Zyxel Nebula Cloud Network Management Review
If you don't need the pro licence features then Zyxel Nebula is one of the best and most affordable cloud-managed solutions available. The web interface is superb allowing you to easily manage multiple organisations across multiple sites.
Overal - 90%
I have been using three products from Zyxel over the past year that work in the Nebula managed system. Recently Zyxel loaned me some new devices so I can review how managing an entire network from one interface is so much more convenient than sperate web interfaces for each device.
My current devices are:
- Zyxel NSW100-10 – 10 port POE switch
- Zyxel Hybrid Cloud Wireless Access Point (NWA1123-AC-HD).
- Zyxel GS1920-8HPv2 NebulaFlex Hybrid POE switch
I then expanded this system with:
- Zyxel NWA1123-AC-HD (giving me two access points)
- Zyxel GS1920-8HPv2 POE Switch
- Zyxel Nebula NSG100 Security Gateway
To preface this review, I am a home user with no professional network admin experience. While Zyxel Nebula is geared towards business use, I think it is an appealing system for high-end consumer/prosumer setups and perfect for small businesses.
There are a growing number of cloud managed solutions, Ubiquiti is possibly the most popular solution for users similar to me, then there is also the excellent Netgear Insight and I know a few IT service providers using OpenMesh for small businesses. Even D-Link are getting in on the action with their new Nuclias range. Then there is, of course, Meraki, which is an entirely different price point to any of the others.
Cloud Management Pricing – Free vs Pro
What initially brought me to Nebula was that it is one of the more affordable options on the market, many of the devices are very reasonably priced, being cheaper than competitors, and the cloud management system is free to an extent.
There are some caveats with the cloud management that you will need to consider before investing in this. The free options are comprehensive, and way more than I need, but if you find you do need the pro features, then the price is quite high compared to OpenMesh, Ubiquiti, and Insight. For most devices, this will be around £47 per year, or you can buy a lifetime licence, which when I checked was nearly the same price as the device itself.
The pro licence provides a lot of great features for larger business, and they will no doubt think the pricing is reasonable. Smaller businesses and home users probably won't feel the same and the big things you will lose out on are:
- Push notifications for device status
- Config backup and restore
- Site config and clone
Site config and clone is no use to me, but a small IT company would probably find it useful. I love the push notifications on Insite, and this is the main thing I miss here, as it makes it easy to identify network issues with minimal downtime.
It's worth noting, that while I love the push notifications from Netgear Insight, I much prefer the web managed system from Zyxel Nebula.
Devices are keenly priced with some of the highlights including:
- 8- Port GS1920-8HPv2 Fanless POE – £159
- Zyxel 24-Port GS1920-24v2 fanless not POE – £149
- Zyxel 24-Port GS1920-24HPv2 POE+ 375W Not fanless £283
- Zyxel 24-Port XGS1930-28 with 4 10G SFP+ not fanless and no POE – £233
- NWA1123-AC PRO Access Point – £99.99
[content-egg module=Amazon template=list]
In the year that I have been using Nebula, Zyxel has continued to improve the system. When I first got it, the mobile app was a bit bare bones and only really useful for setting things up. It has been improved considerably since then, and while not as functional as the web interface, it is a useful tool for managing and monitoring the network.
As I already had my existing system in place, there was no need to set up my organisation or location, but this is an easy process and allows you to manage multiple businesses across many sites using the same system.
The easiest way to add new devices is via the app, all you need to do is load it up, select the organisation, site, and then scan in the QR code and that is about it. At first I had some issues getting the QR code to work, as it is tiny and tried to line it up with the square, but my camera wouldn’t focus properly on it. Holding it much further away from the device will allow the camera to identify the QR code quickly. It is a stupid mistake on my behalf but I wouldn’t be surprised if others do it. If you can’t scan in the QR code then you can manually type in the serial number.
With the access points, Zyxel has zero-deployment which means that the settings are mirrored across each AP so no configuration at all.
This worked exactly like expected, and there was zero set up apart from adding the access point to my system and the access points act as one system similar to mesh options. As you would expect, compared to a consumer solution such as mesh systems you have much more granular control over the settings for the Wi-Fi, this included setting up multiple SSIDs each with different settings, power levels and more.
I have had some issue with Ring and other 2.4ghz only devices working with mesh systems broadcasting both 2.4ghz and 5Ghz on the same band, so with this, I have a separate network for wireless smart home products, and have my CCTV stuff on a different VLAN to minimise congestion.
With these access points, you can improve roaming and handoff with smart steering based on the signal strength and assisted roaming using 802.11k/v protocols. With these enabled the access points work as seamless as my Netgear mesh system when moving around the house. The only downside is that the range is not quite as good, though the NWA1123-AC are some of the lower specced options for the access points there is also NAP203 and NAP303 but these will be too expensive for home users and many smaller businesses.
