Nebula [Replace/Swap] - replace/swap devices in Nebula and what you should know

This article will guide you through the process of replacing a device in Nebula. It will cover the steps to replace the device, outline the configurations that need to be reconfigured, and highlight the configurations that can remain unchanged after successfully swapping your device due to an RMA or exchange.

  • What needs to be re-config when replacing the device in Nebula?

Firewall

Note! This table is true if you change your firewall to the same firewall (e.g. USG FLEX 500 to USG FLEX 500), and not if you change to a new model (e.g. USG FLEX 500 to ATP200)

Section Configuration Needs re-config
Site-wide -> Devices -> Firewall Firewall Name Yes
Site-wide -> Configure -> Firewall -> Port Port Group No
Site-wide -> Configure -> Firewall -> Interface WAN interface, LAN/VLAN interface No
Site-wide -> Configure -> Firewall -> Routing Policy Route/Traffic Shaping, Static Route, WAN load balancing No
Site-wide -> Configure -> Firewall -> NAT Virtual Server, 1:1 NAT No
Site-wide -> Configure -> Firewall -> Site-to-Site VPN Site-to-Site VPN, Non-Nebula VPN peers No
Site-wide -> Configure -> Firewall -> Remote VPN Domain name, IPSec VPN Server, L2TP over IPSec No
Site-wide -> Configure -> Firewall -> Security Policy Security Policy, Anomaly Detection and Prevention, Session Control No
Site-wide -> Configure -> Firewall -> Security Service Content Filter, Application Patrol, DNS/URL Threat Filter, IP Reputation, Sandboxing, Intrusion Prevention System (IPS) No
Site-wide -> Configure -> Firewall -> Captive Portal Captive Portal No
Site-wide -> Configure -> Firewall -> Authentication Method Network Access No
Site-wide -> Configure -> Firewall -> Firewall Settings DNS, Dynamic DNS, Authentication Server, Wallet Garden No

 

Switch

Section Configuration Needs re-config
Site-Wide -> Monitor -> Switch -> "Switch Name" Configuration (Switch Name), Status (IP Configuration, DNS Configuration Yes
Site-Wide -> Devices -> Switches -> Switch Name -> Port x Port Name, Tags, Port enable, RSTP, STP Guard, LLDP, Link Port isolation, IPSG Protected, Bandwidth Control, Loop guard, Storm Control, Type, Management Control, PVID, Allowed VLANs, IPTV Settings Yes
Site-wide -> Configure -> Switches -> ACL Management Rules, Customization Rules No
Site-wide -> Configure -> Switches -> IP & Routing IP Interface, Static Route No
Site-wide -> Configure -> Switches -> ONVIF Discovery ONVIF Configuration No
Site-wide -> Configure -> Switches -> Advanced IGMP  IGMP Configuration No
Site-wide -> Configure -> Switches -> Authentication Authentication Server, Authentication Policy No
Site-wide -> Configure -> Switches -> PoE Schedules PoE Schedule No
Site-wide -> Configure -> Switches -> Switch Settings Auto-configuration recovery, VLAN configuration (Management VLAN only), STP Configuration, Quality of Service, Voice VLAN etc.  No

 

