Remote Access VPN – Cloud Integration
Zyxel Employee
USG FLEX H Series Firewall continues to unify network management and VPN deployment with the integration of Remote Access VPN configuration into the Nebula Cloud platform. With this update, administrators can now manage secure remote connectivity directly from Nebula, eliminating the need for local access to firewall settings.
This article focuses on the Cloud Settings component of the Remote Access VPN feature, along with enhancements like Nebula-assigned domain names and certificate binding.
1. Remote Access VPN – Now in Nebula
Previously, configuring Remote Access VPN was only possible via local firewall interfaces. With the latest release Nebula 19.20, this feature is now available directly through Nebula Control Center.
Where to Find It:
Navigate to: Site-wide > Configure > Firewall > Remote Access VPN
Here, you can configure both:
- IPSec VPN
- SSL VPN
These configurations now live within a single page, simplifying setup and management for both VPN types.
2. Cloud Configuration Support
The cloud VPN settings fully mirror the local firewall configuration options. That means:
- You can perform detailed VPN configuration on Nebula
- Advanced options are accessible by clicking “Other Settings”
- No need to log into the local device interface for VPN setup
This gives administrators the flexibility to configure or adjust VPNs remotely via Nebula.
3. Nebula-Assigned Domain Name (FQDN)
A major enhancement is the introduction of Nebula-assigned domain names for VPN services. This allows automatic FQDN generation for each site.
What It Does:
- Nebula generates a unique domain name for your firewall (e.g., abc123.zyxelcloud.net)
- This domain name is automatically bound to the public IP of the firewall
- Simplifies VPN client setup - no need to manually update DDNS or use static IPs
4. Certificate Validation
When setting up a Remote Access VPN, you need to select a VPN server address, which can be an interface IP, a custom domain name, or a Nebula-assigned domain name. The firewall will bind the certificate based on the selected server address:
Certificate Binding:
When using a Nebula-assigned domain name:
- The VPN certificate issued by Nebula automatically includes the domain
- No manual certificate setup needed
- Ensures secure authentication for remote clients
Alternatively, administrators can still:
- Manually configure certificates for SSL or IPsec VPN
- Use a custom domain name or interface IP
Selecting Auto for certificate validation uses the selected VPN Server Address type configured
This flexibility supports various enterprise security policies and compliance needs.
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 202 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.3K Security
- 515 USG FLEX H Series
- 328 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.9K Consumer Product
- 288 Service & License
- 458 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 85 About Community
- 97 Security Highlight