In this article, we are going to see the difference in standalone vs cloud management deployment for time-saving and ease of use. The firewall used in this example will be a USG FLEX 100.
VPN - L2TP for remote access over IPSec
Time for configuration in standalone: Approx. 15 minutes
L2TP for remote access in standalone should not be tricky or complicated but takes more time than using Nebula, our cloud-based management. Setting up manually includes several steps, for example; configuring the VPN gateway, adding users as objects and so on, guide for all the steps below:
USG FLEX/ATP/VPN - L2TP over IPSec VPN Configuration Handbook (On-Premise mode)
Time for configuration in Nebula: Approx. 2 minutes
Setting up L2TP for remote access in Nebula is easy and convenient. With just a few clicks you can get the VPN up and running. Navigate to the Remote access VPN menu and enable L2TP over IPSec VPN option.
The only mandatory fields to make your VPN work are to fill in your secret (Preshared Key) and Client VPN subnet. You only need to consider using a subnet that is not yet used anywhere else. See full guide for all steps and more information: USG FLEX Series in Nebula - Virtual Private Network (VPN)
NAT - Network Address Translation
Time for configuration in standalone: Approx 10-15 minutes
Creating NAT-rules in standalone involves more than just doing a traditional "port forwarding" on a typical router; creating address objects, creating firewall rules and creating the NAT-rule itself.
Please see all the steps below; if starting from scratch, the process is longer.
NAT-Rule-Configuration on a USG (Port Forwarding)
Time for configuration in Nebula: Approx. 3-5 minutes
Setting up NAT-rules with Nebula is fast and easy, there is no need to create address objects or firewall rules, as all this is handled by Nebula automatically. Please see the picture below for reference.
You need to specify the ports and IPs, which protocols are needed and optionally a description.
WAN Failover configuration
Time for configuration in standalone: 10-15 minutes
When setting up sites with multiple internet connections, you might need to configure a Failover in case one of the WAN connections drops. There are two ways to achieve this; trunk and policy routes (used in this example). Please see the article below for the full set-up of WAN failover.
WAN Failover on a USG with Policy Routes
Time for configuration in Nebula: 2 minutes
Setting WAN failover in Nebula is just a few clicks, navigate to:
Site-wide -> Configure -> Firewall -> Routing
And simply enable WAN load balancing, select your backup interface.
Please see below for a full guide and more information:
USG FLEX Series in Nebula - Routing and Traffic Shaping configuration
As we can see, using Nebula saves time, is easy to use and efficient!