Cloud CNM
 
Cloud CNM
Cloud CNM Overview
You need a SecuManager license to get a CNM ID with which you can access the SecuManager server. It is independent from the Zyxel Devices.
Use the Cloud CNM > SecuManager screen ( Cloud CNM SecuManager) to enable and configure management of the Zyxel Device by a Central Network Management system.
Use the Cloud CNM > SecuReporter screen ( Cloud CNM SecuReporter) to enable SecuReporter logging on your Zyxel Device, see license status, type, expiration date and access a link to the SecuReporter web portal. The SecuReporter web portal collects and analyzes logs from your Zyxel Device in order to identify anomalies, alert on potential internal / external threats, and report on network usage.
Cloud CNM SecuManager
Cloud CNM SecuManager is a Virtual Machine-based (VM) management system that uses the TR-069 protocol to encapsulate commands to ZyWALL/USG devices for management and monitoring; these devices must have firmware that supports the TR-069 protocol.
Cloud CNM SecuManager features include:
Batch import of managed devices at one time using one CSV file
See an overview of all managed devices and system information in one place
Monitor and manage devices
Install firmware to multiple devices of the same model at one time
Back up and restore device configuration
View the location of managed devices on a map
Receive notification for events and alarms, such as when a device goes down
Graphically monitor individual devices and see related statistics
Directly access a device for remote configuration
Create four types of administrators with different privileges
Perform Site-to-Site, Hub & Spoke, Fully-meshed and Remote Access VPN provisioning.
To allow Cloud CNM SecuManager management of your Zyxel Device:
You must have a Cloud CNM SecuManager license with CNM ID number or a Cloud CNM SecuManager server URL.
The Zyxel Device must be able to communicate with the Cloud CNM SecuManager server.
You must configure Configuration > Cloud CNM > SecuManager to allow the Zyxel Device to find the Cloud CNM SecuManager server.
Configuration > Cloud CNM > SecuManager  
Label
DESCRIPTION
Show Advanced Settings / Hide Advanced Settings
Click this button to display a greater or lesser number of configuration fields.
Enable
Select this to allow management of the Zyxel Device by Cloud CNM SecuManager.
Auto
Select this if your Cloud CNM SecuManager server can access myZyxel to automatically get the URL from myZyxel. You also need CNM ID from the Cloud CNM SecuManager license.
CNM ID
Enter the CNM ID exactly as on the Cloud CNM SecuManager license.
CNM URL
myZyxel associates the CNM ID with the CNM URL which identifies the server on which Cloud CNM SecuManager is installed. Therefore you don’t need to enter the CNM URL when you select Auto.
Custom
Select this if your Cloud CNM SecuManager VM server cannot access myZyxel.
CNM URL
Select this if your VM server or Zyxel Devices are in a private network, or if the VM server is behind a NAT router. You then need to manually enter the VM server URL into the Zyxel Device. Enter the IPv4 IP address of the Cloud CNM SecuManager server followed by the port number (default 7547 for HTTPS or 7549 for HTPP) followed by the CNM ID from the license in CNM URL. For example, if you installed Cloud CNM SecuManager on a server with IP address 1.1.1.1 and CNM ID V6ABQNTPYGD, then type 1.1.1.1:7547/V6ABQNTPYG or 1.1.1.1:7549/V6ABQNTPYG as the CNM URL.
Transfer Protocol
Choose the CNM URL protocol: HTTP or HTTPS. If you enter 1.1.1.1:7547 as the CNM URL, you must choose HTTPS as the Transfer Protocol, and then the whole CNM URL is https://1.1.1.1:7547. If you enter 1.1.1.1:7549 as the CNM URL, you must choose HTTP as the Transfer Protocol, and then the whole CNM URL is http://1.1.1.1:7549.
Periodic Inform
Enable this to have the Zyxel Device inform the Cloud CNM SecuManager server of its presence at regular intervals.
Interval
Type how often the Zyxel Device should inform Cloud CNM SecuManager server of its presence.
HTTPS Authentication
Select the checkbox if you have a HTTPs server trusted certificate.
Server Certificate
Select an available certificate. Available certificates are in Object > Certificate > Trusted Certificates.
Apply
Click Apply to save your changes back to the Zyxel Device.
Reset
Click Reset to return the screen to its last-saved settings.
Note: See the Cloud CNM SecuManager User’s Guide for more information on Cloud CNM SecuManager.
Cloud CNM SecuReporter
Cloud CNM SecuReporter is a security analytics portal that collects and analyzes logs from SecuReporter-licensed Zyxel Devices in order to identify anomalies, alert on potential internal / external threats, and report on network usage. You need to buy a license for SecuReporter for your Zyxel Device and activate it at myZyxel. You must be a registered user at myZyxel.
Your SecuReporter license displays in Configuration > Licensing > Registration > Service after you purchase a license and register it at myZyxel. You must activate the license at myZyxel. The Zyxel Device must be able to communicate with the myZyxel server.
Configuration > Cloud CNM > SecuReporter  
Label
DESCRIPTION
Enable SecuReporter
Security-related logs are sent to the SecuReporter portal. Click the General Data Protection Regulation (GDPR) privacy link below to see the Zyxel privacy policy.
This must be selected to have SecuReporter collect and analyze logs from this Zyxel Device.
It’s selected by default if you have activated a SecuReporter Standard license,
You need to select this if you have a SecuReporter Trial license.
This field is not available if you do not have a SecuReporter license.
Include Traffic Log
Select this for traffic logs to be also sent to the SecuReporter portal for application usage analysis via this Zyxel Device. This may cause an increase in traffic to SecuReporter from this Zyxel Device. Clear the field if it impacts Zyxel Device performance.
SecuReporter Service License Status
Service Status
This field displays whether a service license is enabled at myZyxel (Activated) or not (Not Activated) or expired (Expired). It displays the remaining Grace Period if your license has Expired. It displays Not Licensed if there isn’t a license to be activated for this service.
Service Type
This field displays whether you applied for a trial application (Trial) or registered this service with your iCard’s PIN number (Standard). This field is blank when the service is not activated.
Expiration Date
This field displays the date in yyyy-mm-dd format that your service expires.
Go to the SecuReporter portal
Click this to go to the SecuReporter security analytics portal.
Apply
Click Apply to save your changes back to the Zyxel Device.
Reset
Click Reset to return the screen to its last-saved settings.