This article will guide you through the process of replacing a device in Nebula. It will cover the steps to replace the device, outline the configurations that need to be reconfigured, and highlight the configurations that can remain unchanged after successfully swapping your device due to an RMA or exchange.
-
What needs to be re-config when replacing the device in Nebula?
Firewall
Note! This table is true if you change your firewall to the same firewall (e.g. USG FLEX 500 to USG FLEX 500), and not if you change to a new model (e.g. USG FLEX 500 to ATP200)
| Section | Configuration | Needs re-config |
| Site-wide -> Devices -> Firewall | Firewall Name | Yes |
| Site-wide -> Configure -> Firewall -> Port | Port Group | No |
| Site-wide -> Configure -> Firewall -> Interface | WAN interface, LAN/VLAN interface | No |
| Site-wide -> Configure -> Firewall -> Routing | Policy Route/Traffic Shaping, Static Route, WAN load balancing | No |
| Site-wide -> Configure -> Firewall -> NAT | Virtual Server, 1:1 NAT | No |
| Site-wide -> Configure -> Firewall -> Site-to-Site VPN | Site-to-Site VPN, Non-Nebula VPN peers | No |
| Site-wide -> Configure -> Firewall -> Remote VPN | Domain name, IPSec VPN Server, L2TP over IPSec | No |
| Site-wide -> Configure -> Firewall -> Security Policy | Security Policy, Anomaly Detection and Prevention, Session Control | No |
| Site-wide -> Configure -> Firewall -> Security Service | Content Filter, Application Patrol, DNS/URL Threat Filter, IP Reputation, Sandboxing, Intrusion Prevention System (IPS) | No |
| Site-wide -> Configure -> Firewall -> Captive Portal | Captive Portal | No |
| Site-wide -> Configure -> Firewall -> Authentication Method | Network Access | No |
| Site-wide -> Configure -> Firewall -> Firewall Settings | DNS, Dynamic DNS, Authentication Server, Wallet Garden | No |
Switch
| Section | Configuration | Needs re-config |
| Site-Wide -> Monitor -> Switch -> "Switch Name" | Configuration (Switch Name), Status (IP Configuration, DNS Configuration | Yes |
| Site-Wide -> Devices -> Switches -> Switch Name -> Port x | Port Name, Tags, Port enable, RSTP, STP Guard, LLDP, Link Port isolation, IPSG Protected, Bandwidth Control, Loop guard, Storm Control, Type, Management Control, PVID, Allowed VLANs, IPTV Settings | Yes |
| Site-wide -> Configure -> Switches -> ACL | Management Rules, Customization Rules | No |
| Site-wide -> Configure -> Switches -> IP & Routing | IP Interface, Static Route | No |
| Site-wide -> Configure -> Switches -> ONVIF Discovery | ONVIF Configuration | No |
| Site-wide -> Configure -> Switches -> Advanced IGMP | IGMP Configuration | No |
| Site-wide -> Configure -> Switches -> Authentication | Authentication Server, Authentication Policy | No |
| Site-wide -> Configure -> Switches -> PoE Schedules | PoE Schedule | No |
| Site-wide -> Configure -> Switches -> Switch Settings | Auto-configuration recovery, VLAN configuration (Management VLAN only), STP Configuration, Quality of Service, Voice VLAN etc. | No |
Access Point
| Section | Configuration | Needs re-config |
| Site-Wide -> Monitor -> Access Points -> "AP Name" | Configuration (AP Name), Status (IP Configuration, DNS Configuration | Yes |
| Site-wide -> Configure -> WiFi SSID Settings | WiFi Name, WiFi Settings, Guest Network | No |
| Site-wide -> Configure -> Access Points -> SSID Advanced Settings | Network Access, Traffic Options, Advanced Settings | No |
| Site-wide -> Configure -> Access Points -> Captive Portal Customization | Themes, Click-to-continue/Voucher/sign-on page, External Captive Portal URL, Captive Portal Behavior | No |
| Site-wide -> Configure -> Access Points -> SSID Availability | SSID Availability, SSID Schedule | No |
| Site-wide -> Configure -> Access Points -> Radio Settings | Country, Maximum Output Power, Channel width, DCS setting, Smart Steering, WLAN Rate Control | No |
| Site-wide -> Configure -> Access Points -> Radio Settings -> Edit (AP List - 2,4/5/6GHz Radios) | Radio mode, Channel, Channel Width, Maximum Output power, Airtime Fairness, Smart Steering (all parameters per AP) | Yes |
| Site-wide -> Configure -> Access Points -> Traffic Shaping | WLAN Traffic Shaping | No |
| Site-wide -> Configure -> Access Points -> Security Service | Application Visibility & Optimization, Threat Protection | No |
| Site-wide -> Configure -> Access Points -> AP Port Settings | General Setting, Load Balancing, Port Setting | No |
| Site-wide -> Configure -> Access Points -> AP Port Settings -> Edit (AP List) | Enabled, PVID, Allowed VLANs | Yes |
Save Configuration via Configuration Management
Configuration synchronization allows you to easily copy configurations from one site or Nebula Device to another. Use this screen to synchronize the configuration between sites or switch ports. You can also back up the current configurations for sites or switches to the NCC and restore the configuration at a later date
You may clone a site configuration to a new site, clone a particular switch configuration to another switch in the same site, via the Backup & Restore section of the "Configuration management" settings
Replace/Swap a Device in Nebula
Note: Before proceeding with the device exchange, ensure you have the owner privileges to perform actions within the NCC
Go to Organization-wide -> Administrators
Step 1: Remove the Old Device from the Organization
Go to Organization-wide -> License & inventory -> Devices
- Locate the old device that you wish to swap and mark it
- Click on "Actions" and then choose "Remove from Organization"
- Confirm the action by clicking "Yes" when prompted
Step 2: Swap the Device Physically
-
Physically replace the old Zyxel device with the new one
-
Ensure that you have the serial number and MAC address of the new device, or alternatively, use the Nebula mobile application to scan the QR code on the new device to retrieve the required information
Step 3: Add the New Device to the Organization
- In Nebula Cloud Center, go to "Organization-wide" and select "License & Inventory"
- Choose "Devices" and click on the "Add Device" button
- Enter the serial number and MAC address of the new device, or scan the QR code using the Nebula mobile application
- Follow the on-screen instructions to complete the device registration process
Go to Organization-wide -> License & inventory -> Devices
Step 4: Assign the New Device to the Organization
- Once the new device is successfully added, go to the "Devices" list under "License & Inventory"
- Locate the newly added device and ensure it is selected
- Click on "Actions" and choose "Assign to Organization"
- Select the same organization that the old device was assigned to
Step 5: Configure the Device Deployment Method
If you have a firewall in your network, you need to choose the appropriate deployment method for the new Zyxel device.
Nebula Native Mode (Recommended):
- Navigate to "Organization-wide" and select "Network-wide Settings"
- Click on "Deployment Method" and choose "Nebula Native Mode"
- Save the settings to apply Nebula Native Mode to the new device.
ZTP Mode (if Nebula Native Mode is not available):
- Connect a PC locally to Port 4 (P4) and your WAN connection to Port 2 (P2) of the new device.
- Log in to Nebula Cloud Center and go to "Site-wide" select "Monitor" and then "Devices"
- Locate the new device and click on "Firewall" settings.
- Select "ZTP Process" and follow the provided instructions to complete the ZTP configuration.
If you have any problems with the ZTP process, please look at this article:
Nebula CC - Register a USG FLEX & ATP gateway in Nebula Control Center [ZTP]
Step 6: Verify Device Online Status
- Allow some time for the new device to come online (maximum 5 minutes) and establish a connection to Nebula
- Cloud Center. Check the device's online status in the "Devices" section to ensure it is functioning correctly.
Congratulations! You have successfully exchanged a Zyxel device in Nebula Cloud Center, and the new device is now fully operational within your organization's network.
Comments
0 comments
Please sign in to leave a comment.