Remote AP limit usage via VPN on prem or Nebula
Master Member
Hello everyone,
I'm planning to enlarge a WiFi network.
So I went inside that ORGs details and I see that not all the APs are able to be used remotely:
So I checked which AP I can buy here:
Anyway I see that there are some limitations like the fact that the APs with Remote capabilities are only these:
- Do you plan to enrich that AP list?
Another question, regarding the amount of APs that you can link to an ORG.
Looking at this part you can see some clear limits:
2. Are they valid both if the firewall is used on prem or via Nebula?
3. If the AP has a LAN port, also that LAN port is working via tunnel VPN to the headquarter?
Accepted Solution
-
Hi @GiuseppeR,
Thank you for your questions. Please find the clarifications below:
- Supported Remote AP models - Currently, only some models in the list support the Remote AP feature. However, we do have a plan to expand the list. The APs that support all three modes (Standalone, Nebula Cloud, and AP Controller) are expected to also support Remote AP in the future.
- Remote AP number limitation - The maximum number of supported Tunnel Mode APs listed in the documentation applies to both on-prem and Nebula-managed deployments.
- LAN port behavior of Remote APs - In general, only wireless client traffic is tunneled through the VPN in Remote AP mode. However, the WAC500H model additionally supports Remote AP Ethernet secure tunnel, allowing the wired LAN port client traffic to also pass through the VPN tunnel.
Zyxel Tina
0
Zyxel Employee
All Replies
-
Hi @GiuseppeR,
Thank you for your questions. Please find the clarifications below:
- Supported Remote AP models - Currently, only some models in the list support the Remote AP feature. However, we do have a plan to expand the list. The APs that support all three modes (Standalone, Nebula Cloud, and AP Controller) are expected to also support Remote AP in the future.
- Remote AP number limitation - The maximum number of supported Tunnel Mode APs listed in the documentation applies to both on-prem and Nebula-managed deployments.
- LAN port behavior of Remote APs - In general, only wireless client traffic is tunneled through the VPN in Remote AP mode. However, the WAC500H model additionally supports Remote AP Ethernet secure tunnel, allowing the wired LAN port client traffic to also pass through the VPN tunnel.
Zyxel Tina
0 -
Hi @Zyxel_Tina
regarding question 3, I'm planning to deploy some BE APs and some of them have LAN port.
It seems strange to me that all of them have NO remote secure LAN:
0 -
Hi @GiuseppeR,
Thank you for your feedback! We'll help create an idea post to evaluate supporting the Remote AP ethernet secure feature on the BE APs with LAN ports.
Please don’t forget to give it a vote if you like the request.
Zyxel Tina
0 -
Hi @Zyxel_Tina
thanks a lot, have a great day
0 -
Hi @GiuseppeR,
After confirming, currently, only the WAC500H model supports the Remote AP Ethernet secure tunnel feature.
The reason is based on the initial product design and market positioning: this feature was specifically implemented for the model that has multiple LAN ports, which currently applies only to the WAC500H.
For the BE series APs, since they come with only a single LAN port, there is no plan at the moment to introduce the Ethernet secure tunnel function.
However, we’ll continue to monitor user feedback through the idea post and evaluate future enhancements accordingly.
Thank you for your understanding!
Zyxel Tina
0 -
Hi @Zyxel_Tina
please let me highlight that some BE series APs have multiple LANs onboard:
This is a mid gamma AP, where you can use the uplink (red arrow) to attach it to the clients' router and the LAN1 port to create a secure tunnel for any RJ45 attached to it (also via switches).
In this way you can give remote users some specific peripherals like multifunction printers so they can print/scan like they are on site. Similar situation for data backups that could work properly without leaving open ports to internet.
0 -
Hi @GiuseppeR,
Apologies for not being clear earlier.
What I meant is that the WAC500H is currently the only model that supports the Remote AP Ethernet secure tunnel feature, and it’s also the AP with multiple LAN ports (a total of two “LAN” ports) specifically designed for this purpose.
While some BE series APs include more than one Ethernet port (e.g., one uplink and one LAN port for network extension), the Remote AP Ethernet secure tunnel function is only implemented on the WAC500H, which includes an additional LAN2 port.
Zyxel Tina
0 -
Hi @Zyxel_Tina
I understand your point of view, but you establish a secure tunnel to the headquarter firewall via Uplink port. So the WiFi (and all of its devices…) is working via secure tunnel.
In this way it could be possible to have also only one LAN port to create a RAP for remote LAN secure tunnel.
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 202 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 508 USG FLEX H Series
- 327 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 288 Service & License
- 458 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight
