Cloud CNM
Cloud CNM Overview
You need a SecuManager license to get a CNM ID with which you can access the SecuManager server. It is independent from the Zyxel Devices.
• Use the Cloud CNM > SecuManager screen (Cloud CNM SecuManager) to enable and configure management of the Zyxel Device by a Central Network Management system.
• Use the Cloud CNM > SecuReporter screen (Cloud CNM SecuReporter) to enable SecuReporter logging on your Zyxel Device, see license status, type, expiration date and access a link to the SecuReporter web portal. The SecuReporter web portal collects and analyzes logs from your Zyxel Device in order to identify anomalies, alert on potential internal / external threats, and report on network usage.
Cloud CNM SecuManager
Cloud CNM SecuManager is a Virtual Machine-based (VM) management system that uses the TR-069 protocol to encapsulate commands to ZyWALL/USG devices for management and monitoring; these devices must have firmware that supports the TR-069 protocol.
Cloud CNM SecuManager features include:
• Batch import of managed devices at one time using one CSV file
• See an overview of all managed devices and system information in one place
• Monitor and manage devices
• Install firmware to multiple devices of the same model at one time
• Back up and restore device configuration
• View the location of managed devices on a map
• Receive notification for events and alarms, such as when a device goes down
• Graphically monitor individual devices and see related statistics
• Directly access a device for remote configuration
• Create four types of administrators with different privileges
• Perform Site-to-Site, Hub & Spoke, Fully-meshed and Remote Access VPN provisioning.
To allow Cloud CNM SecuManager management of your Zyxel Device:
• You must have a Cloud CNM SecuManager license with CNM ID number or a Cloud CNM SecuManager server URL.
• The Zyxel Device must be able to communicate with the Cloud CNM SecuManager server.
You must configure Configuration > Cloud CNM > SecuManager to allow the Zyxel Device to find the Cloud CNM SecuManager server.
Label | DESCRIPTION |
|---|---|
Show Advanced Settings / Hide Advanced Settings | Click this button to display a greater or lesser number of configuration fields. |
Enable | Select this to allow management of the Zyxel Device by Cloud CNM SecuManager. |
Auto | Select this if your Cloud CNM SecuManager server can access myZyxel to automatically get the URL from myZyxel. You also need CNM ID from the Cloud CNM SecuManager license. |
CNM ID | Enter the CNM ID exactly as on the Cloud CNM SecuManager license. |
CNM URL | myZyxel associates the CNM ID with the CNM URL which identifies the server on which Cloud CNM SecuManager is installed. Therefore you don’t need to enter the CNM URL when you select Auto. |
Custom | Select this if your Cloud CNM SecuManager VM server cannot access myZyxel. |
CNM URL | Select this if your VM server or Zyxel Devices are in a private network, or if the VM server is behind a NAT router. You then need to manually enter the VM server URL into the Zyxel Device. Enter the IPv4 IP address of the Cloud CNM SecuManager server followed by the port number (default 7547 for HTTPS or 7549 for HTPP) followed by the CNM ID from the license in CNM URL. For example, if you installed Cloud CNM SecuManager on a server with IP address 1.1.1.1 and CNM ID V6ABQNTPYGD, then type 1.1.1.1:7547/V6ABQNTPYG or 1.1.1.1:7549/V6ABQNTPYG as the CNM URL. |
Transfer Protocol | Choose the CNM URL protocol: HTTP or HTTPS. If you enter 1.1.1.1:7547 as the CNM URL, you must choose HTTPS as the Transfer Protocol, and then the whole CNM URL is https://1.1.1.1:7547. If you enter 1.1.1.1:7549 as the CNM URL, you must choose HTTP as the Transfer Protocol, and then the whole CNM URL is http://1.1.1.1:7549. |
Periodic Inform | Enable this to have the Zyxel Device inform the Cloud CNM SecuManager server of its presence at regular intervals. |
Interval | Type how often the Zyxel Device should inform Cloud CNM SecuManager server of its presence. |
HTTPS Authentication | Select the checkbox if you have a HTTPs server trusted certificate. |
Server Certificate | Select an available certificate. Available certificates are in Object > Certificate > Trusted Certificates. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |
See the Cloud CNM SecuManager User’s Guide for more information on Cloud CNM SecuManager.Cloud CNM SecuReporter
Cloud CNM SecuReporter is a security analytics portal that collects and analyzes logs from SecuReporter-licensed Zyxel Devices in order to identify anomalies, alert on potential internal / external threats, and report on network usage. You need to buy a license for SecuReporter for your Zyxel Device and activate it at myZyxel. You must be a registered user at myZyxel.
