access to certain IP ranges, ensure your wireless client subnet is included. Otherwise, clients may not be able to load the captive portal page to authenticate.
To sum up, by consolidating these controls into a single site-wide setting, Nebula 19.10 simplifies management as there is no need to configure each device type separately. This consolidation also improves security by restricting access to trusted IPs only. However, to be noticed is that this unified access control applies to switches and APs. Firewalls still use their own security/policy control settings for management access.
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 454 USG FLEX H Series
- 303 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 278 Service & License
- 435 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight