[ATP/FLEX/FLEX H] What is the maximum number of DHCP Pool supported on Nebula firewall?

HienDang
HienDang Posts: 4  Freshman Member
Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula

I saw Zyxel have limit maximum number of Static DHCP table supported on Nebula USG/ATP firewall.

Firstly, what is the maximum number of Static DHCP table supported on Nebula USG_FLEX_H series? I still didn't see USG_FLEX_H on nebula to add, when will Nebula support to add?

Secondly, What is the maximum number of DHCP IP Pool supported on Nebula firewall USG/ATP/FlexH?

Accepted Solution

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,213  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    edited November 8 Answer ✓

    Hi @HienDang

    Thank you for your questions! Here are the answers:

    1. What is the maximum number of Static DHCP table entries supported on the Nebula USG FLEX H series?
      Answer :
      For the uOS(USG FLEX H), Please find the page 477 of the user guide book: 
      https://download.zyxel.com/USG_FLEX_700/user_guide/USG%20FLEX%20700_V5.38_Ed2.pdf
    2. When will the USG FLEX H series be supported on Nebula?
      Answer :
      Yes, the USG FLEX H model will fully support Nebula mode, but the exact operation date has not been confirmed yet. We expect it to be available in 2025.
    3. What is the maximum number of DHCP IP pools supported on the Nebula firewall for USG FLEX/ATP/USG FLEXH?
      Answer:
      The maximum number of DHCP IP pools is the same as in on-premise mode. For more details:

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Dylan96
    Dylan96 Posts: 21  Freshman Member
    Zyxel Certified Network Administrator - Nebula Zyxel Certified Network Administrator - Security First Comment Friend Collector

    Wait, I thought Nebula Native Mode was supposed to come out by the end of 2024. What happened?

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,213  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @Dylan96

    Nebula Native Mode is designed to simplify the deployment of Nebula firewalls (USG FLEX/ATP series) on the cloud. However, for the USG FLEX H series firewall, it will be introduced in a hybrid mode, not Nebula Native Mode. This hybrid mode allows configuration through both the Nebula Control Center (NCC) and locally, which is different from the previous firewall model.

    With the latest uOS 1.30 release, the USG FLEX H series already supports some Nebula features, including:

    • Nebula Topology
    • Nebula Security Profile Sync
    • Nebula Site-wide Device Status
    • Nebula Site-wide Event Log

    You can find more details in the release note:

    USG FLEX H Series - V1.30 Patch 0 Firmware Release

    To ensure seamless integration with Nebula, we're continually working to enable more features, so additional development is necessary. The full functionality is expected by 2025, stay tuned to our https://community.zyxel.com/en/categories/nebula-news-and-new-release .

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • TranAnhDung
    TranAnhDung Posts: 3  Freshman Member
    Zyxel Certified Network Engineer Level 1 - Security First Comment Friend Collector

    Thank you for your clearly reply.

    I have 1 more question: "What is the maximum of IP per pool (pool size) of Flex & Flex H series? Is it the same number with static DHCP IP?"

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,213  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @TranAnhDung

    There is no restriction on the IP pool size; as long as it fits within Class A, B, or C, it can be configured. However, the actual number of users supported will depend on the device's capacity. You can refer to the recommended number of users by filtering the Number of Users at:

    https://www.zyxel.com/global/en/products/next-gen-firewall

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • HienDang
    HienDang Posts: 4  Freshman Member
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula

    As picture above, Same 25 user for ATP100, Flex100 and Flex100H.
    For 50 users will be ATP200, Flex200 and Flex200H.
    It means Flex100H can not apply for 50 users. But the specification for FlexH series is higher than others series.
    Why "the number of users" is still the same?
    Which option beside "the bandwidth" will define "the number of user" here?
    The new uOS is not good than the older one?
    Please give me an advice.

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,213  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    edited November 7

    Hi @HienDang

    Here’s a breakdown of why recommended user limits are set as they are across different models, even when some models (like the FLEX100H) have higher hardware specifications.

    1. Criteria for Recommended User Limits

    The recommended user limits are based primarily on each device’s capacity to handle concurrent sessions and logins, especially with security features enabled. Key factors include:

    • Concurrent Sessions: Each device has a maximum number of active sessions it can handle. Higher session numbers can strain resources, even with ample bandwidth, which is why user recommendations are set to help ensure stable performance.
    • Concurrent Logins: User limits also consider the number of users actively logged in simultaneously. With more users accessing secure or data-intensive applications, the device’s resources are further taxed.
    • Security and Processing Requirements: Devices using security-intensive features—such as VPNs or advanced threat detection—may have tighter user caps to maintain high-quality performance for these tasks.
    • VPN Tunnels: The capacity for VPN tunnels is another factor in determining recommended user limits.

    These limits serve as general guidelines for product sizing, but you’re welcome to adjust the user numbers based on your specific applications, scenarios, or market needs.

    2. Performance with New uOS Updates

    We understand there may be perceived differences in performance with new uOS versions. Here’s some context that may be helpful:

    • Enhanced Performance with uOS: The new uOS generally improves Firewall and VPN performance.
    • Prioritizing Security and New Features: New uOS versions often come with added security features and optimizations. While these updates improve functionality, they may also increase processing demands, creating a temporary perception of slower performance. Adjusting resource-intensive settings can help fine-tune the device’s operation to best suit your requirements.

    I hope this explanation provides clarity on the model specifications and user limitations.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Nebula Tips & Tricks