[NEBULA] NSG 300 inbound limit firewall virtual server rules limit
All Replies
-
Hi @vivrml,
About the inquiry for virtual server limitation, both NSG200 & NSG300 maximum are 100 rules.
I would like to reminder that virtual server service port could configure a range of port by using "-" (dash) symbol and based on our experience this method is the solution when encountering for more than 100 rules.
If the solution doesn't help, may you shared your scenario/application to us and provide your org/site name with Zyxel support enabled located at HELP > Support request.
Thanks.
JonasJonas,0 -
Hi
We have servers running vm guests, each of the guests is accessed by the end users via the rdp software we use.
ports are mapped to 3389 locally on each guest.So 3389 to 3389 machine 1, 3390 to 3389 machine 2, etc.
Each guest is a separate organisation and so is provided a unique port for their use.
Your help in this regard would be much appreciated as we do not wish to give up on Nebula0 -
Hi @vivrml,
Thanks for sharing the scenario.
According to the description, 100 rules are enough to achieve the goal.
Or is there any other concern?
Jonas,Jonas,0 -
Hi
The gigabit link linked to the NSG has the capacity to enable us to link more than 100 clients, unfortunately because of the web gui limitations we cannot use the full capacity of the link. We therefore have users connecting via a USG60 on a FTTP link because we cannot put them through the NSG200.
I have had conversations with support who told me this is not a limitation of the device but an arbitrary limit place on the website and the answer is to move away from NSG devices and avoid the flex link when that is released. Flex will also nobble the device by limiting the amount of inbound rules.
So the answer appears to be that we move to the best available local gui managed USG device and only use Nebula for smaller installations0 -
Hi @vivrml,
Thanks for sharing information to us.
I would like to inform that the NSG were designed with certain commonalities features to USG, and more friendly to configure (not complex).
Back to the main subject for virtual server, we had discussion again, and the solution for your scenario is to add a rule one by one. And the "-" (dash) feature might not be the solution for yours, it's for the scenario which only has 1 server for multiple services.
According to your scenario, I assume that it is a "work from home" scenario, am I right? If yes, I would recommend to use l2tp VPN.
Additional information for NSGs, as below:
NSG50:
Recommend of users: 1 ~ 10
Maximum TCP concurrent session: 20,000
NSG100 -
Recommend of users: 1 ~ 25
Maximum TCP concurrent session: 40,000
NSG200 -
Recommend of users: 25 ~ 50
Maximum TCP concurrent session: 80,000
NSG300 -
Recommend of users: 50 ~ 200
Maximum TCP concurrent session: 500,000
Hope it helps,
JonasJonas,0 -
Thankyou ever so much for the response
That is also as support informed us, unfortunately the limit on inbound rules within the web interface means the Nebula solution is a no go for us, however the local USG route should work fine.
It is a pity as we had grown to really like the Nebula interface.
They informed us that the Flex interface will also have the same limitations so it is local management only
We'll now source a USG box and move forward0 -
Hi @vivrml,
You are very welcome.
Very appreciate for the suggestion and comment, your insights are incredibly valuable and will help us make sure we serve you and other customer a better experience.
I'll also create a post to idea section for this case to monitor comments and likes of this post.
JonasJonas,0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight