Site-wide
Monitor
Use the Monitor menus to check the dashboard, summary report, map and floor plan, network topology and client list of the Nebula Devices for the selected site.
Dashboard
If a site is created and selected, the Dashboard is always the first menu you see when you log into the NCC. You can also click Site-wide > Monitor > Dashboard to access this screen.
It shows the status and information for all types of Nebula Devices connected to the selected site by default.
The banner N Switches are currently protected by Auto Configuration Recovery will display when the Nebula Switch(es) is locked by NCC. Click N Switches to go to Switch > Monitor > Switches for more information.Click Customize to show the Widget, Reset and Close buttons. You can then rearrange widgets by selecting a block and holding it to move around. You can also click the Widget button to collapse, add and close individual widgets. Click Reset to return the widget settings to the defaults.
Site-Wide > Monitor > Dashboard
The following table describes the labels in this screen.
Label | Description |
|---|---|
AP Status | This shows the number of assigned and connected Nebula access points, and what percentage of the access points become overloaded, that is, the number of online access points that exceed the maximum client device number (in Access Point > Configure > Traffic shaping) by total number of online access points in the site. |
Wireless Clients | This shows the number of WiFi clients currently connected to the managed access points. |
Switch Status | This shows the number of Nebula Switches assigned and connected, and what percentage of the Switches become overloaded, that is, the number of online Nebula Switches that exceed 70% of their upstream bandwidth by total number of online Nebula Switches in the site. |
PoE Power | This shows the total PoE power budget on the Switch and the current amount of power consumed by the powered devices. |
Appliance Status | This shows the number of Nebula Security Appliances assigned and connected, and what percentage of the Security Appliance’s processing capability is currently being used if the CPU goes over 93% usage. |
WAN Utilization | This shows the data rate of inbound/outbound traffic in Kbps (kilobits per second) or Mbps (megabits per second) that has been transmitted through the WAN interface. If the Security Appliance supports multiple WAN interfaces and more than one are active, use the arrow to switch and view the throughput of each WAN interface. |
Security Alert | This shows the total number of the latest alerts sent to the administrator in the last 24 hours. |
Mobile router | This shows the number of Nebula mobile routers assigned and connected. |
Appliance Network Applications | This shows the top ten applications used by the Nebula Security Appliance in the past 24 hours. |
Appliance Clients (by Usage) | This shows the top five clients of the Nebula Security Appliance with the highest percentage of bandwidth usage in the past 24 hours. |
Wireless Clients | This shows the number of WiFi clients connected (clients of the access points only). |
SSIDs (by Usage) | This shows the top five SSIDs with the highest percentage of bandwidth usage in the past 24 hours. You can click a WiFi network name to go to the Access Point > Monitor > Summary report screen. |
Wireless Clients (by Usage) | This shows the top five WiFi clients (clients of the access points only) with the highest percentage of bandwidth usage in the past 24 hours. You can click a client’s name to go to the Access Point > Monitor > Clients: Client list screen. |
Wireless Clients Manufacturer | This shows the top five manufacturers of WiFi client devices in the past 24 hours. You can click a manufacturer name to go to the Access Point > Monitor > Clients screen and view the client devices which are made by the manufacturer. |
Hit for Collaborative Detect & Response | This shows the total number of malicious traffic detected from wired and WiFi clients that are blocked and quarantined using Collaborative Detection & Response (CDR) in the past 7 days. |
Wireless Clients OS | This shows the top five operating systems used by WiFi client devices in the past 24 hours. You can click an operating system to go to the Access Point > Monitor > Clients screen and view the client devices which use this operating system. |
APs (by Usage) | This shows the top five managed access points with the highest percentage of bandwidth usage in the past 24 hours. This also shows the number of WiFi clients associated with the access points. You can click an access point’s name to go to the Access Point > Monitor > Access Points: AP Details screen. |
AP Traffic | This shows the usage statistic of the top ten applications used in the site in the past 24 hours. |
AP Google Map | This shows the locations of access points on the Google map. |
Hit for Threat Protection by CNP Service | This shows the total number of times packets coming from an IPv4 address with a bad reputation occur and the number of times connection attempts to an IPv4 address with a bad reputation occur in the past 24 hours. |
Clients
This screen shows a list of all wired and WiFi clients connected to Nebula Devices (access points, Switches, Security Appliances, Security Firewalls, mobile routers) in the site. You can also block or allow clients. Click Site-Wide > Monitor > Clients to access this screen.
Site-Wide > Monitor > Clients > Client list
The following table describes the labels in this screen.
Label | Description |
|---|---|
Client list | Select to filter the list of clients, based on what type of Nebula Device (access point, Switch, Security Appliance, Security Firewall, Mobile Router) the client is connected to. You can also set a time; the list shows each client’s connection status in the past two hours or past 24 hours. |
 | Click this button to reload the data-related frames on this page. |
Show all clients | Click this to show all clients that have been online during the selected time period. |
Show policy clients | Click this to show clients that have a white-listed or blocked policy applied to them, regardless of when they were last online. The client’s usage data is calculated according to the selected time period. |
Policy | Select the clients from the table below, and then choose the security policy that you want to apply to the selected clients. Choose one of the following policies, then click Apply policy. • Allow list: The selected clients to bypass captive portal authentication. • Block list: The selected clients cannot connect to the site. How a client is blocked depends on the connected Nebula Device type selected under Client list. AP: The client is blocked by MAC address from connecting to any AP in the site. Switch: The client is blocked by MAC address from sending or receiving network traffic. Gateway: The Security Appliance will not route traffic for the client’s IP address. • To specific SSID: Selectively apply captive portal authentication to specific SSIDs on an AP. • Normal: The selected clients have no policies applied to them. |
Search clients | Specify your desired filter criteria to filter the list of clients. |
N clients | This shows the number of clients (N) connected to the gateway in the site network. |
Export | Click this button to save the client list as a CSV or XML file to your computer. |
General fields | |
Select an entry’s check box to select a specific client. Otherwise, select the check box in the table heading row to select all clients. | |
Status | This shows whether the client is online (green) or offline (red), and whether the client is wired or wireless. • Clients connected to an Access Point are reported as wireless. • Clients connected to a Switch or Security Appliance are reported as wired. |
Description | This shows the descriptive name of the client. By default, this is the client’s MAC address. The client description can be obtained through the following: • User customized description • Hostname detected from client’s LLDP (Link Layer Discovery Protocol) System Name • Hostname detected from the Nebula-managed access point • Hostname detected from the Nebula-managed Security Appliance. Click the name to display the individual client statistics. See wireless: WiFi Client Details and wired: Wired Client Details. |
Connected to | This shows the name of the Nebula Device to which the client is connected in this site. Click the Nebula Device name to display the screen where you can view detailed information about the Nebula Device. |
MAC address | This shows the MAC address of the client. Click the MAC address to display the individual client statistics. See wireless: WiFi Client Details and wired: Wired Client Details. |
IPv4 address | This shows the IPv4 address of the client. By default, the field is blank. The client IPv4 address can be obtained through the following: • IPv4 address detected from client’s LLDP (Link Layer Discovery Protocol) Management Address • IPv4 address detected from the Nebula-managed access point • IPv4 address detected from the Nebula-managed Security Appliance. |
First seen | This shows the first date and time the client was discovered over the specified period of time. |
Last seen | This shows the last date and time the client was discovered over the specified period of time. |
Manufacturer | This shows the manufacturer of the client hardware. |
Policy | This shows the security policy applied to the client. |
Note | This shows additional information about the client. |
 | Click this icon to display a greater or lesser number of configuration fields. |
WiFi Client Details
Click a WiFi client entry in the Site-Wide > Monitor > Clients > Clients list screen to display individual client statistics.
Site-Wide > Monitor > Clients > Clients list: WiFi Client Details
The following table describes the labels in this screen.
Label | Description |
|---|---|
Status | This shows whether the client is online (green), or goes offline (red). It also shows the last date and time the client was discovered. |
SSID | This shows the name of the Access Point’s WiFi network to which the client is connected. |
Connected to | This shows the name of the Nebula managed Access Point to which the client is connected. Click the name to display the individual Access Point statistics. See Access Point Details. |
Signal | This shows the RSSI (Received Signal Strength Indicator) of the client’s WiFi connection, and an icon showing the signal strength. Icon default thresholds: • Green/5 blocks: signal is greater than –67 dBm, strong signal • Amber/4 blocks: signal –67 to –73 dBm, average signal • Amber/3 blocks: signal –74 to –80 dBm, below average signal • Red/2 blocks: signal is less than –80 dBm, weak signal |
Security | This shows the encryption method used to connect to the Access Point. |
Captive portal | This shows the web authentication method used by the client to access the network. |
User | This shows the number of users currently connected to the network through the client device. |
Manufacturer | This shows the manufacturer of the device connected to the Access Point. |
OS | This shows the operating system running on the client device, if known. |
Capability | This shows the WiFi standards supported by the client or the supported standards currently being used by the client. |
Note | This shows additional information for the client. Click the edit icon to change it. |
History | Click Event log to go to the Access Point > Monitor > Event log screen. |
Map | This shows the location of the client on the Google map. |
Period | Select to view the statistics in the past two hours, day, week or month. |
Pan | Click to move backward or forward by two hours or one day. |
y-axis | The y-axis shows the transmission speed of data sent or received by the client in kilobits per second (Kbps). |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Network | |
IPv4 address | This shows the IP address of the client. |
MAC address | This shows the MAC address of the client. If you applied a security policy to a client using the Add client button in the Access Point > Monitor > Clients screen, and the client has never been connected to the Access Point’s network, an edit icon appears allowing you to modify the client’s MAC address, |
VLAN | This shows the ID number of the VLAN to which the client belongs. |
Ping | Click the button to ping the client’s IP address from the Nebula AP to test connectivity. |
Loss rate | This shows the rate of packet loss when you perform ping. |
Average latency | This shows the average latency in ms when you perform ping. |
Wired Client Details
Click a wired client’s descriptive name in the Site-Wide > Monitor > Clients > Clients list screen to display individual client statistics.
Site-Wide > Monitor > Clients > Clients list: Wired Client Details
The following table describes the labels in this screen.
Label | Description |
|---|---|
Client | Click the edit icon to change the client name. |
Status | This shows whether the client is online (green) or offline (red). It also shows the last date and time the client was discovered, and whether the client is wired or wireless. |
Connected to | This shows the name of the Security Appliance to which the client is connected. |
Manufacturer | This shows the manufacturer of the client device. |
Note | Enter information about this Nebula Device, for yourself or for other administrators. |
LLDP information | This shows the LLDP (Link Layer Discovery Protocol) information received from the remote device. |
Network | |
IPv4 address | This shows the IPv4 address of the client. |
MAC address | This shows the MAC address of the client. |
VLAN | This shows the VLAN ID for this client. |
Port | This shows the port number of the Nebula Device the client is connected. |
Ping | Click the button to ping the client’s IP address from the gateway to test connectivity. This button is grayed-out when client is not assigned an IP address. |
WiFi Aid
The WiFi Aid screen displays the number of WiFi clients that cannot connect to an AP(s) in a site. It also displays the number of WiFi clients who cannot authenticate in a hotspot (captive portal) or who have timed out.
Use this screen to identify connection problems between WiFi clients and supported AP(s). Click Site-Wide > Monitor > Clients > WiFi Aid to access this screen.
This feature is available if you have the Nebula Pro Pack license only.After a WiFi client successfully connects to the Nebula Device, NCC will not count past connection failures.Site-Wide > Monitor > Clients > WiFi Aid
The following table describes the labels in this screen.
Label | Description |
|---|---|
WiFi Aid | Select a Time range. The overview will show all WiFi clients’ connection issues in the Last hour, Last 12 hours, Last 24 hours, or Custom range (from 15 minutes to one day). Select to filter the overview of the client’s WiFi connection issues based on one AP WiFi network (SSID), or all WiFi networks (All SSIDs, default). Select to filter the overview of all WiFi clients’ connection issues based on one AP tag, or All tags (default). This is the tag you create in Access point > Monitor > Access points. |
Client devices affected by connection problems | This chart displays the number of WiFi clients with the following connection problems. • Wireless failures. This displays the number of WiFi clients that failed association to an AP or failed authentication. • DHCP failures. This displays the number of WiFi clients that failed to receive an IP address due to DHCP failure/timeout with the DHCP server. • DNS failures. This displays the number of WiFi clients that failed DNS query due to DNS timeout from a DNS server. |
Client devices affected by captive portal problems | This chart displays the number of WiFi clients that failed hotspot authentication. This includes entering the wrong user credentials or an authentication timeout. |
Connection issues by SSID | This table displays the number of WiFi clients with WiFi connection/DHCP client/DNS failures in each WiFi network. The list displays the WiFi network with the most connection failures first, in descending order. Clicking the hyperlink in the # Clients affected by connection problems column will direct you to the Site-wide > Monitor > Connection log screen. See Connection Log for more information on this screen. |
Connection issues by client | This table displays the number of WiFi clients with failed connection attempts (WiFi connection/DHCP client/DNS failures – numerator) over the number of total connection attempts (denominator). The list displays the WiFi client with the most connection failures first, in descending order. Clicking the hyperlink in the Client device column will direct you to the Site-wide > Monitor > Client: Client device screen. See Clients for more information on this screen. Clicking the numerator hyperlink in the # Failed/total connections column will direct you to the Site-wide > Monitor > Connection log screen. See Connection Log for more information on this screen. |
Connection issues by access point | This table displays the number of WiFi clients with WiFi connection/DHCP client/DNS failures in each access point. The list displays the access point with the most connection failures first, in descending order. Clicking the hyperlink in the # Clients affected by connection problems column will direct you to the Site-wide > Monitor > Connection log screen. See Connection Log for more information on this screen. |
Captive portal login issues by client | This table displays the list of WiFi clients with the corresponding number of failed hotspot authentication. The list displays the WiFi client that failed hotspot authentication the most number of times first, in descending order. Clicking the hyperlink in the Client device column will direct you to the Site-wide > Monitor > Client: Client device screen. See Clients for more information on this screen. Clicking the hyperlink in the # Failed authentication column will direct you to the Site-wide > Monitor > Connection log screen. See Connection Log for more information on this screen. |
Connection Log
Use this screen to view all related event logs between Access Points and WiFi clients, and DHCP logs of Nebula Security Appliances (NSG, ZyWALL USG FLEX, ATP, and USG20(W)-VPN). Association, Authentication, Disconnection, and DHCP event logs that occur are summarized in chronological order to aid in troubleshooting. Click Site-Wide > Monitor > Clients > Connection log to access this screen.
This feature is available for Nebula Pro Pack license only.Site-Wide > Monitor > Clients > Connection log
The following table describes the labels in this screen.
Label | Description |
|---|---|
Clients list | Select a time; the list shows each client’s event logs in the past hour, last 12 hours, last day, or custom range (from 15 minutes to one day within the last month). Select to filter the list of client’s event logs based on the SSID, or All SSIDs (default). Select to filter the list of client’s event logs based on the AP, or All APs (default). Select to filter the list of client’s event logs, based on the event type (Association, Disconnection, DHCP server, Wireless failed connection, DHCP client, DNS failure, Captive portal) that occurred, or All event types (default). Select the client, or All clients (default). |
Connection time | This shows the starting time period from which the event log is recorded. |
Connected to | This shows the name (if available) or MAC address of the connected client. |
Event type | This shows the event type (Association, Authentication, Disconnection, DHCP server, Wireless failed connection, DHCP client, DNS failure, Captive portal) that occurred. |
Detail issue | This shows a summary of the Access Points and Security Appliances (NSG, USG FLEX, ATP, and USG20(W)-VPN) event logs in chronological order. |
Containment List
This screen shows a list of clients that are currently blocked in the site by the CDR security service. You can use this screen to release blocked clients. Click Site-Wide > Monitor > Containment list to access this screen.
Site-Wide > Monitor > Containment list
The following table describes the labels in this screen.
Label | Description |
|---|---|
Search | Enter a MAC or IP address to filter the list of clients. |
Time | This field displays the date and time CDR contained this client. |
IP address | This field displays the IPv4 address of the client contained by CDR. |
MAC address | This field displays the MAC address of the client contained by CDR. |
User | This field displays the user name of a client contained by CDR who has been authenticated for Internet access. The field is blank if user authentication is not required. |
Event type | This field displays details on the category of signature that triggered CDR: Web Filtering, Anti-Malware or IPS (IDP). |
Containment | This field displays if the client is blocked, quarantined or just triggers an alert. |
Time Remaining (mins.) | This field displays the amount of time left until this client is released by CDR. |
Connect to | This field displays the description of the Access Point or the interface of the Nebula Device that the contained client is connected to. |
Release/Add to Exempt List | |
Release | Select a client and then click this to release this client device from CDR containment. |
Add to Exempt List | Select a client, select an IPv4 address or MAC address, and then click OK to release this client device from CDR containment. This client device’s IP or MAC address is exempt from future CDR checking. |
Map & Floor Plans
This screen allows you to locate a Nebula Device on the world map and use a floor plan to show where Nebula Devices are physically located. Click Site-Wide > Monitor > Map & floor plans to access this screen.
Site-Wide > Monitor > Map & floor plans
Place devices on map
You can mark on the map the places where the Nebula Devices are located. Click the Place device on map tab to display the Nebula Device list for the selected site. Click the arrow (
) on the upper left corner of the Map & floor plans screen to collapse or expand the list.
) on the upper left corner of the Map & floor plans screen to collapse or expand the list.Click the Placed button to show the Nebula Devices that you have pinned on the map and/or the floor plan. Click the Un-placed button to show the Nebula Devices that remain to be pinned on the map. To pin a Nebula Device, select the Nebula Device from the Un-placed list, then drag and drop it on the map.
The pin icon next to a Nebula Device name is green (
) if you have marked the Nebula Device on the map. Otherwise, the pin icon is gray (
). Click the 
icon to remove a Nebula Device from the map.
) if you have marked the Nebula Device on the map. Otherwise, the pin icon is gray (). Click the icon to remove a Nebula Device from the map.Site-Wide > Monitor > Map & floor plans: Place device on map
Edit floor plans
Click the Edit floor plans tab to display the list of existing floor plan, a drawing that shows the rooms scaled and viewed from above. Click the arrow () on the upper left corner of the Map & floor plans screen to collapse or expand the list.
) on the upper left corner of the Map & floor plans screen to collapse or expand the list.Use the Create+ button to upload a new floor plan. The floor plan then shows on the Google map at the right side of the screen. Use your mouse to move the floor plan, and use the icons at the top of the map to rotate, change the transparency, resize or hide the floor plan. Click Set position to apply your changes. If you want to relocate the floor plan, select the floor plan from the list and click its edit icon.
Site-Wide > Monitor > Map & floor plans: Edit floor plans
The following table describes the labels in this screen.
Label | Description |
|---|---|
Floor plan | This shows the descriptive name of the floor plan. |
Devices | This shows the number of Nebula Devices marked on this floor plan. |
 | Click this icon to open a screen, where you can modify the name, address and/or dimension of the floor plan. |
 | Click this icon to delete the floor plan. |
Topology
Use this screen to view the links between Nebula Devices in the site. Click Site-Wide > Monitor > Topology to access this screen.
The icon of a node in the network topology indicates its Nebula Device type and the color shows whether the Nebula Device is online (green), has alerts (amber), or is offline (red).
Move the pointer over a node to view detailed Nebula Device information, such as its name, model number, number of connected clients, and MAC address. Click Reboot to restart the Nebula Device.
Move the pointer over a link to view link details, such as type (Ethernet or wireless mesh), speed, and data usage from the past 24 hours. If the link is supplying power to a node using Power over Ethernet (PoE), you can click Reset to perform a power cycle on the port. This action temporarily disables PoE and then re-enables it, in order to reboot connected PoE devices.
Enable Label all devices to show Nebula Device information, such as MAC address in the network topology diagram.
Enable Show redundant links to display the secondary connection between two nodes, if any.
Enable Show other devices to also display the Nebula Devices that are connected to your network but cannot be identified by the NCC. This on/off switch is configurable only when there is a non-Nebula Device installed in the network and detected by the NCC through LLDP packets.
Zyxel device is a device manufactured by Zyxel but not registered at the NCC or unable to work in Nebula cloud management mode.
Site-Wide > Monitor > Topology
Vouchers
A voucher is a unique printable code that allows a user to authenticate with a WiFi network for a limited period of time. A user connects to the WiFi network’s SSID and then enters the code in a captive portal. After a successful login, the expiry time of the voucher starts counting down.
Vouchers are useful in situations where you want to give individual users time-limited WiFi access. For example: A customer can purchase a voucher for 2 hours of Internet access in a hotel or coffee shop.
You can only enable voucher authentication for one SSID per site.Using Vouchers
1 Go to Access Point > Configure > SSID settings, and create a dedicated SSID for voucher-based WiFi access. For example, “Hotel_Guest_Network”.
For details on configuring SSIDs, see SSID Settings.
For details on configuring SSIDs, see SSID Settings.
2 Go to Access Point > Configure > Authentication, select the SSID, and then under Sign-in method select Voucher.
For details, see SSID Advanced Settings.
For details, see SSID Advanced Settings.
3 Go to Site-wide > Configure > General settings > Voucher settings to configure how the vouchers will look when printed.
For details, see General Settings.
For details, see General Settings.
4 Go to Site-Wide > Monitor > Vouchers, and then click Create to create one or more vouchers.
Vouchers Screen
This screen allows you to create and manage vouchers for WiFi network authentication.
Click Site-Wide > Monitor > Vouchers to access this screen.
Site-Wide > Monitor > Vouchers
The following table describes the labels in this screen.
Label | Description |
|---|---|
Reset | Select one or more vouchers and then click this button to reset the vouchers back to their original states. Each voucher’s status is set to Unused and time remaining is reset to the time configured in Duration. |
Delete | Select one or more vouchers and then click this button to delete the vouchers. |
Print | Select one or more vouchers and then click this button to print the vouchers. You can modify how vouchers look when printed at Site-wide > Configure > General settings. |
Search | Use this field to search for vouchers, by voucher code, duration, and/or status. |
Create | Click this button to create one or more vouchers. For details, see Create Vouchers Screen. |
Export | Click this button to export the voucher table and all information in it to a CSV or XML file. |
Voucher | This displays the voucher’s unique authentication code. |
Comments | This displays information about the voucher. |
Duration | This displays how long the voucher is valid from when it is activated, in hours. |
Remaining | This displays how much time is left before the voucher expires. NCC only starts counting this time after the voucher has been activated. |
Expire in | This displays the date and time that the voucher will expire. |
Status | This displays the current status of the voucher: Unused: The voucher has not yet been used for authentication. Active: A user has used the voucher for authentication. NCC has started counting down the duration. Expire: The voucher has reached the end of its duration period and can no longer be used. Delete: The voucher is unused and has reached the time set under Purge after (days). NCC automatically deletes vouchers with the status Expire or Delete after 24 hours. You can see a history of these automatic deletions in the NCC event log. |
Created | This displays the date and time that the voucher was created. |
Create Vouchers Screen
Use this screen to create one or more new vouchers.
Site-Wide > Monitor > Vouchers > Create
The following table describes the labels in this screen.
Label | Description |
|---|---|
Quantity | Sets the number of vouchers you want to create. The valid range for this setting is 1 – 999. |
Code length | Sets the length of the unique code on each voucher. The valid range for this setting is 6 – 10. |
Comment | Enter information about the voucher that might be useful for other administrators. |
Duration (hours) | Sets how long the voucher is valid after it has been activated, in hours. The valid range for this setting is 1 – 72. |
Purge after (days) | Sets how long a non-activated voucher is valid for, in days. The valid range for this setting is 1 – 180. |
Print after created | Select this to print the vouchers immediately after clicking Create. |
Save as default | Click this to make the settings on this page the default settings for new vouchers. |
Dynamic Personal Pre-Shared Keys (DPPSKs) also allow you to give individual users a printable password and time-limited WiFi access. For details, see SSID Advanced Settings.Cloud Intelligence Logs
This screen displays events from the Security Appliance within the selected site, such as CDR service events, alerts, and firmware management.
Click Site-Wide > Monitor > Cloud intelligence logs to access this screen.
Site-Wide > Monitor > Cloud intelligence logs
The following table describes the labels in this screen.
Label | Description |
|---|---|
Feature | Select the features that you want to view logs for. |
Keyword | Enter a keyword to filter the list of log entries. |
Category | Select the type of log messages you want to view. The available categories will depend on the features you have selected under Feature. |
Range/Before | Select filtering options, set a date, and then click Search to filter log entries by date. Range: Display log entries from the first specified date to the second specified date. Before: Display log entries from the beginning of the log to the selected date. |
Reset filters  | Click this to return the search criteria to the previously saved time setting. |
Search | Click this to update the list of logs based on the search criteria. |
Newer/Older | Click to sort the log messages by most recent or oldest. |
N Logs | This shows the number of log messages (N) in the list. |
Export | Click this button to download the log list as a CSV or XML file to your computer. |
Time | This shows the date and time when the log was recorded. It uses the local time set for the site at Site-wide > Configure > General settings. |
Feature | Select the feature that created the log message. |
Category | This shows the type of log message, for example “Block”. The available categories will depend on the feature. |
Detail | This shows the details of the event. Click the Nebula Device name link for an Auto configuration recovery alert to go to Switch > Monitor > Switches: Switch Details screen for more information. |
| Click this icon to display a greater or lesser number of configuration fields. |
Summary Report
Use this screen to view statistics for the Nebula Devices and networks in the selected site.
Click Site-wide > Monitor > Summary report to access this screen.
Site-wide > Monitor > Summary report
The following table describes the labels in this screen.
Label | Description |
|---|---|
Summary report | Select to view the report for the past day, week or month. Alternatively, select Custom range... to specify a time period the report will span. You can also select the number of results you want to view in a table. |
Email report | Click this button to send summary reports by email, change the logo and set email schedules. |
Top devices by usage | |
This shows the index number of the Nebula Device. | |
Name | This shows the descriptive name of the Nebula Device. You can click the name to view the Nebula Device details. |
Model | This shows the model number of the Nebula Device. |
Usage | This shows the amount of data that has been transmitted by or through the Nebula Device. |
Client | This shows the number of clients currently connected to the Nebula Device. |
Location This shows the location of the site’s gateway device on the map. | |
Top SSIDs by usage | |
# | This shows the ranking of the SSID. |
SSID | This shows the SSID network name. |
Encryption | This shows the encryption method use by the SSID network. |
# Client | This shows how many WiFi clients are connecting to this SSID. |
% Client | This shows what percentage of associated WiFi clients are connecting to this SSID. |
Usage | This shows the total amount of data transmitted or received by clients connecting to this SSID. |
% Usage | This shows the percentage of usage for the clients connecting to this SSID. |
Top switches by power usage | |
# | This shows the ranking of the Nebula Switch. |
Name | This shows the descriptive name of the Nebula Switch. |
Model | This shows the model number of the Nebula Switch. |
Power Usage | This shows the total amount of power consumed by the Nebula Switch’s connected PoE devices during the specified period of time. |
Ethernet power | This graph shows power used by all PoE Switch ports in the site within the specified time, in Watts. |
Avg | This shows the average power consumption for all Switch ports. |
Max | This shows the maximum power consumption of the Switch ports. |
Min | This shows the minimum power consumption of the Switch ports. |
y-axis | The y-axis shows how much power is used by all Switches in the site, in Watts. |
x-axis | The x-axis shows the time period over which power consumption is recorded. |
Applications
This screen displays usage statistics for applications used in the site. An application can be a specific app or service (for example, Facebook) or a general protocol (for example, HTTP). You can also block or restrict bandwidth for applications at the gateway, and for multiple applications by category.
Click Site-Wide > Monitor > Applications to access this screen.
You can view this screen by application or by category.Site-Wide > Monitor > Applications: Application View
Site-Wide > Monitor > Applications: Category View
The following table describes the labels in this screen.
Label | Description |
|---|---|
Applications | In Application view, select to view all applications of Nebula Security Appliances / Nebula Access Points, or only applications with bandwidth or block policies applied to Nebula Security Appliances. In Category view, select to view all applications of Nebula Security Appliances / Nebula Access Points only. Select to view the report for the past day or week. Alternatively, select Custom range... to specify a time period the report will span. You can also select the number of results you want to view in a table. |
| Click this button to reload the data-related frames on this page. |
Category View / Application View | Click this button to view statistics by application or category. |
y-axis | The y-axis shows the total amount of data used by applications or categories in the site. |
x-axis | The x-axis shows the time period over which the data usage occurred. |
Keyword | Enter a keyword to filter the list of log entries. |
N applications/categories | This shows the number of applications/categories (N) in the list. |
Application/Category-View Fields | |
Status | This shows whether the application or category is blocked or allowed within the current site. |
Application | This shows the application name. |
Category | This shows the name of the category to which the application belongs. Click this field in Category view to see all applications in the category. |
Bandwidth limit | This shows the bandwidth restriction policy for the application. |
Usage | This shows the amount of data consumed by the application, or all applications in the category. |
% Usage | This shows the percentage of usage for the application or category. |
Limit | Click this to limit the bandwidth for the application on the site’s gateway. You can apply the restrictions per gateway interface, or for all interfaces. |
Configure
Use the Configure menus to set the general and email alert settings for the selected site, or register a new Nebula Device and assign it to the site.
