Replace NSG100 with USG Flex 500

Here is the scenario: 1 Nebula Org with 3 current sites. Site 1 has a USG Flex 500 configured correctly. Site 2 has a NSG100 that I want to replace with a USG Flex 500. I already purchased the new USG Flex 500, this is just a question on installation sequence with minimal down time.

I want to pre-configure the USG Flex as much as possible before I am on prem.

Ideally, I would copy the existing configuration from Site 1 then just change WAN and LAN1 IP when I install. Can I copy JUST the Firewall configuration from site to site? 

I am concerned that adding the USG Flex 500 before I am onsite will override the NSG100 and I will inadvertently cause problems. (I recall that there can only be one firewall on a site). Is there a recommendation for this?

Site 3 will have the same issue, but the current firewall is not on Nebula. I will want to clone the Site 1 firewall configuration to Site 3.

All Replies

  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @jimf
    On Site 2, do you want to change from Nebula mode to on premises mode (standalone)? For sure that you are able to just copy the configuration from site to site if they're the same models. However, if you still need to implement site 2 FLEX500 in on-cloud mode, you'll need to re-configure the device from Nebula portal.

    When pre-configuring your FLEX 500 (in on-premises mode), what you need to pay attention will be those features running external services (e.g. DDNS, external auth server...etc) since if both devices get on-line simultaneously, they may compete accessing to the same services which may lead to some functional issue on the original device.
  • jimf
    jimf Posts: 3
    First Anniversary
    Follow up question. Can I add the Flex 500 to site 2 with the NSG without a conflict?  (to pre-configure before a site visit). As i recall from past experience I could only have 1 firewall on a site.
  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2021
    Does Site 2 have other devices (AP/switch) or NSG 100 only? 

Security Highlight