We will describe below steps you can take if your nebula access point is not coming online in nebula.
1. Check the LED status of the device.
Upon the first installation, NAPs should right away perform a firmware upgrade, you will be able to notice the LED blinking rapidly in either Red or Amber color. You can refer to the user guide in online documents in NCC to see the LED behavior of different models which you can determine the next items to check.
2. Check connectivity status in local GUI
Access the local GUI by typing the IP of your NAP or by default IP 192.168.1.2 if no DHCP server is in the network.
Here you can find 4 status indicating the following information.
Ethernet: The LAN connection to the gateway
Internet: The connection to 126.96.36.199 will determine connected or not
Nebula Connectivity Status: Indicates the connection to Nebula connectivity server.
Activation Status: Whether or not the device has been registered.
3. Check firewall settings
On NCC , in Help> Security policy information , enlists the ports required for nebula devices to be online and work properly.
TCP 6667 / 4335 Port used for device netconf connection and management to Nebula Control Center.
TCP 443: Port for users to access HTTPS websites in this case Nebula control center webpage,with PCs or laptops.
UDP 123: Port for NTP time sync, Nebula devices requires to synchronize a universal time, the feedback from Nebula devices to the server and also statistical information greatly requires a correct time kept on the devices.
4.Check the Routing to Nebula Servers
In the case for access points to have internet connection but not connecting to Nebula servers, you can trace route to the domain of Nebula connectivity server to know which part of the traffic stopped or if it's possible to reach. Our servers are hosted by Amazon Web Services (AWS), so if the trace route is possible to reach any Amazon domains or routers, then the connection should be good.
The domain for our servers are
Connectivity Server: d.nebula.zyxel.com
a. Open cmd, type "nslookup d.nebula.zyxel.com" for the DNS to resolve the IPs of the domain
b. Trace route any of the IP, ex: tracert 188.8.131.52
c. After the routes have been shown, find the available IP of last few hops for example. 184.108.40.206, and query them online to see which company/org. own the router. If you see Amazon IPs, then you’ll know the routing to the server should be good to reach AWS.
Note. Ping is not able to get the response from the server as they will be discarded.
If all the requirements for Nebula devices are met, should you be able to see the access points online and configurable in Nebula Control Center.