How to activate and enable SecuReporter
1 Does Service Status displays Activated in the Configuration > Cloud CNM > SecuReporter screen? If not, you have to log in to myZyxel.com and activate the SecuReporter license for this Zyxel Device. The Zyxel Device must be able to communicate with the myZyxel server.
Your SecuReporter license displays in Configuration > Licensing > Registration > Service after you activate the SecuReporter license at myZyxel.
Your SecuReporter license displays in Configuration > Licensing > Registration > Service after you activate the SecuReporter license at myZyxel.
2 After the SecuReporter license is activated, go back to the Configuration > Cloud CNM > SecuReporter screen, and select the categories of logs that you want this Zyxel Device to send to the SecuReporter portal.
3 Select Enable SecuReporter. Do not go to the SecuReporter portal until after you have enabled SecuReporter on this Zyxel Device and applied the settings.
You can also see license status, type, expiration date.
You can also see license status, type, expiration date.
4 Click Apply and wait.
How to add this Zyxel Device to SecuReporter at the Portal
1 Log in to the SecuReporter portal.
2 Go to Settings > Organization & Devices > Add to create an organization.
3 Add this Zyxel Device to an Organization using the hyper link under Unclaimed Device.
How to add this Zyxel Device to SecuReporter in the Web Configurator
The following table describes the labels in this screen.
Label | DESCRIPTION |
|---|---|
Enable SecuReporter | Select this to allow SecuReporter to collect and analyze logs from this Zyxel Device for security analytics to identify anomalies, alert on potential internal / external threats, and report on network usage. |
Categories | Select the categories of logs that you want this Zyxel Device to send to the SecuReporter portal. There are two types: Security Logs: App Patrol, Anti-Spam, Anti-Malware/Virus, Content Filter, Threat Protection (IDP/ADP) Network: Traffic Log (for analysis of traffic usage). Do not select this if it impacts Zyxel Device performance. |
SecuReporter Service License Status | Select this if your Cloud CNM SecuManager VM server cannot access myZyxel. |
Service Status | This field displays whether the service license is enabled at myZyxel (Activated) or not (Not Activated) or expired (Expired). There is also a link to buy a license. |
Service Type | This field displays whether you applied for a trial application (Trial) or have a standard license (Standard). This field is blank when a service is not activated. |
Expiration Date | This field displays the date in yyyy-mm-dd format that your service expires. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |
Click the 'set Org/Network site' hyperlink in the second note in Configuration > Cloud CNM > SecuReporter to go to the following screen.
The following table describes the labels in this screen.
Label | DESCRIPTION |
|---|---|
Server Status | This is the connection status between the Zyxel Device and the SecuReporter server. This field shows Connected when the Zyxel Device can synchronize with the SecuReporter server. This field shows Timeout when the Zyxel Device can’t synchronize with the SecuReporter server. This field shows Fail when the connection between the Zyxel Device and the SecuReporter server is down. |
Device Name | Enter the name of the Zyxel Device. This Zyxel Device will be added to a new or existing organization. |
Organization | This field appears if you haven’t created an organization in the SecuReporter server. Type a name of up to 255 characters and description to create a new organization. |
Organization | Select an existing organization from the drop-down list box to add the Zyxel Device to the selected organization. |
Create new organization | Type a name of up to 255 characters and description to create a new organization. |
Data Protection Policy | |
Partially Anonymous | Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with artificial identifiers in downloaded logs. |
Fully Anonymous | Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with anonymized information in downloaded logs. |
Non-Anonymous | Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be identifiable in downloaded logs. |
I have read and accept the SecuReporter Terms of Use. | Read the Terms of Use and then select this if you agree with them.  |
Complete and Close Window | Review your configurations and then click this to apply the SecuReporter settings for this Zyxel Device. |