Virtual Firewall for Nebula (vUSG FLEX / Nebula vFirewall)
Freshman Member
Use Case:
Many enterprise and SMB customers today operate in hybrid environments where part of their infrastructure resides in public cloud services such as Microsoft Azure, AWS, or Google Cloud Platform.
Competitors like Cisco (Meraki vMX), Fortinet (FortiGate VM), and Sophos (XG Firewall VM) already offer virtual firewall appliances that can be deployed directly in the cloud and managed through their respective management platforms.
This allows for secure, direct, and managed connectivity between on-premises networks and cloud environments — including ExpressRoute, IPsec, GRE, or BGP peering setups.
Current Limitation:
Zyxel currently does not offer a virtual equivalent of the USG FLEX H-series that can be deployed in the cloud.
This creates challenges when customers want to:
- Establish site-to-site tunnels between Nebula-managed locations and cloud environments.
- Integrate Nebula networks with Azure Virtual Networks or AWS VPCs using IPsec or GRE.
- Maintain centralized management and visibility for hybrid networks within Nebula Control Center.
The lack of a virtual firewall forces partners to either:
- Deploy physical firewalls in data centers or colocation (costly and impractical), or
- Use native cloud gateways with limited integration into Nebula (reduced visibility, inconsistent policies).
Suggested Solution:
Develop a virtual version of the USG FLEX H-series, for example named “Nebula vFirewall” or “vUSG FLEX”, that can be:
- Deployed as a virtual machine or container in Azure, AWS, and GCP.
- Fully registered and managed in Nebula Control Center, with the same interface and policy structure as physical devices.
- Support IPsec, GRE, and BGP routing, identical to on-prem USG FLEX models.
- Licensed per performance tier (e.g., 500 Mbps, 1 Gbps, 2.5 Gbps).
- Act as a hub in a hub-and-spoke topology for Nebula SD-WAN networks.
Customer Impact:
- Enables true hybrid cloud networking within the Nebula ecosystem.
- Simplifies secure and managed connectivity to Azure ExpressRoute, AWS Transit Gateway, and similar cloud services.
- Removes dependency on physical hardware for cloud deployments.
- Improves competitiveness versus Cisco Meraki, Fortinet, and Sophos.
- Adds significant value for MSPs and enterprise customers building multi-site Nebula environments.
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 198 Nebula Ideas
- 123 Nebula Status and Incidents
- 6.3K Security
- 483 USG FLEX H Series
- 319 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 46 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 451 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
