USG FLEX Firewalls Join Nebula
As we continue to make improvements to our cloud-managed platform, in this springtime of 2021, we have reached a significant milestone with the launch of Nebula’s latest P11 release – Nebula Together. This release brings together USG FLEX firewalls, remote AP management, and many new improvements, making it the most comprehensive secure cloud networking solution for SMBs.
With their recent integration to the Nebula cloud, USG FLEX firewalls further optimize Nebula with the holistic security and protection for SMB business networks. USG FLEX firewalls are capable to authenticate individuals and devices for all scenarios, which greatly improves the security level of the corporate networks, especially for remote working or WFH (work-from-home) application. Also, USG FLEX security network provides up-to-the minute protection with detailed reporting on investigations, threat preventions, active monitoring, and high visibility of network activities for today’s ever-changing, ever-more-complex network environments.
Image 1: With the recent addition of USG FLEX firewalls to the cloud-managed platform, Nebula further strengthens its manageability with holistic security and protection for SMB networks.
Collaborative Detection & Response (CDR) Ensures Best Security Across Networks
The arrival of the USG FLEX firewalls to Nebula provides network admins with a rule-based security policy capable of identifying anomalies with Anti-Malware, IDP, and URL Threat Filer. It uses the Collaborative Detection & Response (CDR) approach to detect a threat on any of the connected clients. The firewalls will automatically sync with the Nebula Control Center (NCC) and push the policies out to all APs across the entire network site, blocking or quarantining the compromised client at the network edge, containing the threat, and preventing further damage. Any new AP devices added in Nebula will instantly gain all these protection rules, making it a perfect fit for SMB to address the requirements of a decentralized, IoT-driven network infrastructure.
Image 2: The CDR approach: When an USG FLEX firewall identifies if there is a malware, vulnerability exploitation, or connection to a malicious website in the network, it will sync with the NCC and push the security policies out to all APs across networks to block, or quarantine the compromised client at the network edge.
Deliver office-level network security, anywhere
Due to the pandemic, it has rendered a large proportion of the workforce unable to commute to work; many of them have made the abrupt shift to working from home. However, when employees start bringing their laptops to work at home, it poses a greater risk for cybersecurity. Businesses now need to ensure their networks can be accessed securely outside of the office, while still providing the same level of corporate security. With this Nebula Together update, network admins will be able to deliver collaborative and consistent security across networks based on a zero-trust framework, ensuring stricter access and privilege control on all network entry points – be it in the office, at home, or even while working remotely from hotels, or cafes.
Through the Remote AP (RAP) function, network admins can easily preconfigure all business APs with secure tunnels to protect the connections among homes and offices with stronger encryption. Simply send the APs to employees to install at home – so they are instantly connected to the company network, just as they would be in the office. This is a no-brainer for the employees who need to connect to the corporate network at their homes or just about everywhere with an Internet connection, perfectly for top management and sales team who are constantly on-the-go or employees who have little IT knowledge to set up a VPN connection or do not want to be bothered with repetitive VPN logins. In addition, an extra layer of protection is also provided by two-factor authentication with Google Authenticator (GA).
Image 3: The RAP function with a two-factor authentication with GA enables an instant, yet completely secure tunnel to the company network for WTH employees, just as they would be in the office.
Up to this release, the Remote AP models supporting the secure tunnels to the USG FLEX firewall are:
To view more information about USG FLEX series firewalls on Cloud, please click here.
Nebula License 2.0 Reform
Starting from April 11, 2021, all Nebula customers will be updated to our new per-device licensing model as our co-termination licensing model will come to an end.
Why the Change?
- Simplification is by far the main driver in the change, after receiving a lot of feedback from partners and clients. We have decided to evolve the licensing to become much simpler to understand and manage. The change to per-device licensing allows IT teams to maintain various expiration dates across devices, sites or organizations. Each Organisation can have a single shared expiration, which will be manageable through our new Circle licence management platform (supporting Nebula later this year). Additionally, Nebula Control Center (NCC) Pro Pack licenses will move to flat rate pricing across all product types, making it much simpler for purchasing, managing and renewing.
- Unification is another factor for our ever evolving platform. As we begin to advance and bring in more sophisticated devices like the USG FLEX series into Nebula, we need to maintain a simple migration path between on-premise (traditional deployments) and our cloud platform. These changes will ensure that we bring a consistent, unified approach to the customer experience both in platform and licensing.
- Improved Packs This update will also introduce a new Plus Pack that includes a subset of the most commonly requested features for administering sites (from the current Pro Pack) at a much more affordable flat rate price (per device). We will also launch the Managed Service Provider (MSP) Pack that will facilitate cross-org management and help elevate the manageability in Nebula for MSP customers.
View more about Nebula flexible subscription plan: here
Per-admin user account license that includes cross-org. management features and can be used in conjunction with existing Packs (Base/Plus/Pro).
License-free feature set/service with a rich set of management features
A new feature set/service that includes the most frequently requested advanced features.
A full feature set/service with all advanced functionality and management features.
NCC offers flexible management license subscription to suit various customers’ needs.
Other Major New Features/Enhancements in Nebula P11
Besides the addition of USG FLEX series to NCC, Nebula also includes the following major updates:
- Licenses and Inventory Management: In this release, we consolidated the inventory and license management pages together into one page, named Licenses & inventory. The purpose of this design is to help Nebula users better manage their device and license status in accordance to the new per-device licensing model. The newly-designed page provides the detailed information on the device and license inventory within the organization such as the current device’s license status, as well as the management ability to add device, assign license, and purchase license, etc.
- Site-wide Client: It provides a unified overview of all the clients connected to all types of devices including gateway, switch, and access point on a single page with a policy button. Nebula users can instantly view all the clients connected to the network for easy management and take immediate action to block a compromised client if necessary.
Image 4: License & inventory provides detailed information on device and license status and inventory, making it easy to manage for NCC users of all sizes.
Image 5: With site-wide client, users can instantly check all the connected clients on a single page.
As mentioned in the previous section of this article, we are rolling out a new MSP Pack along with this new release. The MSP Pack includes the cross-organization management features such as the existing MSP portal, Create organization, MSP branding and the new features, as follows:
- Admins & teams: This feature is developed to facilitate better cross-org management for MSPs when assigning their employees with Org. privilege to manage Nebula organizations.
- The Admins tab allows you to Add, Delete, and Activate admins to manage Nebula organizations. Also, there is an Import function that allows bulk upload for fast inputting.
- The Teams tab provides a grouping capability that allows MSP to group Admin members as a team with the Org. privilege to manage Nebula organizations, which allows easy management for adding or removing Admin members to one and/or multiple Nebula organization(s).
Image 6: The Admins tab allows you to create and assign administrator to one or more organization(s) with Org. privilege.
Image 7: The Teams tab provides a grouping capability that allows MSP to group Admin members as a team with the Org. privilege to manage one or more Nebula organization(s).
- Cross-org synchronization: The cross-organization configurations and management capability for MSPs is further enhanced to include the following functions:
- Org-wide configuration sync from one Org. to another Org.
- Clone configurations from one Org. to another Org
- Clone one site or more sites from one Org to another Org.
Image 8: The cross-org synchronization feature further enhances Nebula cross-org configurations and management capability for MSPs.
Device Monitoring and Configuration Updates
USG FLEX Firewall
- Application visibility and control: More than 3000 applications are categorized in different labels such as antivirus, media streaming, social network, advertising, and more. The block/unblock and speed limit action buttons are added in the Site-wide Application monitoring page. Nebula users can instantly view all the applications that are currently used in the network for easy management and take immediate action to protect the network when necessary.
Image 9: The Site-wide Application page provides visibility and control of all the applications used in the network.
In this release, Nebula now supports Layer 3 static route functionality to enhance the scalability of the networks. The feature includes the followings:
- IP interface & Static route: Supports the configuration of the network settings for multiple VLAN interfaces and setting up IPv4 static route to specify next hop for the specific destination subnet.
- Enhanced live tool (Layer 3 switch only): The live tool is also enhanced to include Routing and ARP table for easy troubleshooting.
Image 10: The L3 static route setup is now supported in Nebula.
- Per AP(Room) per SSID: NCC now supports the configuration of Per room per SSID. For example, in the hotel setting, the network admin can set up a SSID that enables an individual SSID for each room, instead of having the whole building or floor share the same SSID.