Nebula controlled Flex 100 wan settings / fallback
I need to send a few Flex 100 firewalls to customers. I Would like to configure these firewalls at our office in advance with WAN settings and all.
As I understand the firewalls have a fallback function where they default to the last known good WAN config if they can not access Nebula with the new settings. Can this be disabled?
BR,
Petri
Accepted Solution
-
Hi @PuuhaPete,
We can pre-configure settings in Nebula in office.
When you go to customer's site to deploy firewall, just log in device local Web GUI to modify Wan interface.
Local Web GUI Wan Settings.
How to log in device local web gui
https://community.zyxel.com/en/discussion/14846/atp-flex-how-to-capture-packets-on-nebula-firewall-local-web-gui#latest
0
All Replies
-
Hi @PuuhaPete,
We can pre-configure settings in Nebula in office.
When you go to customer's site to deploy firewall, just log in device local Web GUI to modify Wan interface.
Local Web GUI Wan Settings.
How to log in device local web gui
https://community.zyxel.com/en/discussion/14846/atp-flex-how-to-capture-packets-on-nebula-firewall-local-web-gui#latest
0 -
Hi,
Yes I know how the WAN settings are done through the local interface.
However doesn't the firewall default to last known good WAN configuration if it can not get an Internet connection after the changes?
The problem here is that I am not going to visit the sites where these firewalls are going to be sent. I am preconfiguring them on another site and sending then for the customer to connect.
0 -
Hi PuuhaPete,
It is unable to turn off this mechanism. what are those devices wan interface type? DHCP, PPPoE, or static public IP?0 -
Zyxel_Cooldia said:Hi PuuhaPete,
It is unable to turn off this mechanism. what are those devices wan interface type? DHCP, PPPoE, or static public IP?0 -
Hi @PuuhaPete ,
You can bind a fake IP in uplink router to simulate cusotmer's ISP gateway. Once the device provision to NCC succesfully, just shutdown the device.
0 -
I always preconfigure the firewalls I send out. First I always choose DHCP for WAN1on the initial setup and just plug in a network lead from our LAN in to P2. Once online in Nebula I set up Wan2 as DHCP and swap the cables over.
Once online via WAN2 I can then saflely modify WAN1 with the required PPPOE detail or static IP and ship out. Never had any issues doing it this way. And I send out several firewalls a week!
1 -
Hi, Thanks for the great idea. Will use this on firewalls that have two or more WAN ports.
Unfortunatelly we have to send out some Flexx 100 firewalls and they don't have the possibility to use another WAN-port.
I will make a new network in our lab and spoof the static ip this way.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight