H Series and Nebula Security Policy rule limitations?
Freshman Member
What is the maximum number of Rules allowed in the Security Policy in Nebula for each H Series Device?
Best Answers
-
Max Firewall ACL Rule Number
50H = 500
100H = 500
200H = 2000
500H = 5000
700H = 10000
page 634
0 -
Hi @Ratsnackbar,
Is that number consistent when used in conjunction with Nebula? For the older Flex series it was not.
After confirmation, those numbers are consistent with Nebula-managed approach since the H series firewalls has a hybrid cloud/on-premise architecture, which allows configuration and monitoring from both Nebula and the web GUI. Due to this unified design, any changes made either on Nebula or via the local GUI will automatically sync across both managements.
Zyxel Tina
0
Guru Member
Zyxel Employee
All Replies
-
Max Firewall ACL Rule Number
50H = 500
100H = 500
200H = 2000
500H = 5000
700H = 10000
page 634
0 -
Is that number consistent when used in conjunction with Nebula? For the older Flex series it was not.
0 -
I'm not sure I don't use Nebula as it don't have the full list of settings and their seems to be problem with Nebula and Security policy like I have 133 rules and it seems you can't reorder the rules in Nebula also the add button to make a rule does not work until you click >| to go to the last rules.
0 -
I'm currently vetting the H Series devices in Nebula and so far it seems to work pretty well. Its still missing some of the security options you'd find in the older versions (CD&R for example) and some of the methods you'd wire your rules seem to need a bit of refinement. But overall I've not run into any show stoppers.
The older Flex series though had a hard limit of 50 Firewall rules in Nebula regardless of what the devices documentation stated was supported in On-Premise mode. This was due to how the rules were implemented in nebula.
With the H Series the Security Policies are defined more like they would be in On-Premise mode. I suspect the old limitations are more robust if not gone entirely. But I'm not finding anything definative about it.
So I guess I will just need to start making rules until it does not allow me too anymore unless someone else knows what the upper limit is. o.O
0 -
Hi @Ratsnackbar,
Is that number consistent when used in conjunction with Nebula? For the older Flex series it was not.
After confirmation, those numbers are consistent with Nebula-managed approach since the H series firewalls has a hybrid cloud/on-premise architecture, which allows configuration and monitoring from both Nebula and the web GUI. Due to this unified design, any changes made either on Nebula or via the local GUI will automatically sync across both managements.
Zyxel Tina
0 -
Thanks Tina, much appreciated!
0
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 455 USG FLEX H Series
- 303 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 279 Service & License
- 436 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight
