Nebula 20 - Application SMB value is blanks

Options
GiuseppeR
GiuseppeR Posts: 747 image  Guru Member
Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula 5 Answers First Comment
in Nebula

Hello everyone,

in a ORG I have SMB protocol working via VPN.

-1- Is it correct that the app is identified as it is going outbound via the firewall also if it is going via VPN only?

immagine.png

-2- When I open the app list I see it on top:

immagine.png

But as you can see:

immagine.png

Why it is blank?

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,835 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GiuseppeR

    Since these two questions are more likely related to device's behavior, could you share:

    1. The model that is used in site-to-site VPN.
    2. The traffic flow. Like SMB server is under site A, and client is under another site.
    3. The screenshot of question 2 is in which site?

    Thanks!

    Zyxel Melen


  • GiuseppeR
    GiuseppeR Posts: 747 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula 5 Answers First Comment
    edited June 8

    Hi @Zyxel_Melen

    1. Yes the model (Site1) is in VPN Nebula Orchestrator
    2. Exactly, SMB server is inside Site1 while SMB client is in Site2 via the VPN Nebula Orchestrator
    3. the screenshot is related to the firewall of Site1 where the server SMB is linked
  • Zyxel_Melen
    Zyxel_Melen Posts: 4,835 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GiuseppeR

    Sorry for my bad question. I mean the firewall mode on the two sites.

    https://community.zyxel.com/en/discussion/comment/85450#Comment_85450
    Zyxel Melen


  • GiuseppeR
    GiuseppeR Posts: 747 image  Guru Member
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula 5 Answers First Comment

    Hi @Zyxel_Melen

    what do you mean about "firewall mode" ? Nebula or monitoring?

    The ATP200 on Site1 is in Nebula mode, linking to SCR50AXE on remote sites via VPN Orchestrator.

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,835 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @GiuseppeR

    Sorry for the typo, I mean firewall model.

    To answer your question:

    -1- Is it correct that the app is identified as it is going outbound via the firewall also if it is going via VPN only?

    Yes, this current only occurs on ATP200 due to its behavior. Additionally, traffic pass through site-to-site VPN we define it is LAN to LAN traffic. Therefore, it should not be listed on the "Firewall application usage" or "Applications usage".

    -2- When I open the app list I see it on top, but as you can see no client in list:

    This is because SMB traffic source IP is based on the session initiator, which is under SCR. But due to the IP subnet does not belong to ATP, so ATP won't list client in the application client list.

    Zyxel Melen


Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)