-
How to Troubleshoot When a Remote Access VPN Client Cannot Access an Internal Server?
1. Confirm VPN Tunnel Status Navigate to: VPN Status > IPSec VPN > Remote Access VPN Verify whether the VPN client is listed as connected. Ensure the VPN tunnel is successfully established to the firewall. 2. Check VPN Client IP Assignment Confirm that the VPN virtual NIC has been assigned an IP address by the firewall.…
-
Can I modify implicit allow rules?
Question: Can I modify implicit allow rules? Anwer: No, you cannot directly modify or disable implicit allow rules in Security policy. However, you can create new deny rules with higher priority to block traffic as needed. The firewall evaluates traffic based on the order of the rules: custom policies are checked first,…
-
[ATP/FLEX] Where do I find the objects (services, addresses etc..) on Nebula firewall?
Question: Where do I find the objects (services, addresses etc..) on Nebula firewall? Answer: The Nebula firewall does not support objects in the same way as standalone firewalls. Instead of creating objects, you can directly enter the IP address and service port in the security policy during configuration.
-
[ATP/FLEX] Is it possible to disable a allow rule security policy in nebula?
Question: Is it possible to disable a allow rule security policy in nebula? Answer: To disable an allow rule in Nebula's security policy, navigate to Configure > Firewall > Security policy. You can then disable the specific allow rule you want to modify. Note: "Implicit allow rules" can not be disabled.
-
How to block the Application which is not listed in App partol
Question: How to block the Application which is not listed in App partol? Answer: Those apps might have been developed locally and are not available worldwide, so App Patrol does not include them. You can try blocking them using custom URLs or FQDN objects in the content filter. Note: You can ask the developer for the IP…
-
Visible NAT Implicit Rules
Visible NAT Implicit Rules In Nebula 18.00, we’ve introduced a minor but significant enhancement to the firewall's security policy management by making NAT implicit rules visible. This update improves transparency and helps users understand the automatic configurations applied to their network security. Overview of…
-
[Nebula] What is the default security policy rule for Nebula firewall?
Question: How can I set the default policy for clients? What is the default security policy rule for Nebula firewall? Answer: On Nebula > Configure > Firewall > Security policy, click on "Implicit allow rules". You can find the default security policy rules as follows. Allow LAN to Any Allow LAN to the appliance
-
[ATP/FLEX] Configure multiple FQDNs in one security policy rule on both destination/source address
Question: Can I configure multiple FQDNs in one security policy rule on both destination/source address? Answer: Currently you can set only one FQDN in source/destination in security policy rule on nebula. For destination, wildcard FQDN is supported. You can set one wildcard FQDN in destination.
-
[ATP/FLEX] How to restrict L2TP VPN access using Geo IP?
Create two security policy rules. In the following example, only Geo IP "Taiwan" is allowed to establish L2TP VPN. In the first policy, action: Allow, source: allowed Geo-IP, destination: Device, dst. port: 1701, 4500, 500 In the second policy, action: Deny, source: Any, destination: Device, dst. port: 1701, 4500, 500
-
How to solve the issue that GEO-IP blocks internal LAN IP that belongs to a certain Geo Region IP?
The administrator wants to block web GUI access from Venezuela so the following security policy is created. However, GEO-IP blocks internal LAN IPs because the LAN subnet has the same IP range of a certain Geo Region IP. How to solve this issue if it is impossible to change the LAN IP address? Suppose you'd like to block…
-
What are the firewall ports required to use Zyxel Nebula Control Center?
There are two ways to locate the server IP. One is through NCC and the other is through nslookup of the server domain. However, do note the IPs might change in terms of system upgrades and new server deployments. * Locate the IP in NCC On NCC, in Help Center > Firewall
Information, enlists the ports and services required…
-
What is the difference between firewall policy access settings "deny" and "reject" on NXC?
Both the "deny" and "reject" settings will block the traffic. The difference in their behavior is that "deny” will drop the traffic without any response, while the "reject" option will block the traffic and report back to the client that the destination is unreachable.For Example:1. If the firewall is set up to "deny", you…