In the room with my server, I have the POE switch, which then feeds the CCTV, access points, my server and a bunch of other smart home tech, this switch has quite a noisy fan, so in a home environment, it will need to be located away from your immediate living space. I then use the fanless switches in the living room and my office.
The switches themselves have an extensive level of features including:
- Port Aggregation and Bonding
- Cable Diagnostics
- VLAN Tagging / guest VLAN
- IP Filtering
- Radius Policies for MAC-based Authentication
- PoE Schedules
- Quality of Service (QoS), storm control, port based rate limiting, flow control
- Layer 2 multicast – IGMP snooping, MLD snooping
- IPv6 management
For anything named NebulaFlex or Hybrid you have the option to manage the switching separately via a web interface, or via the Nebula interface. I stuck to the Nebula option as this was the whole point of me investing in the hardware.
Inside Nebula, as the switches don’t share the same settings like access points do, you can go into each switch and manage things to your heart's content.
This includes going into each port and viewing the traffic usage and devices connected to it. You can enable or disable any feature you want per port as well as set up a schedule for POE, which I use for my office phone.
You can then view all the clients connected to the switches by mac address and which switch they are connected to plus which VLAN.
I don’t really use the switches to their full potential but I separate CCTV and some IoT stuff into their own VLAN. I try to name all the devices so it is easier to work out what is what, and I name the ports so I have a better understanding of what is connected to what for when things break.
Zyxel Nebula Security Gateway
I have reviewed both the switches and access points previously, but this is the first time using the security gateway. There are multiple options available, and I was sent the NSG100 which sits in the middle of the pack and will set you back about £345.
With all the gateways, there is zero-touch provisioning, and It automatically pulls policies and configuration settings, receives seamless firmware upgrades and security signature updates from the cloud without the need for on-site networking expertise.
The NSG100 supports up to two WAN uplinks with traffic shaping and fail-over. There is a wide range of settings, and as the name suggests, this offers a comprehensive security solution.
IDP guards your business against a wide range of attacks and suspicious activities such as SQL injection and DoS; Application Patrol helps boost productivity and prevent bandwidth abuse by prioritising, throttling, and blocking unnecessary applications; and Content Filtering uses categorisation and URL filtering to stop users from accessing malicious and inappropriate sites. Finally, the Anti-Virus acts as a bulwark against malware including viruses, Trojans, worms, spyware, and rogue ware, being the first line of defence for your networks.
On top of that, there is built-in DHCP, NAT, QoS and VLAN management, and static route and dynamic DNS support. Then it has plenty of VPN options, including Site-to-Site VPN and L2TP over IPSEC client (VPN).
To be honest, this product was the one that was beyond what I needed even more than the other devices. With the IDP, Application Patrol, Content Filtering and Anti-Virus, they all need a security service pack on top of it of the standard NCC service, so to get the most out of this you are going to be paying over £250 per year between the two licences(the first year is included).
While it may be a little over the top for my needs, I can completely see the appeal in a business environment, more so with an IT admin managing multiple sites. They can monitor usage and manage traffic all remotely and covering multiple locations from one login, the various security features should minimise the inevitable problems caused by users misusing computers and minimise downtime incurred.
As previously mentioned the mobile app has been improved vastly, it doesn’t offer all the features that the web interface does, but you can check on the status of each device, remotely reboot it, assign policies to devices connected to the network (blacklist/whitelist), manage the Wi-Fi and check gateway clients and app traffic usage. All of these make managing things while on the move much easier, while on press trips I have had my partner moan about something not working and I can quickly login to make sure the internet is working, or if needs be reboot a switch.
I continue to love the Nebula system, I know it is completely over the top for my needs, but there is nothing more stressful than my partner moaning about the Wi-Fi being down or something not streaming from the server.
I have quite a large house with a bigger than you would expect network and in the past, I had a mish-mash of products so any networking issues generally meant me going around the house switching on and off devices hoping it would sort itself out. With this, for a start, nothing has ever seriously gone wrong, and secondly, I can log into the system to see all the devices in one place. I can check cables, port uptime, bandwidth usage, WAN throughput, traffic summaries and everything else I could possibly want to fix or optimise my network.
Pricing is reasonable too, while not like for like products, a decent mesh wi-fi system can be close to £300, so you are not paying considerably more here. The big caveat is that you have to run ethernet, but trust me, if you do, you won’t regret it, it is far more reliable. As previously discussed this is highly competitive against similar clound management systems.
My plan, hopefully in the near feature, is to swap out all my networking gear for Zyxel Nebula routing cables through the loft and dropping them down outside and back into the relevant rooms. The XGS1930-28 looks like a fantastic option for this so I can then provide 10Gbe between my servers and my main work PC.
For business use, then I can thoroughly recommend this system. I have recommended it to a couple of friends that run small IT businesses. Being able to monitor all your clients over multiple locations via one dashboard is a huge time saver.