General Settings
Use this screen to change the general settings for the site, such as the site name, Nebula Device login password, captive portal reauthentication, SNMP, AP traffic logs to a Syslog server, traffic logs to SecuReporter, WiFi network authentication voucher settings, and API access for DPPSK third-party integration. Click Site-Wide > Configure > General settings to access this screen.
Site-Wide > Configure > General settings
The following table describes the labels in this screen.
Label | Description |
|---|---|
Site Information | |
Site name | Enter a descriptive name for the site. |
Local time zone | Choose the time zone of the site’s location. |
Site location | Enter the complete address or coordinates (physical location) of the Nebula Devices in the site. All newly added Nebula Devices will automatically use this as the default address and location on the Google map. You can edit each Nebula Device’s location on the Google map. |
Configuration template | The name of the template that the site is bound to is shown here. Click Unbind to release the site from using the configuration template. The site which is unbound from the template still retains the settings applied from the template. |
Device configuration | |
Local credentials | The default password is generated automatically by the NCC when the site is created. You can specify a new password to access the status page of the Nebula Device’s built-in web-based configurator. The settings here apply to all Nebula Devices in this site. |
Smart guest/VLAN network | Click On to enable this feature. This allows the NCC to check if the VLAN ID and guest network settings are consistent on the APs and Security Appliance in the same site to ensure guest network connectivity. The guest settings you configure for a gateway interface (in Security Gateway > Configure > Interface addressing) will also apply to the WiFi networks (SSIDs) associated with the same VLAN ID (in Access Point > Configure > SSID settings). For example, if you set a gateway interface in VLAN 100 as a guest interface, the SSID that belongs to VLAN 100 will also act as a guest network. |
Captive portal reauthentication | |
For my AD server users | Select how often the user (authenticated by an AD server) has to log in again. |
For my RADIUS server users | Select how often the user (authenticated by a RADIUS server) has to log in again. |
For click-to-continue users | Select how often the user (authenticated through the captive portal) has to log in again. |
For cloud authentication users | Select how often the user (authenticated using the NCC user database) has to log in again. |
SNMP | |
SNMP access | Select V1/V2c to allow SNMP managers using SNMP to access the Nebula Devices in this site. Otherwise, select Disable. |
SNMP community string | This field is available when you select V1/V2c. Enter the password for the incoming SNMP requests from the management station. |
Reporting | |
Syslog server | Click Add to create a new entry. |
Server IP | Enter the IP address of the server. |
Types | Select the type of logs the server is for. Besides sending Gateway traffic log to a Syslog server, you can also set the Security Appliance (through its Web Configurator) to save a copy of the logs to a connected USB storage device. Gateway traffic log includes the traffic information (such as its source, destination or usage) of the Security Appliance clients. |
Action | Click the Delete icon to remove the entry. |
AP traffic log | Log traffic for access points in the site that have NAT mode enabled. You can also send the logs to a Syslog server, by selecting AP traffic log under Syslog server > Types. For details on configuring NAT mode, see SSID Advanced Settings. |
SecuReporter | Click On to enable this feature. This allows the NCC to send traffic logs to SecuReporter. Disable this option if you have configured sending of traffic logs to an external syslog server. |
Voucher settings | Use these settings to configure how WiFi network authentication vouchers for this site look when printed.  For more information on vouchers, see Vouchers. |
Duration Text | Sets the text that proceeds the duration on the voucher. The text must consist of 1 – 16 characters. |
Access Text | Sets the text that proceeds the access code on the voucher. The text must consist of 1 – 16 characters. |
Show image | Sets whether to display an image at the top-left of the voucher. This image is optional. |
Promotion Text | Sets the promotional text on the voucher. This text is optional. The text must consist of 1 – 64 characters. |
Promotion URL | Sets the promotional URL on the voucher. This URL is optional. The URL is displayed as a QR code on the voucher. |
Voucher image | This shows the uploaded image that will be displayed at the top-left of the voucher. |
Upload an image | Click this button to upload an image from your local computer. The Choose File button appears. Click this button to locate the PNG (preferred for its transparency) / JPEG/GIF image file. The maximum image file size is 200 KB. |
Replace this image | Click this button to change the uploaded image. |
Remove this image | Click this button to delete the uploaded image. |
API access | API access allows third-party software to integrate with the DPPSK feature in NCC. For more information, please contact Zyxel. |
API token | Generate an API token for DPPSK third-party integration. |
Generate | Click this button to create a new API key. |
Copy | Click this button to copy the API key to the system’s clipboard. |
Delete | Click this button to delete the API key. |
Collaborative Detection & Response
Collaborative Detection & Response (CDR) allows you to detect wired and WiFi clients that are sending malicious traffic in your network and then block or quarantine traffic coming from them. In this way, malicious traffic is not spread throughout the network. Secure policies can block malicious traffic for specific traffic flows, but CDR can block malicious traffic from the sender. Malicious traffic is identified using a combination of Web Filtering, Anti-Malware and IPS (IDP) signatures.
To use the CDR feature, a Gold/UTM Security Pack license and a Nebula Pro Pack license is required.The following table shows the CDR feature with/without a Gold/UTM Security Pack license.
cdr | without Gold/utm security pack | with gold/utm security pack | after gold/utm security pack expires |
|---|---|---|---|
With Nebula Pro Pack | CDR will not function. CDR settings will be grayed-out. | CDR full functionality. | CDR will disable its full functionality. • CDR fields in an “Enabled/Disabled” state will show “Enabled/Disabled” but grayed-out. • The Policy rule settings, Quarantine VLAN, and Exempt list will be kept in Site-wide > Configure > Collaborative detection & response. • Previously quarantined clients will be released. |
With Nebula Base/Plus Pack | CDR will not function. CDR settings will be grayed-out. | User is notified that CDR is with partial functionality only. • CDR event detection is available • CDR triggered events are logged in the Site-wide > Monitor > Cloud intelligent logs • Containment actions (Alert/Block/Quarantine) is not available • Previously blocked/quarantined clients will be released in Site-wide > Monitor > CDR > Containment list. | CDR will disable its full functionality. • CDR fields in an “Enabled/Disabled” state will show “Enabled/Disabled” but grayed-out. • The Policy rule settings, Quarantine VLAN, and Exempt list will be kept in Site-wide > Configure > Collaborative detection & response. • Previously quarantined clients will be released. |
Site-Wide > Configure > Collaborative Detection & Response
The following table describes the labels in this screen.
Label | Description |
|---|---|
Collaborative detection & response | |
Enable | Select this check box to activate Collaborative Detection & Response. Make sure you have active Web Filtering, Anti-Malware, IPS (Intrusion Prevention System), and CDR (Collaborative Detection & Response) licenses. |
Policy | |
Category | Category refers to the signature type that identified the malicious traffic: Malware (Anti-Malware, Anti-Virus), IDP (IPS), and Web Threat (Content Filtering and URL Threat Filtering). |
Event Type | This displays some details on the category of malicious traffic detected. |
Occurrence (1–100) | Enter the number of security events that need to occur within the defined Duration to trigger a CDR Containment action. |
Duration (1–1440) | Enter the length of time in minutes the event should occur from a client the Occurrence number of times to trigger a CDR Containment action. For example, Occurrence is set to 10, and Duration is set to 100. If the NCC detects 10 or more occurrences of malicious traffic in less than 100 minutes, then CDR Containment is triggered. |
Containment | Select the action to be taken when the number of security events exceed the threshold within the defined duration. Alert: Select this if you just want to issue a notification in NCC. Block: Select this if you want to block traffic from a suspect client at the NCC, or from a suspect WiFi client at the AP connected to the NCC. Traffic is still broadcast to other clients in the same subnet. A ‘notification’ web page is displayed when this action is triggered. Quarantine: Select this if you want to isolate traffic from a suspect client at the NCC in a quarantine VLAN. Traffic is not broadcast to other clients in the same subnet. A ‘notification’ web page is displayed to the client when this action is triggered. |
Containment | Use this section to configure the selection containment action. |
General | |
Theme | Configure the CDR block page. • Click the Preview icon at the upper right corner of a theme image to display the block page in a new frame. • Click the Copy icon to create a new custom theme (block page). |
Logo | This shows the logo image that you uploaded for the customized block page. Click Choose File and specify the location and file name of the logo graphic or click Browse to locate it. You can use the following image file formats: GIF, PNG, or JPG. File size must be less than 200 KB, and images larger than 244 x 190 will be resized. |
Notification message | Enter the message that is displayed on the CDR block page. The client is redirected here when a Block or Quarantine action is triggered. For example, “Malicious traffic is coming from your device so traffic is temporarily stopped. Please contact the network administrator.” Redirect external URL: Enter a URL in “http://domain” or “https://domain” format to an external notification page. The client is redirected here when a Block or Quarantine action is triggered. Make sure the external notification page is accessible from the NCC. |
Redirect external URL | Enable this setting, and then enter a URL in “http://domain” or “https://domain” format to an external notification page. The client is redirected to this page when a Block or Quarantine action is triggered. You can download a sample block page by clicking Download. The external notification page must be accessible from NCC. |
Containment Period | Enter how long the client should be blocked or quarantined. This should be at least twice the DHCP server lease time in order to prevent false positives. |
Block | Enter how long a suspect client should be blocked or quarantined. You can enter from 1 minute to 1 day (1,440 minutes). 0 means the suspect is blocked forever until released in Monitor > CDR > Containment List. |
Block wireless client | Select this to have traffic from the suspect client blocked at the AP. Clear this to have traffic from the suspect client blocked at the NCC. |
Quarantine | |
Quarantine VLAN | Click Set to configure a VLAN in order to isolate traffic from suspect clients. Traffic from a suspect client is broadcast to all members in the VLAN. |
Exempt list | Enter IPv4 and /or MAC addresses of client devices that are exempt from CDR checking. |
Quarantine Interface Configuration
Click Set at Site-Wide > Configure > Collaborative detection & response > Containment > Quarantine to configure the VLAN and interface used to isolate a client when a quarantine action is triggered. The following screen appears.
Only IPv4 addresses can be used in quarantine VLANs.Site-Wide > Configure > Collaborative detection & response > Containment > Quarantine
Each field is explained in the following table.
Label | Description |
|---|---|
Interface Properties | |
Interface Name | This field is read-only. The default name is “Quarantine”. |
Port group | Select the name of the port group to which you want the interface to belong. |
Base Port | Select the Ethernet interface on which the VLAN interface runs. |
VLAN ID | Enter the VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1 – 4094. (0 and 4095 are reserved) |
IP address assignment | This is a 3-bit field within a 802.1Q VLAN tag that is used to prioritize associated outgoing VLAN traffic. “0” is the lowest priority level and “7” is the highest. |
IP address | Enter the IP address for this interface. |
Subnet mask | Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network. |
DHCP Server | |
Get Automatically | Enter the IP address from which the Security Appliance begins allocating IP addresses. If you want to assign a static IP address to a specific computer, click Add new under Static DHCP Table. |
IP pool start address | Enter the IP address from which the Security Appliance begins allocating IP addresses for this VLAN. |
Pool size | Enter the total number of IP addresses the DHCP server will hand out. |
OK | Click OK to save your changes back to the NCC. |
Cancel | Click Cancel to exit this screen without saving. |
Alert Settings
Use this screen to set which alerts and reports are created and emailed. You can also set the email addresses to which an alert is sent. Click Site-Wide > Configure > Alert settings to access this screen.
NCC’s Smart Alert Engine uses knowledge of network topology and cross-device functionality to only generate alerts for unexpected events. This helps avoids unnecessary emails and notifications.For example, an Access Point is receiving power from a PoE switch. If the Access Point loses power because its Ethernet cable is disconnected, NCC generates an alert. If the Access Point loses power because the Switch has a PoE schedule that disables power to the Access Point, NCC does not generate an alert.
Site-Wide > Configure > Alert settings
The following table describes the labels in this screen.
Label | Description |
|---|---|
Recipient | |
All site administrators | Select this to send alerts to all site administrators for the current site. |
Custom email addresses | Enter the email addresses to which you want to send alerts. |
Notification Type | For each alert, you can set how to receive alert notifications: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • In-app Push: Alert notifications are sent to site administrators who are logged into the Nebula Mobile app. This type of notification is not available for some features. • Both: Alert notifications are sent by email and app notification. • Disabled: No alerts are sent. |
Show additional recipients | Add additional user accounts who will receive email and in-app notifications for the alert. |
System Alerts | |
Wireless | Specify how long in minutes the NCC waits before generating and sending an alert when an AP becomes offline. |
Switches | Specify how long in minutes the NCC waits before generating and sending an alert when a port or a Switch goes offline. |
Security Appliance | Select the check box to have the NCC generate and send an alert by email when the following events occur: • A Security Appliance goes offline. • Any DHCP pool on the Security Appliance runs out of IP addresses. • A VPN connection to or from the Security Appliance is established or disconnected. • The WAN connectivity status changed. |
Mobile router | Specify how long in minutes the NCC waits before generating and sending an alert when a mobile router goes offline. |
Other | Specify whether to send an alert each time configuration settings are changed. |
Security alerts | |
CDR containment | Specify whether to send an alert each time a CDR block or containment action is triggered. |
Security Report | |
Notification mode | Select whether to receive email security reports from SecuReporter. |
Email subject | Enter an email title here. |
Email description | Enter a description of the emails to be sent here. For example, maybe these emails are just for high severity events. |
Notification interval | Specify how often to receive a SecuReporter report. If no security events were triggered, SecuReporter will not send a report. |
Event severity | Select the severity level of events that will be included in each report. |
Event threshold | This table lists the events that trigger SecuReporter security alerts. For some events, you can set the alert threshold. For example, X count(s) of malware/virus attack within 5 minutes means SecuReporter includes a report in the email if the total number of combined malware and virus detection events exceed X within a 5 minute time period. |
Add Devices
Use this screen to register a Nebula Device and add it to the site. Click Site-Wide > Configure > Add devices to access this screen.
You have to contact Zyxel customer support if you need to change the Nebula Device owner at myZyxel or remove an Organization from the NCC. Please configure your Nebula Device owners and organizations carefully. See also License & Inventory.Site-Wide > Configure > Add devices
The following table describes the labels in this screen.
Label | Description |
|---|---|
Add to this site | Click this button to assign the selected Nebula Devices to the site. If you have selected a Security Firewall (see Supported Nebula Devices for a list of Security Firewalls), a pop-up window for you to select the deployment method appears. See Step 7: Set up the Deployment Method for more information. |
Search | Enter a keyword to filter the list of Nebula Devices by device name, serial number, MAC address, or model. |
N devices | This shows the number of registered Nebula Devices (N) which have not been assigned to a site. |
+ Add | This button is available only for an organization administrator or site administrator that has full access. Click this button to pop up a window where you can enter a Nebula Device’s serial number, MAC address, and name to register it at the NCC. For details, see Add Devices Screen. You can also schedule the firmware upgrade for the Nebula Device during registration. For details, see Firmware Upgrade Screen. |
Device name | This shows the descriptive name of the Nebula Device. |
Serial number | This shows the serial number of the Nebula Device. |
MAC address | This shows the MAC address of the Nebula Device. |
Model | This shows the model name of the Nebula Device. |
Registered On | This shows the time and date that the Nebula Device was added to NCC. |
Firmware Management
Use this screen to schedule a firmware upgrade. You can make different schedules for different types of Nebula Devices in the site or create a schedule for a specific Nebula Device. Click Site-Wide > Configure > Firmware management to access these screens.
Firmware Management Overview Screen
Use this screen to schedule a firmware upgrade for each Nebula Device type. You can make different schedules for different types of Nebula Devices in the site. Click Site-wide > Configure > Firmware management > Overview to access this screen.
Site-Wide > Configure > Firmware management > Overview
The following table describes the labels in this screen.
Label | Description |
|---|---|
Access Point / Switch / Firewall or Security Gateway / Mobile Router | |
Upgrade available | This shows the status of the Nebula Device’s firmware in your site. • Up to date is displayed if all the Nebula Device(s) of a particular type (for example, all Switches) in your site are using the latest firmware version. • Upgrade available is displayed if there is firmware update available for any of the Nebula Device(s) of a particular type in your site. Click Applicable devices to see a table list of your Nebula Device(s) that can receive this upgrade.  • Locked is displayed if all the Nebula Device(s) of a particular type (for example, all Switches) in your site are using a specific version of firmware that Zyxel customer support is monitoring for troubleshooting. • No devices is displayed if there is no Nebula Device of a particular type (for example, Mobile Router) registered in your site. |
Settings | Create a schedule for each Nebula Device type. The following Upgrade policy are available: • Select Auto upgrade at to create a recurring schedule. With a recurring schedule, NCC will check and install the firmware when a new firmware release is available for each Nebula Device type. • Select Upgrade at to install the firmware at a specific date and time (up to 1 month from now) when firmware update is available for each Nebula Device type. Due to network bandwidth and number of Nebula Devices per site, not all Nebula Devices may get the firmware upgrade on the specified date/time.This field’s setting will change to the Auto upgrade at schedule after performing the firmware update. • Select Upgrade now to immediately install the firmware for each Nebula Device type. Then select the Firmware type (Stable or Latest (default)). This button is selectable only when there is firmware update available. This field’s setting will return to it’s previous setting (Auto upgrade at or Ignore upgrade) after performing the firmware update.• Select Ignore upgrade if you choose not to install the firmware. NCC will still perform a mandatory upgrade if the Nebula Device’s firmware have security vulnerabilities, and/or lack key performance improvements.When the schedule for Auto upgrade at is earlier than the mandatory upgrade schedule, then the Auto upgrade at schedule has priority. |
Firmware type | Set the type of firmware to be installed for each Nebula Device type. • Select Stable to install a firmware that may not have the latest features but has passed Zyxel internal and external testing. • Select Latest to install the most recently release firmware with the latest features, improvements, and bug fixes. • Select General Availability to install a firmware release before Latest, but is still undergoing Zyxel external testing. • Select Dedicated to install the firmware version for Nebula Device issue monitoring by Zyxel support. • Select Beta to install a release version for testing the latest features and is still undergoing Zyxel internal and external testing. This field is hidden when Ignore upgrade is selected in Settings.We generally recommend updating to the Latest firmware type so that you get the latest features, improvements, and bug fixes. All firmware releases are thoroughly tested internally by our engineers. If your requirements are such that you prefer fewer updates, go with the Stable firmware type. |
Firmware Management Devices Screen
Use this screen to make different firmware upgrade schedules for different types of Nebula Devices in the site. Click Site-wide > Configure > Firmware management > Devices to access this screen.
While installing a firmware update, the Nebula Device will continue to operate normally until it reboots. The reboot will take 3 to 5 minutes, so it is best to pick an upgrade time that has minimal impact on your network.Site-Wide > Configure > Firmware management > Devices
The following table describes the labels in this screen.
Label | Description |
|---|---|
Upgrade Now | Click this to immediately install the firmware on the selected Nebula Devices. This button is selectable only when there is firmware update available for all the selected Nebula Devices. Then, select the Firmware type to be installed. • Select Stable to install a firmware that may not have the latest features but has passed Zyxel internal and external testing. • Select Latest to install the most recently release firmware with the latest features, improvements, and bug fixes. |
Schedule Upgrade | Click this to pop up a window where you can create a new schedule for the selected Nebula Devices. You can select to upgrade firmware according to the site-wide schedule configured for the Nebula Device type in the site, create a recurring schedule, edit the schedule with a specific date and time when firmware update is available for all the selected Nebula Devices, or immediately install the firmware. With a recurring schedule, the NCC will check and perform a firmware update when a new firmware release is available for any of the selected Nebula Devices. If the NCC service is downgraded from Nebula Professional Pack to Nebula Base, the Nebula Devices automatically changes to adhere to the side-wide schedule. |
Reset | Select one or more Nebula Devices, and then click Reset to allow the Nebula Devices to follow the site-wide firmware management settings. |
Status | This shows the status of the Nebula Device. • Green: The Nebula Device is online and has no alerts. • Amber: The Nebula Device has alerts. • Red: The Nebula Device is offline. • Gray: The Nebula Device has been offline for 7 days or more. |
Device type | This shows the type of the Nebula Device. |
Model | This shows the model number of the Nebula Device. |
Tag | This shows the tag created and added to the Nebula Device. |
Name | This shows the descriptive name of the Nebula Device. |
MAC address | This shows the MAC address of the Nebula Device. |
S/N | This shows the serial number of the Nebula Device. |
Current version | This shows the version number of the firmware the Nebula Device is currently running. It shows N/A when the Nebula Device goes offline and its firmware version is not available. |
Firmware status | The status shows Good if the Nebula Device is running a stable firmware and no immediate action is required. The installed firmware does not have the latest features but provides the smoothest operation. The status shows Warning if a newer firmware is available and immediate action is recommended. The newer firmware may contain security enhancements, new features, and performance improvements. The status shows Critical if a newer firmware is available and immediate action is required. The firmware may have security vulnerabilities and/or lack key performance improvements. The status shows Custom if the Nebula Device is running a firmware with specialized features that is not available to the general public. The status changes to Upgrading... after you click Upgrade Now to install the firmware immediately. |
Firmware type | This shows Stable when the installed firmware may not have the latest features but has passed Zyxel internal and external testing. This shows Latest when the installed firmware is the most recent release with the latest features, improvements, and bug fixes. This shows General Availability when the installed firmware is a release before Latest, but is still undergoing Zyxel external testing. This shows Dedicated when the installed firmware is locked and Zyxel support is monitoring. Contact Zyxel customer support if you want to unlock the firmware in order to upgrade to a later one. This shows Beta when the installed firmware is a release version for testing the latest features and is still undergoing Zyxel internal and external testing. This shows N/A when the Nebula Device is offline and its firmware status is not available. |
Availability | This shows whether the firmware on the Nebula Device is Up to date, there is firmware update available for the Nebula Device (Upgrade available), or a specific version of firmware has been installed by Zyxel customer support (Locked). Contact Zyxel customer support if you want to unlock the firmware in order to upgrade to a later one. |
Upgrade scheduled | This shows the date and time when a new firmware upgrade is scheduled to occur. Otherwise, it shows Follow upgrade time and the Nebula Device sticks to the site-wide schedule or No when the firmware on the Nebula Device is up-to-date or the Nebula Device goes offline and its firmware status is not available. A lock icon displays if a specific schedule is created for the Nebula Device, which means the Nebula Device firmware will not be upgraded according to the schedule configured for all Nebula Devices in the site. |
Last upgrade time | This shows the last date and time the firmware was upgraded on the Nebula Device. |
Schedule upgrade version | This shows the version number of the firmware which is scheduled to be installed. |
| Click this icon to display a greater or lesser number of configuration fields. |
Cloud Authentication
Use this screen to view and manage the user accounts which are authenticated using the NCC user database, rather than an external RADIUS server. Click Site-wide > Configure > Cloud authentication to access these screen.
The changes you made in this screen apply only to the current site. To change the cloud authentication settings for all sites in the organization, go to Organization-wide > Configure > Cloud Authentication (see Cloud Authentication).For more information on user account types, see User Account Types.Cloud Authentication User Screen
Use this screen to view and manage regular NCC network user accounts. Click Site-wide > Configure > Cloud Authentication > User to access this screen.
Site-wide > Configure > Cloud Authentication > User
The following table describes the labels in this screen.
Some of the actions on this screen are only available if your administrator account has full access to the organization.Label | Description |
|---|---|
Authorization | Select one or more than one user account and click this button to configure the authorization settings for the selected user accounts. |
Remove users | Select one or more than one user account and click this button to remove the selected user accounts. |
VPN access | Select one or more than one user account and click this button to configure whether the accounts can be used to connect to the organization’s networks through VPN. |
VLAN attribute | Select one or more than one user account and click this button to assign the users to a specific VLAN ID, or clear the VLAN ID. Then click Update.  |
Print | Click this button to print information about each selected user account, such as their user name and password. |
Search users | Enter a key word as the filter criteria to filter the list of user accounts. |
N User | This shows how many user accounts (N) match the filter criteria and how many user accounts of the selected type are created in total. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file. |
Add | Click this button to create a new user account. See Cloud Authentication MAC Screen. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
Email | This shows the email address of the user account. |
Username | This shows the user name of the user account. |
Description | This shows the descriptive name of the user account. |
802.1X | This shows whether 802.1X (WPA-Enterprise) authentication is enabled on the account. |
VPN access | This shows whether the accounts can be used to connect to the organization’s networks through VPN. |
Authorized | This shows whether the user has been authorized in this site or not. |
Expire in (UTC) | This shows the date and time that the account expires. This shows -- if authentication is disabled for this account. This shows Never if the account never expires. This shows Multiple value if the account has different Expire in values across different sites. |
Login by | This shows whether the user needs to log in with the email address and/or user name. |
DPPSK | This shows the account’s dynamic personal pre-shared key (DPPSK), if one is set. |
VLAN assignment | This field is available only when the account type is set to User. This shows the VLAN assigned to the user. |
2FA Status | This shows whether the account has set up two-factor authentication yet. |
Bypass 2FA | This shows whether the account is allowed to bypass two-factor authentication, if two-factor authentication is enabled on a captive portal or VPN gateway. |
Authorized by | This shows the email address of the administrator account that authorized the user. If the account has been authorized by different administrators across different sites, it shows Multiple value. |
Created by | This shows the email address of the administrator account that created the user. |
Created at | This shows the date and time that the account was created. |
| Click this icon to display a greater or lesser number of configuration fields. |
Cloud Authentication MAC Screen
Use this screen to view and manage Nebula Device user accounts, used for MAC-based authorization. Click Site-wide > Configure > Cloud Authentication > MAC to access this screen.
Site-wide > Configure > Cloud Authentication > MAC
The following table describes the labels in this screen.
Some of the actions on this screen are only available if your administrator account has full access to the organization.Label | Description |
|---|---|
Authorization | Select one or more than one account and click this button to configure the authorization settings for the selected user accounts. |
Remove users | Select one or more than one user account and click this button to remove the selected user accounts. |
Search users | Enter a key word as the filter criteria to filter the list of user accounts. |
N User | This shows how many user accounts (N) match the filter criteria and how many user accounts of the selected type are created in total. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file. |
Add | Click this button to create a new user account. See Cloud Authentication DPPSK Screen. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
Email | This shows the email address of the user account. |
MAC address | This shows the MAC address of the user account. |
Description | This shows the descriptive name of the user account. |
Account type | This shows the type of user account: USER, MAC, or DPPSK. |
Authorized | This shows whether the user has been authorized in this site or not. |
Authorized by | This shows the email address of the administrator account that authorized the user. If the account has been authorized by different administrators across different sites, it shows Multiple value. |
Expire in (UTC) | This shows the date and time that the account expires. This shows -- if authentication is disabled for this account. This shows Never if the account never expires. This shows Multiple value if the account has different Expire in values across different sites. |
Created at | This shows the date and time that the account was created. |
| Click this icon to display a greater or lesser number of configuration fields. |
Cloud Authentication DPPSK Screen
Use this screen to view and manage DPPSK network user accounts. Click Site-wide > Configure > Cloud Authentication > DPPSK to access this screen.
Site-wide > Configure > Cloud Authentication > DPPSK
The following table describes the labels in this screen.
Label | Description |
|---|---|
Authorization | Select one or more than one user account and click this button to configure the authorization settings for the selected user accounts. |
Remove users | Select one or more than one user account and click this button to remove the selected user accounts. |
Print | Click this button to print the unique dynamic personal pre-shared key (DPPSK) and expiry time of each selected user account. The account details can be cut into cards, and then given to users in order to grant them WiFi network access.  |
Search users | Enter a key word as the filter criteria to filter the list of user accounts. |
N Users | This shows how many user accounts (N) match the filter criteria and how many user accounts of the selected type are created in total. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file. |
Add | Click this button to create a single new account, or a batch of accounts. • Single DPPSK: See Add/Edit DPPSK Account. • Batch create DPPSK: See Batch Create DPPSK Accounts. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
Email | This shows the email address of the user account. |
Username | This shows the user name of the user account. |
Account type | This shows the type of user account: USER, MAC, or DPPSK. |
DPPSK | This shows the account’s dynamic personal pre-shared key (DPPSK). |
VLAN ID | This shows the VLAN assigned to the account. |
Description | This shows the descriptive name of the user account. |
Authorized | This shows whether the user has been authorized in this site or not. |
Expire in (UTC) | This shows the date and time that the account expires. This shows -- if authentication is disabled for this account. This shows Never if the account never expires. This shows Multiple value if the account has different Expire in values across different sites. |
Created by | This shows the email address of the administrator account that created the user. |
Created at | This shows the date and time that the account was created. |
| Click this icon to display a greater or lesser number of configuration fields. |