Introducing Nebula 9.2 – Simplified WiFi Security, Growing Nebula Family, and More Enhanced Features

Introducing Nebula 9.2 –
Simplified WiFi Security, Growing Nebula Family, and More Enhanced Features

Nebula just recently released its latest 9.2 update. The update features the industry’s first WiFi cloud authentication and encryption for SMBs, extended Nebula cloud support for 14 more devices including new WiFi 6 APs, GS1350 surveillance switches, XS1930 multi-gigabit switches and GS2220 aggregation switches, and more enhanced features for stronger functionality and performance.

WiFi access management made easy and secure with DPPSK

With the exponential growth of the use of wireless products, the number of devices needed to be connected to the internet has skyrocketed. Using the same WiFi password, which many SMBs still rely on, can lead to security breach as the password can be shared or stolen. Additionally, if the password is compromised, it must be changed on every single device that uses it, which is not only troublesome, but time-consuming. Thus, how to efficiently manage the WiFi access without compromising on the network security has become essential for network administrators.

To solve the insecure issue caused by the shared password, many organizations choose 802.1X on WiFi (WPA-Enterprise) as an effective WiFi authentication method since it uses a different encrypted key for each authenticated user to ensure a high level of wireless security. It has been viewed as the gold standard for secure WiFi authentication method for many years, however, it requires additional infrastructure (RADIUS server and client software/OS), as well as networking setup expertise to manually configure it.

Now, with the latest 9.2 update, Nebula offers cloud authentication enhancement through the Dynamic Personal Pre-Shared Key (DPPSK) feature – the first time this has been made available to the SMB market. With DPPSK, each user is provided with a unique WiFi password. With a quick setup in NCC, passwords can be customized to expire or last for a particular timeframe, making the management of WiFi access for multiple users simple, convenient and secure.

Image 1: Private WiFi Onboarding (DPPSK) has been made available the first time to the SMB market with the Nebula’s latest update

Build a Cloud Networking Ecosystem with Technology Partners

Nebula Technology Alliance Program has been designed to bring together technology partners across various vertical markets to offer comprehensive integration.

Nebula’s ability to manage an entire network (Wireless, Switch and Gateway) makes it ideal for integration and by providing a toolbox which includes an API and access to our development team we are able to compliment other technologies focused in the SMB market, to help them work seamlessly and give both Zyxel and Partners the opportunity to leverage from each other for expertise.

With this update, the Nebula API has just welcomed the integration with the 3rd party WiFi onboarding system, Complit Networks in Belgium, in the development of DPPSK feature. Wiflex, an onboarding platform created by Complit networks, is now integrated with Nebula. The user-friendly onboarding solution collects the user identification from its kiosk’s web portal or hotel PMS system, authenticates the guest WiFi access, and distribute the Nebula-generated DPPSK to the kiosk or the TV screen in the guest hotel room, making it an easy and affordable WiFi onboarding solution for spaces like hotels, shopping malls, stadiums, or concert halls.

Extended Cloud Support for More Devices

In this release, Nebula welcomes the Zyxel GS1350 series of surveillance switches, meaning customers can now remotely manage their CCTV switches through the cloud.

The switch boasts extended range, with all PoE ports supporting data transmission up to 250 meters to allow for deployment at a distance. Meanwhile, businesses can reduce downtime with the Auto PD Recovery feature to easily restart a malfunctioning power device. All of which allow network admins to save resources and more easily manage their CCTV networks without having to send field engineers to visit each site.

Image 2: On surveillance monitoring page, users can view the powered-devices (PD) connecting to each port and their health

Image 3: Users can see the switch’s per-port details such as neighbor clients and are able to reset the faulty PD by Power cycle

In addition to GS1350 surveillance switches, Nebula also welcomes more products to the family in this release, supporting up to 14 more devices in total. The newly supported products include the new WiFi 6 APs, XS1930 multi-gigabit switches, and GS2220 aggregation switches, which currently constitutes 52 devices in its most comprehensive product portfolio.

The new models supported in Nebula 9.2 release:
Category Model Name
Access Point WiFi 6
  • NWA210AX
  • WAX610D
Switch XS1930 Series
  • XS1930-10
  • XS1930-12HP
GS1350 Series for Surveillance
  • GS1350-6HP
  • GS1350-12HP
  • GS1350-18HP
  • GS1350-26HP
GS2220 Series
  • GS2220-10
  • GS2220-10HP
  • GS2220-28
  • GS2220-28HP
  • GS2220-50
  • GS2220-50HP
  • CCTV switches join the Nebula family
  • More APs and Switches
Other Major Enhancements - AP

Image 4: NAT mode per SSID is now supported in NCC, giving the AP the capability to assign IP addresses to the clients and connect them directly to the Internet

Image 5: Smart mesh – wireless bridge can be used to bridge a remote LAN network back to the main network.

Wireless bridge is supported in these models:
Category Model Name
NAP Series
  • NAP203
  • NAP303
  • NAP353
WAC 6000 Series
WAX 600 Series (WiFi 6)
  • NAT mode per SSID: It allows users to set up their AP to provide client addressing in NCC. The AP itself will have the routing capability and is able to assign IP addresses to wireless clients, which connect them directly to the Internet. This function works particularly well for small network users, for example, a café shop owner who wants to provide guest WiFi to his/her patrons without the need to invest in an expensive overhead like a gateway or router. The added-on option for traffic log can also be set up in NCC, allowing the AP to send the traffic log to a Syslog server for security compliance check purpose.
  • Support smart mesh – wireless bridge: Using smart mesh technology, APs can be used as the mesh repeaters to extend the wireless network for more coverage. Since the repeater APs with a LAN port can also support the wired clients to plug in to the network via their wired interface, NCC now supports using the APs as the repeaters to bridge a remote LAN network back to the main network.
  • Wireless health enhancement - Adaptive BW option interaction with DCS
    The optimization action - Adaptive Channel width will be enhanced to combine with the DCS action starting from the Nebula 9.2 release.
Other Major Enhancements - Switch

Image 6: The support for Voice VLAN via LLDP-MED is now supported on Nebula, giving users an additional option to set up their IP phones easily.

  • Voice VLAN via LLDP-MED: Voice VLAN segregates the voice traffic from the data traffic to ensure the communication quality. Instead of setting the IP phones one by one, the current method for setting up the Voice VLAN is through the OUI input of IP phone brands in NCC. In this 9.2 release, the support for LLDP-MED is further added, giving the IT admins an additional option to configure voice VLAN for IP phones installation easily.
Other Major Enhancements - Gateway

Image 7: Intrusion Detection / Prevention (IDP) is now included in NSS report.

Image 8: The admin can send the VPN provision script to the client through email.

Image 9: The client will just need to run the embedded script in the sent email on their endpoint device to automatically connect to the VPN.

  • IDP events for DNAT on NSS report: The IDP signature can identify a wide variety of malware threats and attacks such as Trojans, backdoor applications, and DoS attacks, as well as other security hazards. Zyxel Intrusion Detection and Prevention (IDP) is now supported in Nebula Security Service (NSS) report.
  • L2TP script email: When setting up Client-to-site VPN connection via L2TP, clients no longer need to configure the connection manually with their laptop/computer. The email will be sent to the client and the client will just need to run the embedded script to automatically connect to the VPN.