The USG FLEX series and ATP series can be managed in the traditional on-premise mode or through our Nebula Cloud Solution. The cloud management brings many benefits for remote management, troubleshooting, monitoring and easiness of setup, but also includes some limitations in features supported. This article shows the features that are not yet support on the Nebula cloud mode.
1. Features not yet supported on Cloud mode
2.When it's best to keep my device running on-premise mode?
1.Features not yet supported on Cloud mode
The following are the feature not yet supported by the USG FLEX and ATP series Firewalls when managed on the cloud.
| Category | Features | Devices | Notes | |
| Security Service | Firewall | H.323 NAT traversal | All | |
| Unified Security Policy | SSL inspection | All | ||
| Policy criteria: zone, user | ||||
| IPS | Support allowlist (whitelist) to deal with false positives involving known benign activity | All | ||
| Support rate-based IPS signatures to protect networks against application-based DoS and brute force attacks | ||||
| SSL inspection | ||||
| Inspection on various protocols - HTTPs/FTPs/SMTPs/POP3s/IMAPs | ||||
| Customizable signature & protection profile | ||||
| Sandboxing | SSL inspection | ATP only | ||
| Anti-Malware | SSL inspection | All | ||
| E-mail Security | Transparent mail interception via SMTP and POP3 protocols | All | Cloud email security option available | |
| Spam, Phishing, mail detection | ||||
| Block and Allow List support | ||||
| Supports DNSBL checking | ||||
| Geo Enforcer | IPv6 address support | All | ||
| Device Insight | Agentless Scanning for discovery and classification of devicess | All | ||
| Provide the dashboard to view all devices on the network, including wired, wireless, BYOD, IoT, and SecuExtender (remote endpoint) | ||||
| Extended view of the inventory on SecuReporter | ||||
| Visibility of network devices (switches, wireless access points, firewalls) from Zyxel or 3rd party vendors | ||||
| VPN | IPSec VPN | GRE over IPSec | All | |
| SSL VPN | Supports Windows and macOS | All | ||
| Supports full tunnel mode | ||||
| Supports 2-Factor authentication | ||||
| Networking | WLAN Management | All Features | Nebula Cloud itself provides WLAN management | |
| Mobile Broadband | All Features | Mobile routers to be supported on Nebula in 1H 2022 | ||
| IPv6 Support | All Features | |||
| Connection | Bridge mode and hybrid mode | All | ||
| Policy-based routing (user-aware) | ||||
| GRE | ||||
| Dynamic routing (RIPv1/v2 and OSPF, BGP) | ||||
| Bandwidth limit per user | ||||
| Link Aggregation | ||||
| Device HA/PRO | ||||
| Management | Authentication | Local Users | All | Nebula Cloud Authentication server available |
| System Management | Command line interface (console, web console, SSH and telnet) | All | Remote Access SSH possible from Nebula PRO Pack | |
| System configuration rollback | ||||
| Configuration auto backup | Site-wide firewall backup provided by Nebula PRO Pack | |||
| Firmware upgrade via Web GUI | Firmware management from Nebula Control Center | |||
| Cloud CNM SecuManager | ||||
2. When it's best to keep my device running on-premise mode?
Nebula Cloud mode brings a lot of easiness to the management of the devices, but it might not be the solution for everyone. Here are the points to consider when on-premise mode is best for you:
- If a feature mentioned above is essential
- When the granularity of feature setup from on-premise mode is needed
- When you have a complex setup already deployed on-premise. Switching to on-cloud mode does not carry over the existing setting on-premise mode.
- For more details, please check our article: Should I migrate to a Cloud-based Nebula management system?
Comments
0 comments
Please sign in to leave a comment.