Access Point

Section Configuration Needs re-config
Site-Wide -> Monitor -> Access Points -> "AP Name" Configuration (AP Name), Status (IP Configuration, DNS Configuration Yes
Site-wide -> Configure -> WiFi SSID Settings WiFi Name, WiFi Settings, Guest Network No
Site-wide -> Configure -> Access Points -> SSID Advanced Settings Network Access, Traffic Options, Advanced Settings No
Site-wide -> Configure -> Access Points -> Captive Portal Customization Themes, Click-to-continue/Voucher/sign-on page, External Captive Portal URL, Captive Portal Behavior No
Site-wide -> Configure -> Access Points -> SSID Availability SSID Availability, SSID Schedule No
Site-wide -> Configure -> Access Points -> Radio Settings Country, Maximum Output Power, Channel width, DCS setting, Smart Steering, WLAN Rate Control No
Site-wide -> Configure -> Access Points -> Radio Settings -> Edit (AP List - 2,4/5/6GHz Radios) Radio mode, Channel, Channel Width, Maximum Output power, Airtime Fairness, Smart Steering (all parameters per AP) Yes
Site-wide -> Configure -> Access Points -> Traffic Shaping  WLAN Traffic Shaping  No
Site-wide -> Configure -> Access Points -> Security Service  Application Visibility & Optimization, Threat Protection No
Site-wide -> Configure -> Access Points -> AP Port Settings General Setting, Load Balancing, Port Setting No
Site-wide -> Configure -> Access Points -> AP Port Settings -> Edit (AP List) Enabled, PVID, Allowed VLANs Yes

 

Save Configuration via Configuration Management

Configuration synchronization allows you to easily copy configurations from one site or Nebula Device to another. Use this screen to synchronize the configuration between sites or switch ports. You can also back up the current configurations for sites or switches to the NCC and restore the configuration at a later date

You may clone a site configuration to a new site, clone a particular switch configuration to another switch in the same site, via the Backup & Restore section of the "Configuration management" settings

Replace/Swap a Device in Nebula

Note: Before proceeding with the device exchange, ensure you have the owner privileges to perform actions within the NCC

Go to Organization-wide -> Administrators

Step 1: Remove the Old Device from the Organization

Go to Organization-wide -> License & inventory -> Devices
  • Locate the old device that you wish to swap and mark it
  • Click on "Actions" and then choose "Remove from Organization"
  • Confirm the action by clicking "Yes" when prompted

Step 2: Swap the Device Physically

  • Physically replace the old Zyxel device with the new one

  • Ensure that you have the serial number and MAC address of the new device, or alternatively, use the Nebula mobile application to scan the QR code on the new device to retrieve the required information

Step 3: Add the New Device to the Organization

  • In Nebula Cloud Center, go to "Organization-wide" and select "License & Inventory"
  • Choose "Devices" and click on the "Add Device" button
  • Enter the serial number and MAC address of the new device, or scan the QR code using the Nebula mobile application
  • Follow the on-screen instructions to complete the device registration process
Go to Organization-wide -> License & inventory -> Devices

 

Step 4: Assign the New Device to the Organization

  • Once the new device is successfully added, go to the "Devices" list under "License & Inventory"
  • Locate the newly added device and ensure it is selected
  • Click on "Actions" and choose "Assign to Organization"
  • Select the same organization that the old device was assigned to

 

Step 5: Configure the Device Deployment Method

If you have a firewall in your network, you need to choose the appropriate deployment method for the new Zyxel device.

Nebula Native Mode (Recommended):

  • Navigate to "Organization-wide" and select "Network-wide Settings"
  • Click on "Deployment Method" and choose "Nebula Native Mode"
  • Save the settings to apply Nebula Native Mode to the new device.

ZTP Mode (if Nebula Native Mode is not available):

  • Connect a PC locally to Port 4 (P4) and your WAN connection to Port 2 (P2) of the new device.
  • Log in to Nebula Cloud Center and go to "Site-wide" select "Monitor" and then "Devices"
  • Locate the new device and click on "Firewall" settings.
  • Select "ZTP Process" and follow the provided instructions to complete the ZTP configuration.

If you have any problems with the ZTP process, please look at this article: 

Nebula CC - Register a USG FLEX & ATP gateway in Nebula Control Center [ZTP]

Step 6: Verify Device Online Status

  • Allow some time for the new device to come online (maximum 5 minutes) and establish a connection to Nebula
  • Cloud Center. Check the device's online status in the "Devices" section to ensure it is functioning correctly.

Congratulations! You have successfully exchanged a Zyxel device in Nebula Cloud Center, and the new device is now fully operational within your organization's network.

 

 

Articles in this section

Was this article helpful?
3 out of 5 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.