Nebula NCC blocked by firewall
Master Member
Hello everyone,
we are replacing hardware on different companies and we are experiencing some problems like being blocked by their old firewalls.
I see that this should be the guide:
But I would like to know if Zyxel has a batch to execute inside a PC in those networks to check which of the above rules are missing.
I'm at your disposal to test a new *.bat file for this purpose
All Replies
-
It would not help to run a test on a PC if the PC tests fine but not from the firewall itself under different rules.
So whats the problem? you have a FLEX that can't connect to Nebula due to another firewall in front?
0 -
I have some switches that could not communicate to Nebula due to some Sophos in front of them. I have no password to change the config on those Sophos, so I would like to have a *.bat to check if those requested ports are all open or not and to report in a written txt which rules are missing so I would be able to give this result to the owner of the Company
0 -
well unless these Sophos are locked down and only give limited out going traffic I don't see why it would be blocked as its not inbound.
Just say to the Company allow TCP 443, 4335, 6667 and UDP 123 outgoing
0 -
Hi @GiuseppeR ,
Currently, there is no batch file (*.bat) available on PCs in the network to check for missing rules.
To troubleshoot connection issues, you can access the Switch's local GUI through Nebula Discovery and check the 3 status circles, which will indicate why the switch cannot connect to Nebula.
If you need additional support, please provide us with a remote session so we can assist you further.
0 -
Hello @Zyxel_Judy
I have a XGS2220-54HP that is working as switch (LAN and VLANs are working on site) but is unable to get a dynamic IP from an old Sophos so I cannot find it with ZON utility.
The switch is in DHCP.
Maybe there is a problem with DHCP server, so I want to assign a static IP to that switch so I can access its web interface.
How can I manage this without going on site and plugin another firewall/router with DHCP server inside it and manage the switch's IP?
I tried to connect remotely on a PC on that network and I could not ping the switch IP with a IP scanner.
It is the first time that I struggle so much with a switch, I configured it easily as usual and now that is on site at the client Organization I'm unable to reach it
0 -
If the switch is not getting a IP its a local network problem that the switch can't get a IP on it LAN the default IP is 192.168.1.1 VLAN1 if DHCP fails if the router has no network for the switch to connect too then you need to config that switch on the VLAN on the site.
0 -
It be HTTP port 80
But who setup the switch should know the reason? its as if the switch was setup to not be connected to the router LAN and needing a PC connected on a given port of the switch to access it
0 -
I setup the switch.
When I plug it in another "basic" Fritzbox everything goes smoothly, the problem is only when I plug it in the Sophos. It is unable to get an IP, so it does not go online on Nebula. The Sophos DHCP server is not giving an IP blocking its outbound connections.
Internally the switch works.
0 -
Hello everyone,
there were 2 problems.
First one:
When that DHCP Server Guard was enabled (green switch) it was impossible to get an IP from Sophos firewall.
Now the switch gets the IP in DHCP, but it has blocked ports:
It is really strange to see that with DHCP Guard everything was unreacheable, also locally
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 426 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 344 USG FLEX H Series
- 288 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 404 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
