Cloud CNM
Cloud CNM Overview
You need licenses to use Cloud CNM SecuManager and Cloud CNM SecuReporter. You need the SecuManager license to get a CNM ID with which you can access the SecuManager server. It is independent from the Zyxel Devices. The SecuReporter license must be activated on each Zyxel Device.
Cloud CNM SecuManager
Cloud CNM SecuManager is a Virtual Machine-based (VM) management system that uses the TR-069 protocol to encapsulate commands to ZyWALL/USG devices for management and monitoring; these devices must have firmware that supports the TR-069 protocol.
Cloud CNM SecuManager features include:
• Batch import of managed devices at one time using one CSV file
• See an overview of all managed devices and system information in one place
• Monitor and manage devices
• Install firmware to multiple devices of the same model at one time
• Backup and restore device configuration
• View the location of managed devices on a map
• Receive notification for events and alarms, such as when a device goes down
• Graphically monitor individual devices and see related statistics
• Directly access a device for remote configuration
• Create four types of administrators with different privileges
• Perform Site-to-Site, Hub & Spoke, Fully-meshed and Remote Access VPN provisioning.
To allow Cloud CNM SecuManager management of your Zyxel Device:
• You must have a Cloud CNM SecuManager license with CNM ID number or a Cloud CNM SecuManager server URL.
• The Zyxel Device must be able to communicate with the Cloud CNM SecuManager server.
You must configure Configuration > Cloud CNM > SecuManager to allow the Zyxel Device to find the Cloud CNM SecuManager server.
The following table describes the labels in this screen.
Configuration > Cloud CNM > SecuManager
Label | DESCRIPTION |
|---|
Show Advanced Settings / Hide Advanced Settings | Click this button to display a greater or lesser number of configuration fields. |
Enable | Select this to allow management of the Zyxel Device by Cloud CNM SecuManager. |
Auto | Select this if your Cloud CNM SecuManager server can access myZyxel to automatically get the VM server URL from myZyxel. You also need CNM ID from the Cloud CNM SecuManager license. |
CNM URL | myZyxel associates the CNM ID with the CNM URL which identifies the server on which Cloud CNM SecuManager is installed. Therefore you don’t need to enter the CNM URL when you select Auto. |
Custom | Select this if your Cloud CNM SecuManager server cannot access myZyxel. |
CNM URL | Select this if your VM server or Zyxel Device are in a private network, or if the VM server is behind a NAT router. You then need to manually enter the VM server URL into the Zyxel Device. Enter the IPv4 IP address of the Cloud CNM SecuManager server followed by the port number (default 7547 for HTTPS or 7549 for HTPP) followed by the CNM ID from the license in CNM URL. For example, if you installed Cloud CNM SecuManager on a server with IP address 1.1.1.1 and CNM ID V6ABQNTPYGD, then type 1.1.1.1:7547/V6ABQNTPYG or 1.1.1.1:7549/V6ABQNTPYG as the CNM URL. |
Transfer Protocol | Choose the CNM URL protocol: HTTP or HTTPS. If you enter 1.1.1.1:7547 as the CNM URL, you must choose HTTPS as the Transfer Protocol, and then the whole CNM URL is https://1.1.1.1:7547. If you enter 1.1.1.1:7549 as the CNM URL, you must choose HTTP as the Transfer Protocol, and then the whole CNM URL is http://1.1.1.1:7549. |
Periodic Inform | Enable this to have the Zyxel Device inform the Cloud CNM SecuManager server of its presence at regular intervals. |
Interval | Type how often the Zyxel Device should inform Cloud CNM SecuManager server of its presence. |
HTTPS Authentication | Select the check box if you have a HTTPs server certificate. |
Server Certificate | Select a certificate the HTTPS server (the Zyxel Device) uses to authenticate itself to the HTTPS client. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |
Note: See the Cloud CNM SecuManager User’s Guide for more information on Cloud CNM SecuManager.
Cloud CNM SecuReporter
Cloud CNM SecuReporter is a security analytics portal that collects and analyzes logs from SecuReporter-licensed Zyxel Devices in order to identify anomalies, alert on potential internal / external threats, and report on network usage. You need to buy a license for SecuReporter for your Zyxel Device and register it at myZyxel. You must be a registered user at myZyxel.
You can access the portal from a web browser and also get notifications sent to an app on your mobile phone.
How to activate and enable SecuReporter
1 Does Service Status displays Activated in the Configuration > Cloud CNM > SecuReporter screen? If not, you have to log in to myZyxel.com and activate the SecuReporter license for this Zyxel Device. The Zyxel Device must be able to communicate with the myZyxel server.
Your SecuReporter license displays in Configuration > Licensing > Registration > Service after you activate the SecuReporter license at myZyxel.
2 After the SecuReporter license is activated, go back to the Configuration > Cloud CNM > SecuReporter screen, and select the categories of logs that you want this Zyxel Device to send to the SecuReporter portal.
3 Select Enable SecuReporter. Do not go to the SecuReporter portal until after you have enabled SecuReporter on this Zyxel Device and applied the settings. You can also see license status, type, expiration date.
4 Click Apply and wait.
How to add this Zyxel Device to SecuReporter
1 Log in to the SecuReporter portal.
2 Go to Settings > Organization & Devices > Add to create an organization.
3 Add this Zyxel Device to an Organization using the hyper link under Unclaimed Device.
SecuReporter Banner
The SecuReporter banner appears when:
1 SecuReporter hasn’t been enabled before.
2 The Zyxel Device is not added to an organization yet.
Click the Continue button in the SecuReporter banner to configure the SecuReporter settings.
• Server Status: This is the connection status between the Zyxel Device and the SecuReporter server. This field shows Connected when the Zyxel Device can synchronize with the SecuReporter server. This field shows Timeout when the Zyxel Device can’t synchronize with the SecuReporter server. This field shows Fail when the connection between the Zyxel Device and the SecuReporter server is down.
• Device Name: Enter the name of the Zyxel Device. This Zyxel Device will be added to a new or existing organization.
• Organization: This field appears if you haven’t created an organization in the SecuReporter server. Type a name of up to 255 characters and description to create a new organization.
• Select from existing organization: Select an existing organization from the drop-down list box to add the Zyxel Device to the selected organization.
• Create new organization: Type a name of up to 255 characters and description to create a new organization.
• Partially Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with artificial identifiers in downloaded logs.
• Fully Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be replaced with anonymized information in downloaded logs.
• Non-Anonymous: Select this and personal data, such as user names, MAC addresses, email addresses, and host names, will be identifiable in downloaded logs.
The following table describes the labels in this screen.
Configuration > Cloud CNM > SecuReporter
Label | DESCRIPTION |
|---|
Enable SecuReporter | Security-related logs are sent to the SecuReporter portal. Click the General Data Protection Regulation (GDPR) privacy link below to see the Zyxel privacy policy. This must be selected to have SecuReporter collect and analyze logs from this Zyxel Device. • It’s selected by default if you have activated a SecuReporter Standard license, • You need to select this if you have a SecuReporter Trial license. • This field is not available if you do not have a SecuReporter license. |
Categories | Select the categories of logs that you want this Zyxel Device to send to SecuReporter for analysis and trend spotting. |
SecuReporter Service License Status |
Service Status | This field displays whether a service license is enabled at myZyxel (Activated) or not (Not Activated) or expired (Expired). It displays the remaining Grace Period if your license has Expired. It displays Not Licensed if there isn’t a license to be activated for this service. |
Service Type | This field displays whether you applied for a trial application (Trial) or registered this service with your iCard’s PIN number (Standard). This field is blank when the service is not activated. |
Expiration Date | This field displays the date your service expires. |
Apply | Click Apply to save your changes back to the Zyxel Device. |
Reset | Click Reset to return the screen to its last-saved settings. |