-
How long will the WAN failover feature take?
Scenario : Users can follow this article : [ATP/FLEX]How do you setup failover with 2 ISP providers? to set up dual WAN failover feature, but how long will the WAN failover feature take? Answer : It shall be fast, please refer to our lab test result: The ATP100 has two WAN interfaces. The backup interface is set to WAN2.…
-
Do I have to add extra security policies to ping IPSec VPN tunnel when IPSec VPN tunnel is connected
Question : Currently, Nebula supports site-to-site, hub-spoke, and remote VPN services. Is it necessary for the user to add extra security policies to enable pinging across the IPSec VPN tunnel when it's connected? Answer : No, once the user creates site-to-site, hub-spoke, and remote VPN settings on Nebula, corresponding…
-
[Nebula] Why is Anti-Malware signature not updating?
Question : Users may encounter situations where the antivirus signature cannot be updated normally. This article will guide you on how to resolve this issue. Answer : Please use the CLI command "show anti-virus signatures status" to check if the Anti-Virus signature version and release date are up-to-date or not, as shown…
-
[ATP/FLEX] Why did the Nebula firewall firmware update fail? How can this issue be resolved?
Question : The user may encounter an embarrassing situation if a cloud firmware upgrade on Nebula fails. For example, if the customer attempts a cloud firmware upgrade from 5.37P1 to 5.38 but encounters failure, the event log may display the following: How can this issue be resolved? Answer : The possible reason is that…
-
How to check the firewall operate in on-premise mode or Nebula mode via the CLI?
Question : The USG Flex/ATP models can operate in on-premise mode or Nebula mode. There is a simple way to check the mode status via the CLI command. Answer : The CLI command is "debug show sdwan_ztp status". If the firewall operates in on-premise mode, the CLI result will show as below: Router> debug show sdwan_ztp status…
-
[ATP/FLEX] How to block the specific IP to access or establish VPN with the Nebula firewall?
Question : Users may want to block specific IPs from accessing or establishing VPN connections with the Nebula firewall for security purposes. This article will guide you on how to deploy this feature. Answer : Please navigate to Site-wide > Configure > Firewall > Security Policy > Add a security policy. Choose the Action…
-
How to check the session and traffic count information for Geo IP ?
Question : Users may utilize various Geo IP-related features such as firewall rules and device access restrictions on the firewall. Users may want to monitor the session and traffic count related to Geo IP. This article will guide you on how to monitor it. Answer : Please navigate the Web-GUI path: Monitor > Session…
-
How to check the statistics of the App Patrol through the Web GUI and CLI?
Question : When users configure the App Patrol feature by applying it to firewall rules, they may want to monitor application statistics information. This article will guide users on how to check the statistics of the App Patrol through the Web GUI and CLI. Answer : Please navigate to the Web-GUI path: Monitor > Security…
-
Why the site-to-site VPN tunnel will disconnect hourly? How to reslove it?
Scenario : Users may encounter a situation in the site-to-site VPN tunnel that will disconnect hourly. This article will guide you on how to identify the possible reasons and resolve this problem. Answer : The possible reason for the site-to-site VPN disconnecting hourly is that the Phase 2 SA Lifetime is set to 3600…
-
How to check system uptime on USG Flex H series models via Web-GUI and CLI command?
Scenario : The system uptime is an important indicator of the firewall's stability. This article will guide you on how to check the system uptime on USG Flex H series models. Answer : Users can utilize the dashboard to directly check the system uptime, as demonstrated below: Users can also use the CLI command "show system…
-
How to use OID to get the system uptime through SNMP on ATP and USG Flex models?
Before reading this article, please refer to the below two articles: How to set up SNMPv2 on ATP and USG Flex models? How can the system uptime be queried through SNMP on ATP and USG Flex models? Scenario : If the user knows the corresponding OID (object identifiers) for the firewall's configuration parameters or values…
-
How can the system uptime be queried through SNMP on ATP and USG Flex models?
Scenario : Users may want to utilize the SNMP feature to query the system uptime and monitor the firewall's operational status. This article will guide you on how to do so Answer : Before beginning, please refer to this article: How to set up SNMPv2 on ATP and USG Flex models? to see how to set up the SNMP feature in your…
-
What is the ARP table refresh time in USG Flex / ATP models?
Scenario : Users utilize the ARP table to monitor MAC and IP corresponding information. IP addresses may change or be released from time to time in users' network environment, and users may want to know the ARP table refresh time in USG Flex / ATP models. Answer : Users can use the CLI command "show arp-table" to monitor…
-
How to resolve the issue of high CPU usage when clients are connected to the LAN port only?
Scenario : Users may encounter an issue where, when clients are connected only to the LAN port and configure the firewall through the Web-GUI, the firewall fails to connect to the WAN port, resulting in high CPU usage from time to time, as shown below: What is the cause of this issue and how can it be resolved? Answer :…
-
[ATP/FLEX] My secureporter device are not connected
Scenario : Users may encounter a situation where they successfully setup the firewall on the Nebula, however, the SecuReporter indicates the device is disconnected. This article will guide you on how to resolve this issue. Answer : The possible reason is that the Nebula Firewall doesn't send traffic to the SecuReporter,…
-
[ATP/FLEX] We have problems with VPN l2tp over ipsec on mac device.
Scenario : Users may encounter a situation which they successfully establish an L2TP VPN connection using an Apple Mac device, but cannot ping or access the intranet hosts of the peer site. This article will guide you on how to resolve this issue. L2TP VPN server related settings on the Nebula: The Mac device successfully…
-
[ATP/FLEX]How do you setup failover with 2 ISP providers?
Scenario : Users may want to set up a dual WAN configuration with two ISPs for WAN failover purposes in case one of the WAN interfaces fails. This article will guide you on how to set up this feature. Answer : First, please navigate to Site-wide > Configure > Firewall > Interface to check if the firewall is configured for…
-
How to check the active session number on the firewall?
Scenario : Users typically rely on the active session number to determine if the firewall is handling a large number of sessions. Therefore, knowing how to check this on the firewall is crucial for users. This article will guide you on how to do so. Answer : The user can monitor the active session number on the Web-GUI's…
-
[ATP/FLEX] How to check alert event on the Nebula when you got an alert mail from the SecuReporter?
Scenario : The user may get an alert mail from the SeCuReporter but doesn't know how to check the detailed event on the SecuReporter and Nebula, this article will guide you on how to check it. Answer : Please navigate the SecuReporter path History > Alert. Then find the corresponding alert log. Click on the alert to view…
-
[ATP/FLEX]How to check multicast DNS packet in the firewall?
Scenario : The user may encounter a problem where there is traffic related to port 5353 (multicast DNS) being dropped by the security policy, but they may not know which client IP is generating the traffic, as shown below: This FAQ will guide you on how to check it. Answer : The user can utilize the CLI command "show sdwan…