Using Nebula Remote Access to Gain Real-time Device Data for Network Troubleshooting

Nebula_Yvonne

Nebula offers a set of useful tools – such as PING, traceroute, LED locator, etc. – to help users to troubleshoot their network with instant information collected from the device. Troubleshooting networking issues, however, might require to get more specific data according to the situation, in which Remote Access becomes an important tool. Administrators can take advantage of this tool to gain remote access to the device command line and obtain real-time logs and data or any other additional information directly from the device, reducing the need for sending someone onsite or requiring local staff to make a remote desktop session available, which ultimately helps save more time and money for businesses. 

Nebula Remote Access is available in Nebula Professional Pack and supports access to Nebula APs and Security Gateways.

This article will explain how to set up Remote Access within Nebula Control Center (NCC).

Setting up Remote Access

Scenario: a device in a remote site cannot connect to the network at some specific situation and you need live logs and more information for troubleshooting.

You are generating an IP address and port for Remote Access in NCC for troubleshooting. The following example is the set-ups for Security Gateways. The set-ups for Access Points follow the similar steps as well.

Location: Site-wide > Devices > Security gateway > Live tools > Remote Access

• By default, port 22 (SSH) is selected to be used by the device in the remote session, however, some network firewalls might block this port, in which case, you could opt to use the port 443 from the drop-down list. After selecting the port, simply proceed to click the ‘Establish’ button:

• A warning message will pop-up first, highlighting the risk of using this remote access tool for a non-troubleshooting purpose. After reading it, click the ‘OK’ button to continue.

• Next, the IP address and port number of remote connection will be displayed together with a note instructing you to use a SSH terminal emulator in which you only need to paste this IP:port.

Verification

• Run the terminal software on your PC, Teraterm is used here for illustration. Copy the IP address and the port number from NCC to Teraterm.

• As mentioned in the note on Nebula Control Center, in case this session does not work, please try generating another Remote access by selecting a different port (443). Check the network firewall in case none of the ports work.
• After you access the NSG successfully, you should be able to see the command prompt of NSG.

You may find the username and password in Site-wide setting.

Location: Site-wide > Configure > Site-settings > Device configuration > Local credentials

• Once logged in, you can execute the commands that you need for troubleshoot.

Please check this FAQ that includes recommended troubleshooting commands.

Note:

＊ At current stage and for security reasons, only Org-owner have access to execute this tool for NSG series devices. Regarding AP devices, Org-Owner, Org-Full and Site-Full privileges are allowed to use this tool from NCC. Further release will include per-account access control.

＊ Any configuration changed by SSH might be overwritten by further changes applied through NCC or cause a synchronization issue. It is recommended to limit the use of this tool to troubleshooting processes only.

＊ The remote session will be available for 30 minutes.

＊ Remote access is currently supported by all NSG models and AP models (except for NAP102 and NWA1123ACv2) running on the latest firmware version.