Zyxel_Irene  Zyxel Employee

Hi @Lilybay NAT 設定的部分我們已經將數量限制放寬到 50 筆囉! :) 可以到 NCC 上試一下~ 另外, Public/Local Port 可以以範圍做設定或利用逗號填入多個 port 的部分,已經幫你在 我有想法 的板上發文囉! B)

@JorisK Because we have other customers ask about SIP ALG, and the good new is now we are working on discussing this feature internally, so I would like to clarify if your request is SIP server or SIP ALG? I would like to help to transfer this to internal.

@vivrml The enhancement for NAT rule is on NCC now! :smirk:

@FrankIversen You are running on zero touch VPN. ;) Once NSG public IP is changed, VPN tunnel will disconnected and re-connected automatically.

If your NSG is not behind the NAT, Site-to-Site VPN with dynamic peer is supported by NSG for Nebula-to-Nebula VPN topology now. When NSG public IP is changed, VPN tunnel will disconnected and re-connected automatically. (Because if your NSG is behind the NAT, you need to set NAT-traversal on NCC.) For Nebula-to-nonNebula…

@FrankIversen The current behavior is that the traffic comes from local site VPN subnet and with dst pointed remote site VPN subnet, the traffic will go through vpn-tunnel. :smiley: If you want to direct ALL local traffic go through vpn-tunnel, you can configure static route. By the way, we will have Policy Route to assign…

@FrankIversen What is your VPN scenario, Nebula-to-Nebula or Nebula-to-NonNebula?

Hi @BryanLopez Welcome to Nebula Forum! :smile: We have Live tools to reboot NSG when it is online through Monitor > Security Gateway on NCC (as picture, and you created a ticket regarding this question through our technical support channel, I will reply you through ticket. Thanks :sunglasses:

@FrankIversen Could you provide more detail (ex: IPSec phase 1 & 2 settings in Pfsense site)? Is NSG behind a NAT router? :smile: You can refer this FAQ for How to establish Site to Site IPSec VPN between Nebula and Non-Nebula devices ?

Hi YuKai 感謝你的分享,這個部分我們會再討論以增強報表顯示及使用 :smile:

Hi @Lilybay 針對NAT設定部分,未來我們將會把數量限制放寬: 1:1 NAT + Virtual Server 設定數量上限共為50 :+1: 換句話說,當你只設定一筆1:1 NAT時,還可以再設定49筆 Virtual Server ~ :sunglasses:

@vivrml Sorry for late update to you. :dissapointed_relieved: After some discussion, we will have enhancement and extend to 50 in total for 1:1 NAT & Virtual server in the future. They will share the pool. It means when you can configure 1 entry for 1:1 NAT, then you can set 49 entries for Virtual server. Let's look…

Hi @vivrml Welcome to Nebula Forum! :sunglasses: I just saw you created a ticket regarding this question through our technical support channel, I will reply you through ticket. After the case is clarified I'll update once more here in the post. :smile:

Hi @FrankIversen Sounds great, and it will be more safer for enterprise and users when user connect to L2TP VPN. :smile: NSG could support PAP and MSChapv2 protocol at this stage, but there is no way to enable MFA function on NCC to trigger MFA... I also would like to suggest you can share this idea in idea section. :star:

Hi @FrankIversen What you want is a button to enable/disable the non-nebula VPN peer profile you created, then you don’t need to add a new again when you want to enable it. :sunglasses: If yes, it should be a good idea, and I would like to invite you post it on the idea section. :smile: