Configure
Use the Configure menus to set the WiFi security settings for Nebula Devices of the selected site. Please click the following links to go to the respective Nebula Devices Configure menus.
• Access points (Section 5.3 on page 317)
• Switches (Section 6.3 on page 362)
• Security router (Section 7.3 on page 420)
• Mobile router (Section 10.2 on page 632)
• Firewall (Section 8.3 on page 474)
• Security gateway (Section 9.3 on page 584)
Alert Settings
Use this screen to set which alerts and reports are created and emailed. You can also set the email addresses to which an alert is sent. Click Site-wide > Configure > Alert settings to access this screen.
NCC’s Smart Alert Engine uses knowledge of network topology and cross-device functionality to only generate alerts for unexpected events. This helps avoids unnecessary emails and notifications.For example, an Access Point is receiving power from a PoE switch. If the Access Point loses power because its Ethernet cable is disconnected, NCC generates an alert. If the Access Point loses power because the Switch has a PoE schedule that disables power to the Access Point, NCC does not generate an alert.
Site-wide > Configure > Alert settings 
The following table describes the labels in this screen.
Label | Description |
|---|---|
Recipient | |
All site administrators | Select this to send alerts by email to all site administrators for the current site. |
Custom email recipient | Enter the email addresses to which you want to send alerts. |
System alerts | |
Alert Aggregation | Alert aggregation combines offline/online alerts within a 5 minutes time frame into a single alert notification when In-app push in the notification type is selected. |
Wireless | Specify how long in minutes (5/10/15/30/60) the NCC waits before generating and sending an alert when an AP becomes offline. For each alert, you can set how to receive alert notifications: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • In-app push: Alert notifications are sent to site administrators who are logged into the Nebula Mobile app. This type of notification is not available for some features. • Both: Alert notifications are sent by email and app notification. • Disable: No alerts are sent. |
Show additional recipients | Depending on your configuration on the notification type, add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
WiFi Aid | Specify how long (15/30 minutes / 1 hour) the NCC waits before generating and sending an alert. Select the items to have the NCC generate and send an alert by email when the following events has reached the threshold (maximum 999): • WiFi clients with failed connection attempts (WiFi connection / DHCP failures / DNS failures). • WiFi clients with failed WiFi connection attempts. • WiFi clients with DHCP failures. • WiFi clients with DNS failures. For each alert, you can set to receive alert notifications through email: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • Disable: No alerts are sent. |
Show additional recipients | Depending on your configuration on the notification type, add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
Switches | Specify how long in minutes (5/10/15/30/60) the NCC waits before generating and sending an alert when a port or a Switch or a stacking member goes offline, when the Switch temperature rises above the threshold, or the fan is functioning above the normal speed. For each alert, you can set how to receive alert notifications: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • In-app push: Alert notifications are sent to site administrators who are logged into the Nebula Mobile app. This type of notification is not available for some features. • Both: Alert notifications are sent by email and app notification. • Disable: No alerts are sent. |
Show additional recipients | Depending on your configuration on the notification type, add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
Security Appliance | Specify how long in minutes (5/10/15/30/60) the NCC waits before generating and sending an alert when a Security Appliance goes offline, there are more requests for IP addresses than what is available in the pool, a VPN connection is established or disconnected, or the WAN connection status has changed. For each alert, you can set how to receive alert notifications: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • In-app push: Alert notifications are sent to site administrators who are logged into the Nebula Mobile app. This type of notification is not available for some features. • Both: Alert notifications are sent by email and app notification. • Disable: No alerts are sent. |
Show additional recipients | Depending on your configuration on the notification type, add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
Mobile router /Accessory | Specify how long in minutes (5/10/15/30/60) the NCC waits before generating and sending an alert when a mobile router / accessory goes offline. For each alert, you can set how to receive alert notifications: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • In-app push: Alert notifications are sent to site administrators who are logged into the Nebula Mobile app. This type of notification is not available for some features. • Both: Alert notifications are sent by email and app notification. • Disable: No alerts are sent. |
Show additional recipients | Depending on your configuration on the notification type, add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
Other | Specify whether to send an alert each time configuration settings are changed. |
Show additional recipients | Depending on your configuration on the notification type, add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
Security alerts | |
CDR containment | Specify whether to send an email alert each time a CDR block or containment action is triggered. |
Show additional recipients | Add additional user accounts who will receive email notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email notifications for the alert. |
SecuReporter | |
Notification mode | For each alert, you can set how to receive alert notifications: • Email: Alert notifications are sent by email to configured administrators, custom email recipients, and additional recipients. • In-app push: Alert notifications are sent to site administrators who are logged into the Nebula Mobile app. This type of notification is not available for some features. • Both: Alert notifications are sent by email and app notification. • Disable: No alerts are sent. |
Show additional recipients | Add additional user accounts who will receive email and in-app notifications for the alert. |
Hide additional recipients | Do not show the additional user accounts who will receive email and/or in-app notifications for the alert. |
Email subject | Enter an email title here. |
Email description | Enter a description of the emails to be sent here. For example, maybe these emails are just for high severity events. |
Notification interval | Specify how often to receive a SecuReporter report. If no security events were triggered, SecuReporter will not send a report. |
Event severity | Select the severity level of events that will be included in each report. |
Event threshold | This table lists the events that trigger SecuReporter security alerts. You can set the alert threshold. For example, X count(s) of malware/virus attack within 5 minutes means SecuReporter includes a report in the email if the total number of combined malware and virus detection events exceed X within a 5 minute time period. |
Firmware Management
Use this screen to schedule a firmware upgrade. You can make different schedules for different types of Nebula Devices in the site or create a schedule for a specific Nebula Device. Click Site-wide > Configure > Firmware management to access these screens.
Firmware Management Overview Screen
Use this screen to schedule a firmware upgrade for each Nebula Device type. You can make different schedules for different types of Nebula Devices in the site. Click Site-wide > Configure > Firmware management > Overview to access this screen.
Site-Wide > Configure > Firmware management > Overview
The following table describes the labels in this screen.
Label | Description |
|---|---|
Access point / Switch / Security router / Firewall or Security Gateway / Mobile router / Accessory | |
Upgrade available | This shows the status of the Nebula Device’s firmware in your site. • Up to date is displayed if all the Nebula Device(s) of a particular type (for example, all Switches) in your site are using the latest firmware version. • Upgrade available is displayed if there is firmware update available for any of the Nebula Device(s) of a particular type in your site. Click Devices to see a table list of your Nebula Device(s) that can receive this upgrade.  • Locked is displayed if all the Nebula Device(s) of a particular type (for example, all Switches) in your site are using a specific version of firmware that Zyxel customer support is monitoring for troubleshooting. • No devices is displayed if there is no Nebula Device of a particular type (for example, Mobile Router) registered in your site. |
Settings | Create a schedule for each Nebula Device type. The following Upgrade policy are available: • Select Auto upgrade at to create a recurring schedule. With a recurring schedule, NCC will check and install the firmware when a new firmware release is available for each Nebula Device type. • Select Upgrade at to install the firmware at a specific date and time (up to 1 month from now) when firmware update is available for each Nebula Device type. Due to network bandwidth and number of Nebula Devices per site, not all Nebula Devices may get the firmware upgrade on the specified date/time.This field’s setting will change to the Auto upgrade at schedule after performing the firmware update. • Select Upgrade now to immediately install the firmware for each Nebula Device type. Then select the Firmware type (Stable or Latest (default)). This button is selectable only when there is firmware update available. This field’s setting will return to it’s previous setting (Auto upgrade at or Ignore upgrade) after performing the firmware update.• Select Ignore upgrade if you choose not to install the firmware. NCC will still perform a mandatory upgrade if the Nebula Device’s firmware have security vulnerabilities, and/or lack key performance improvements.When the schedule for Auto upgrade at is earlier than the mandatory upgrade schedule, then the Auto upgrade at schedule has priority. |
Firmware type | Set the type of firmware to be installed for each Nebula Device type. • Select Stable to install a firmware that may not have the latest features but has passed Zyxel internal and external testing. • Select Latest to install the most recently release firmware with the latest features, improvements, and bug fixes. This field is hidden when Ignore upgrade is selected in Settings.We generally recommend updating to the Latest firmware type so that you get the latest features, improvements, and bug fixes. All firmware releases are thoroughly tested internally by our engineers. If your requirements are such that you prefer fewer updates, go with the Stable firmware type. |
Firmware Management Devices Screen
Use this screen to make different firmware upgrade schedules for different types of Nebula Devices in the site. Click Site-wide > Configure > Firmware management > Devices to access this screen.
While installing a firmware update, the Nebula Device will continue to operate normally until it reboots. The reboot will take 3 to 5 minutes, so it is best to pick an upgrade time that has minimal impact on your network.Site-wide > Configure > Firmware management > Devices
The following table describes the labels in this screen.
Label | Description |
|---|---|
Upgrade Now | Click this to immediately install the firmware on the selected Nebula Devices. This button is selectable only when there is firmware update available for all the selected Nebula Devices. Then, select the Firmware type to be installed. • Select Stable to install a firmware that may not have the latest features but has passed Zyxel internal and external testing. • Select Latest to install the most recently release firmware with the latest features, improvements, and bug fixes.  |
Schedule Upgrade | Click this to pop up a window where you can create a new schedule for the selected Nebula Devices. You can select to upgrade firmware according to the site-wide schedule configured for the Nebula Device type in the site, create a recurring schedule, edit the schedule with a specific date and time when firmware update is available for all the selected Nebula Devices, or immediately install the firmware. With a recurring schedule, the NCC will check and perform a firmware update when a new firmware release is available for any of the selected Nebula Devices. If the NCC service is downgraded from Nebula Professional Pack to Nebula Base, the Nebula Devices automatically changes to adhere to the site-wide schedule.  |
Reset | Select one or more Nebula Devices, and then click Reset to allow the Nebula Devices to follow the site-wide firmware management settings. |
Status | This shows the status of the Nebula Device. • Green: The Nebula Device is online and has no alerts. • Amber: The Nebula Device has alerts. • Red: The Nebula Device is offline. • Gray: The Nebula Device has been offline for 7 days or more. |
Device type | This shows the type of the Nebula Device. |
Model | This shows the model number of the Nebula Device. |
Tag | This shows the tag created and added to the Nebula Device. |
Name | This shows the descriptive name of the Nebula Device. |
MAC address | This shows the MAC address of the Nebula Device. |
S/N | This shows the serial number of the Nebula Device. |
Current version | This shows the version number of the firmware the Nebula Device is currently running. It shows N/A when the Nebula Device goes offline and its firmware version is not available. |
Firmware status | The status shows Good if the Nebula Device is running a Stable / General Availability / Latest firmware type. The status shows Warning if the Nebula Device is running a firmware type older than Stable, a newer firmware is available, and immediate action is recommended. The newer firmware may contain security enhancements, new features, and performance improvements. The status shows Critical if the Nebula Device is running a firmware type older than Stable, a newer firmware is available, and immediate action is required. The firmware may have security vulnerabilities and/or lack key performance improvements. The status shows Custom if the Nebula Device is running a firmware with specialized features that is not available to the general public. The status changes to Upgrading... after you click Upgrade Now to install the firmware immediately. |
Firmware type | This shows Stable when the installed firmware may not have the latest features but has passed Zyxel internal and external testing. This shows Latest when the installed firmware is the most recent release with the latest features, improvements, and bug fixes. This shows General Availability when the installed firmware is a release before Latest, but is still undergoing Zyxel external testing. This shows Dedicated when the installed firmware is locked and Zyxel support is monitoring. Contact Zyxel customer support if you want to unlock the firmware in order to upgrade to a later one. This shows Beta when the installed firmware is a release version for testing the latest features and is still undergoing Zyxel internal and external testing. This shows N/A when the Nebula Device is offline and its firmware status is not available. |
Availability | This shows whether the firmware on the Nebula Device is Up to date, there is firmware update available for the Nebula Device (Upgrade available), or a specific version of firmware has been installed by Zyxel customer support (Locked). Contact Zyxel customer support if you want to unlock the firmware in order to upgrade to a later one. |
Upgrade scheduled | This shows the date and time when a new firmware upgrade is scheduled to occur. Otherwise, it shows Follow upgrade time and the Nebula Device sticks to the site-wide schedule or No when the firmware on the Nebula Device is up-to-date or the Nebula Device goes offline and its firmware status is not available. A lock icon displays if a specific schedule is created for the Nebula Device, which means the Nebula Device firmware will not be upgraded according to the schedule configured for all Nebula Devices in the site. |
Last upgrade time | This shows the last date and time the firmware was upgraded on the Nebula Device. |
Schedule upgrade version | This shows the version number of the firmware which is scheduled to be installed. |
 | Click this icon to display a greater or lesser number of configuration fields. |
Cloud Authentication
Use this screen to view and manage the user accounts which are authenticated using the NCC user database, rather than an external RADIUS server. Click Site-wide > Configure > Cloud authentication to access these screen.
The changes you made in this screen apply only to the current site. To change the cloud authentication settings for all sites in the organization, go to Organization-wide > Organization-wide manage > Cloud Authentication (see Configure).For more information on user account types, see User Account Types.Cloud Authentication User Screen
Use this screen to view and manage regular NCC network user accounts. Click Site-wide > Configure > Cloud Authentication > User to access this screen.
Site-wide > Configure > Cloud Authentication > User
The following table describes the labels in this screen.
Some of the actions on this screen are only available if your administrator account has full access to the organization.Label | Description |
|---|---|
Authorization | Select one or more than one user account and click this button to configure the authorization settings for the selected user accounts.  |
Remove users | Select one or more than one user account and click this button to remove the selected user accounts. |
VPN access | Select one or more than one user account and click this button to configure whether the accounts can be used to connect to the organization’s networks through VPN. |
VLAN attribute | Select one or more than one user account and click this button to assign the users to a specific VLAN ID, or clear the VLAN ID. Then click Update.  |
Search users | Enter a key word as the filter criteria to filter the list of user accounts. |
N User | This shows how many user accounts (N) match the filter criteria and how many user accounts of the selected type are created in total. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file.  |
Add | Click this button to create a new user account. See Cloud Authentication MAC Screen. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
Email | This shows the email address of the user account. |
Username | This shows the user name of the user account. |
Description | This shows the descriptive name of the user account. |
802.1X | This shows whether 802.1X (WPA-Enterprise) authentication is enabled on the account. |
VPN access | This shows whether the accounts can be used to connect to the organization’s networks through VPN. |
Authorized | This shows whether the user has been authorized in this site or not. |
Expire in (UTC) | This shows the date and time that the account expires. This shows -- if authentication is disabled for this account. This shows Never if the account never expires. This shows Multiple value if the account has different Expire in values across different sites. |
Login by | This shows whether the user needs to log in with the email address and/or user name. |
DPPSK | This shows the account’s dynamic personal pre-shared key (DPPSK), if one is set. |
VLAN assignment | This field is available only when the account type is set to User. This shows the VLAN assigned to the user. |
2FA Status | This shows whether the account has set up two-factor authentication yet. |
Bypass 2FA | This shows whether the account is allowed to bypass two-factor authentication, if two-factor authentication is enabled on a captive portal or VPN gateway. |
Authorized by | This shows the email address of the administrator account that authorized the user. If the account has been authorized by different administrators across different sites, it shows Multiple value. |
Created by | This shows the email address of the administrator account that created the user. |
Created at | This shows the date and time that the account was created. |
 | Click this icon to display a greater or lesser number of configuration fields. |
Cloud Authentication MAC Screen
Use this screen to view and manage Nebula Device user accounts, used for MAC-based authorization. Click Site-wide > Configure > Cloud Authentication > MAC to access this screen.
Site-wide > Configure > Cloud Authentication > MAC
The following table describes the labels in this screen.
Some of the actions on this screen are only available if your administrator account has full access to the organization.Label | Description |
|---|---|
Authorization | Select one or more than one account and click this button to configure the authorization settings for the selected user accounts.  |
Remove users | Select one or more than one user account and click this button to remove the selected user accounts. |
Search users | Enter a key word as the filter criteria to filter the list of user accounts. |
N User | This shows how many user accounts (N) match the filter criteria and how many user accounts of the selected type are created in total. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file.  |
Add | Click this button to create a new user account. See Cloud Authentication DPPSK Screen. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
MAC address | This shows the MAC address of the user account. |
Description | This shows the descriptive name of the user account. |
Account type | This shows the type of user account: USER, MAC, or DPPSK. |
Authorized | This shows whether the user has been authorized in this site or not. |
Authorized by | This shows the email address of the administrator account that authorized the user. If the account has been authorized by different administrators across different sites, it shows Multiple value. |
Expire in | This shows the date and time that the account expires. This shows -- if authentication is disabled for this account. This shows Never if the account never expires. This shows Multiple value if the account has different Expire in values across different sites. |
Created at | This shows the date and time that the account was created. |
 | Click this icon to display a greater or lesser number of configuration fields. |
Cloud Authentication DPPSK Screen
Use this screen to view and manage DPPSK network user accounts. Click Site-wide > Configure > Cloud Authentication > DPPSK to access this screen.
Site-wide > Configure > Cloud Authentication > DPPSK
The following table describes the labels in this screen.
Label | Description |
|---|---|
Authorization | Select one or more than one user account and click this button to configure the authorization settings for the selected user accounts.  |
Remove users | Select one or more than one user account and click this button to remove the selected user accounts. |
Print | Click this button to print the unique dynamic personal pre-shared key (DPPSK) and expiry time of each selected user account. The account details can be cut into cards, and then given to users in order to grant them WiFi network access.  |
Search users | Enter a key word as the filter criteria to filter the list of user accounts. |
N Users | This shows how many user accounts (N) match the filter criteria and how many user accounts of the selected type are created in total. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file.  |
Add | Click this button to create a single new account, or a batch of accounts. • Single DPPSK: See Add/Edit DPPSK Account. • Batch create DPPSK: See Batch Create DPPSK Accounts. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
Email | This shows the email address of the user account. |
Username | This shows the user name of the user account. |
Account type | This shows the type of user account: USER, MAC, or DPPSK. |
DPPSK | This shows the account’s dynamic personal pre-shared key (DPPSK). |
VLAN ID | This shows the VLAN assigned to the account. |
Description | This shows the descriptive name of the user account. |
Authorized | This shows whether the user has been authorized in this site or not. |
Expire in | This shows the date and time that the account expires. This shows -- if authentication is disabled for this account. This shows Never if the account never expires. This shows Multiple value if the account has different Expire in values across different sites. |
Created by | This shows the email address of the administrator account that created the user. |
Created at | This shows the date and time that the account was created. |
 | Click this icon to display a greater or lesser number of configuration fields. |
Collaborative Detection & Response
Collaborative Detection & Response (CDR) allows you to detect wired and WiFi clients that are sending malicious traffic in your network and then block or quarantine traffic coming from them. In this way, malicious traffic is not spread throughout the network. Secure policies can block malicious traffic for specific traffic flows, but CDR can block malicious traffic from the sender. Malicious traffic is identified using a combination of Web Filtering, Anti-Malware and IPS (IDP) signatures.
To use the CDR feature, a Gold/UTM Security Pack license and a Nebula Pro Pack license is required.The following table shows the CDR feature with/without a Gold/UTM Security Pack license.
cdr | without Gold/utm security pack | with gold/utm security pack | after gold/utm security pack expires |
|---|---|---|---|
With Nebula Pro Pack | CDR will not function. CDR settings will be grayed-out. | CDR full functionality. | CDR will disable its full functionality. • CDR fields in an “Enabled/Disabled” state will show “Enabled/Disabled” but grayed-out. • The Policy rule settings, Quarantine VLAN, and Exempt list will be kept in Site-wide > Configure > Collaborative detection & response. • Previously quarantined clients will be released. |
With Nebula Base/Plus Pack | CDR will not function. CDR settings will be grayed-out. | User is notified that CDR is with partial functionality only. • CDR event detection is available • CDR triggered events are logged in the Site-wide > Monitor > Site features logs • Containment actions (Alert/Block/Quarantine) is not available • Previously blocked/quarantined clients will be released in Site-wide > Monitor > Containment list. | CDR will disable its full functionality. • CDR fields in an “Enabled/Disabled” state will show “Enabled/Disabled” but grayed-out. • The Policy rule settings, Quarantine VLAN, and Exempt list will be kept in Site-wide > Configure > Collaborative detection & response. • Previously quarantined clients will be released. |
Site-wide > Configure > Collaborative Detection & Response
The following table describes the labels in this screen.
Label | Description |
|---|---|
Collaborative detection & response | |
Enable | Select this checkbox to activate Collaborative Detection & Response. Make sure you have active Web Filtering, Anti-Malware, IPS (Intrusion Prevention System), and CDR (Collaborative Detection & Response) licenses. |
Policy | |
Category | Category refers to the signature type that identified the malicious traffic: Malware (Anti-Malware, Anti-Virus), IDP (IPS), and Web Threat (Content Filter and URL Threat Filtering). |
Event Type | This displays some details on the category of malicious traffic detected. |
Occurrence (1–100) | Enter the number of security events that need to occur within the defined Duration to trigger a CDR Containment action. |
Duration (1–1440) | Enter the length of time in minutes the event should occur from a client the Occurrence number of times to trigger a CDR Containment action. For example, Occurrence is set to 10, and Duration is set to 100. If the NCC detects 10 or more occurrences of malicious traffic in less than 100 minutes, then CDR Containment is triggered. |
Containment | Select the action to be taken when the number of security events exceed the threshold within the defined duration. Alert: Select this if you just want to issue a notification in NCC. Block: Select this if you want to block traffic from a suspect client at the NCC, or from a suspect WiFi client at the AP connected to the NCC. Traffic is still broadcast to other clients in the same subnet. A ‘notification’ web page is displayed when this action is triggered. Quarantine: Select this if you want to isolate traffic from a suspect client at the NCC in a quarantine VLAN. Traffic is not broadcast to other clients in the same subnet. A ‘notification’ web page is displayed to the client when this action is triggered. |
Containment | Use this section to configure the selection containment action. |
General | |
Theme | Configure the CDR block page. • Click the Preview icon at the upper right corner of a theme image to display the block page in a new frame. • Click the Copy icon to create a new custom theme (block page). |
Logo | This shows the logo image that you uploaded for the customized block page. Click Choose File and specify the location and file name of the logo graphic or click Browse to locate it. You can use the following image file formats: GIF, PNG, or JPG. File size must be less than 200 KB, and images larger than 244 x 190 will be resized. |
Notification message | Enter the message that is displayed on the CDR block page. The client is redirected here when a Block or Quarantine action is triggered. For example, “Malicious traffic is coming from your device so traffic is temporarily stopped. Please contact the network administrator.” Redirect external URL: Enter a URL in “http://domain” or “https://domain” format to an external notification page. The client is redirected here when a Block or Quarantine action is triggered. Make sure the external notification page is accessible from the NCC. |
Redirect external URL | Enable this setting, and then enter a URL in “http://domain” or “https://domain” format to an external notification page. The client is redirected to this page when a Block or Quarantine action is triggered. You can download a sample block page by clicking Download. The external notification page must be accessible from NCC. |
Containment Period | Enter how long the client should be blocked or quarantined. This should be at least twice the DHCP server lease time in order to prevent false positives. |
Block | Enter how long a suspect client should be blocked or quarantined. You can enter from 1 minute to 1 day (1,440 minutes). 0 means the suspect is blocked forever until released in Site-wide > Monitor > Containment list. |
Block wireless client | Select this to have traffic from the suspect client blocked at the AP. Clear this to have traffic from the suspect client blocked at the NCC. |
Quarantine | |
Quarantine VLAN | Click Set to configure a VLAN in order to isolate traffic from suspect clients. Traffic from a suspect client is broadcast to all members in the VLAN. |
Exempt list | Enter IPv4 and /or MAC addresses of client devices that are exempt from CDR checking. |
Quarantine Interface Configuration
Click Set at Site-wide > Configure > Collaborative detection & response > Containment > Quarantine to configure the VLAN and interface used to isolate a client when a quarantine action is triggered. The following screen appears.
Only IPv4 addresses can be used in quarantine VLANs.Site-wide > Configure > Collaborative detection & response > Containment > Quarantine
Each field is explained in the following table.
Label | Description |
|---|---|
Interface Properties | |
Interface Name | This field is read-only. The default name is “Quarantine”. |
Port group | Select the name of the port group to which you want the interface to belong. |
Base Port | Select the Ethernet interface on which the VLAN interface runs. |
VLAN ID | Enter the VLAN ID. This 12-bit number uniquely identifies each VLAN. Allowed values are 1 – 4094. (0 and 4095 are reserved) |
IP address assignment | This is a 3-bit field within a 802.1Q VLAN tag that is used to prioritize associated outgoing VLAN traffic. “0” is the lowest priority level and “7” is the highest. |
IP address | Enter the IP address for this interface. |
Subnet mask | Enter the subnet mask of this interface in dot decimal notation. The subnet mask indicates what part of the IP address is the same for all computers in the network. |
DHCP Server | |
Get Automatically | Enter the IP address from which the Security Appliance begins allocating IP addresses. If you want to assign a static IP address to a specific computer, click Add new under Static DHCP table. |
IP pool start address | Enter the IP address from which the Security Appliance begins allocating IP addresses for this VLAN. |
Pool size | Enter the total number of IP addresses the DHCP server will hand out. |
OK | Click OK to save your changes back to the NCC. |
Cancel | Click Cancel to exit this screen without saving. |
Site Settings
Use this screen to change the general settings for the site, such as the site name, Nebula Device login password, captive portal reauthentication, SNMP, AP traffic logs to a Syslog server, traffic logs to SecuReporter, and API access for DPPSK third-party integration. Click Site-wide > Configure > Site settings to access this screen.
Site-wide > Configure > Site settings
The following table describes the labels in this screen.
Label | Description |
|---|---|
Site Information | |
Site name | Enter a descriptive name for the site. |
Local time zone | Choose the time zone of the site’s location. |
Site location | Enter the complete address or coordinates (physical location) of the Nebula Devices in the site. All newly added Nebula Devices will automatically use this as the default address and location on the Google map. You can edit each Nebula Device’s location on the Google map. |
Device configuration | |
Local credentials | The default password is generated automatically by the NCC when the site is created. You can specify a new password to access the status page of the Nebula Device’s built-in web-based configurator. The settings here apply to all Nebula Devices in this site. |
Smart guest/VLAN network | Click On to enable this feature. This allows the NCC to check if the VLAN ID and guest network settings are consistent on the APs and Security Appliance in the same site to ensure guest network connectivity. The guest settings you configure for a gateway interface (in Site-wide > Configure > Security gateway > Interface addressing) will also apply to the WiFi networks (SSIDs) associated with the same VLAN ID (in Site-wide > Configure > Access points > SSID settings). For example, if you set a gateway interface in VLAN 100 as a guest interface, the SSID that belongs to VLAN 100 will also act as a guest network. |
Captive portal reauthentication | |
For my AD server users | Select how often the user (authenticated by an AD server) has to log in again. |
For my RADIUS server users | Select how often the user (authenticated by a RADIUS server) has to log in again. |
For click-to-continue users | Select how often the user (authenticated through the captive portal) has to log in again. |
For cloud authentication users | Select how often the user (authenticated using the NCC user database) has to log in again. |
SNMP | |
SNMP access | Select V1/V2c to allow SNMP managers using SNMP to access the Nebula Devices in this site. Otherwise, select Disable. |
SNMP community string | This field is available when you select V1/V2c. Enter the password for the incoming SNMP requests from the management station. |
Reporting | |
Syslog server | Click Add to create a new entry. |
Server IP | Enter the IP address of the server. |
Types | Select the type of logs the server is for. Besides sending Security appliance traffic log to a Syslog server, you can also set the Security Appliance (through its Web Configurator) to save a copy of the logs to a connected USB storage device. Security appliance traffic log includes the traffic information (such as its source, destination or usage) of the Security Appliance clients.The Security appliance log and Security appliance traffic log will not include Security Firewall(s) in Cloud Monitoring mode. |
Action | Click the Delete icon to remove the entry. |
Use timezone for syslog server logs | Click On to enable this feature. This allows the Syslog server logs to use the site’s timezone. If disabled, the Syslog server logs will show GMT 0 time. GMT does not adjust automatically for Daylight Savings Time (DST). You must adjust for Daylight Savings directly in the Syslog server. |
AP traffic log | Log traffic for access points in the site that have NAT mode enabled. You can also send the logs to a Syslog server, by selecting AP traffic log under Syslog server > Types. For details on configuring NAT mode, see SSID Advanced Settings. |
SecuReporter | Click On to enable this feature. This allows the NCC to send traffic logs to SecuReporter. NCC will not include the traffic logs for Security Firewall(s) in Cloud Monitoring mode.Disable this option if you have configured sending of traffic logs to an external syslog server. |
API access | API access allows third-party software to integrate with the DPPSK feature in NCC. For more information, please contact Zyxel. |
API token | Generate an API token for DPPSK third-party integration. |
Copy | Click this button to copy the API key to the system’s clipboard. |
Delete | Click this button to delete the API key. |