Call a Specialist Today! 888-785-4412

Zyxel NSG300
Nebula Cloud Security VPN Gateway

See how Zyxel can help with the Remote Workforce

Sorry, this product is no longer available, please contact us for a replacement.


Nebula Cloud Managed Security Gateway

The Zyxel Nebula Cloud Managed Security Gateway is built with remote management and ironclad security for organizations with multiple distributed sites. With an extensive suite of security features including ICSAcertified firewall, IPsec VPN connectivity, Intrusion Detection Prevention (IDP) and Application Patrol, Content Filtering as well as Anti-virus the NSG provides deep, extensive protection to meet everything that small- to midsized businesses need.

As the Zyxel Nebula Security Gateway has been designed from the ground up to be cloud managed, installation and management is as simple as 1-2- 3. Through Nebula’s cloud interface, administrators can create site-wide policies and monitor all branch sites effortlessly, even without training.

  • Complete network, security, and application control from anywhere via the cloud
  • Zero-touch site-to-site VPN
  • Secure networks with IDP and Application Patrol, Content Filtering and Anti-Virus
  • Built-in DHCP, NAT, QoS, and VLAN management
  • Static route and dynamic DNS support
  • Identity-based security policies and application management
  • Cloud management and cloud statistics


Out-of-the-box cloud-managed gateway

Every Zyxel Nebula Security Gateway can be quickly and easily deployed at a remote location through nearly zero-touch cloud provisioning. It automatically pulls policies and configuration settings, receives seamless firmware upgrades and security signature updates from the cloud without the need for on-site networking expertise.

Easy setup, simple management

Traditional gateways require administrators to manage configurations and security policies separately for every device, eating up considerable time and effort. Nebula provides a single point of management for all Nebula gateways, allowing administrators to synchronize security settings across thousands of sites to every device all at once. The cloud interface provides site-wide visibility and control that enable administrators to monitor and manage event logs, traffic statistics, bandwidth consumption, networked clients, and application usage without access to the individual devices.

Zero-touch VPN connections

Establishing a virtual private network to keep branch locations securely connected is easier than ever. With the Zyxel Nebula Security Gateway, either site-to-site or hub-and-spoke VPN connections can be configured with just a few clicks in the Nebula Control Center and no complex VPN configuration steps. The intuitive cloud management interface lets administrators monitor VPN connectivity between multiple locations in real time.

Streamlined policy management

The Zyxel Nebula Security Gateway streamlines the configuration of firewalls and every security feature for faster, easier, and more consistent policy settings. It does so by supporting objectbased management and a unified configuration approach for all security related policies, with which users can easily apply all policy criteria to every security feature. Moreover, any configuration made in the Nebula Control Center can be automatically propagated to all connected Nebula gateways.

Effective network protection

Nebula’s IDP system scans multiple layers and protocols to inspect vulnerabilities invisible to simple port and protocol-based firewalls by utilizing deep packet inspection (DPI) technology that eliminates false positives with a database of malware signatures and provides effective protection against intrusions from unknown backdoors.

Powerful application security

Every Nebula Security Gateway comes bundled with a one-year subscription to the Nebula Security Pack, which better protects your networks through IDP, Application Patrol, Content Filtering, and Anti-Virus security services. IDP guards your business from a wide range of attacks and suspicious activities such as SQL injection and DoS; Application Patrol helps boost productivity and prevent bandwidth abuse by prioritizing, throttling, and blocking unnecessary applications; and Content Filtering uses categorization and URL filtering to stop users from accessing malicious and inappropriate sites. Finally, the Anti-Virus acts as a bulwark against malware including viruses, Trojans, worms, spyware, and rogue ware, being the first line of defense for your networks.

Applications Diagram:

Nebula Cloud Management Architecture

Nebula cloud management architecture

VPN Application

VPN application



  • Stateful packet inspection
  • VLAN
  • PPPoE
  • Static route
  • Firewall
  • Intrusion Detection and Prevention (IDP)
  • Application Patrol


  • Topology: Site-to-site, hubs-andspoke
  • Encryption: AES (256-bit), 3DES and DES
  • Authentication: SHA-2 (512-bit), SHA-1 and MD5
  • Perfect forward secrecy (DH groups) support 1, 2, 5, 14
  • IPSec NAT traversal
  • Dead peer detection and relay detection
  • VPN auto-reconnection
  • L2TP over IPSec

Intrusion Detection and Prevention (IDP)*

  • Signature-based
  • Behavior-based scanning
  • Automatic signature updates

Application Patrol*

  • Granular control over the most important applications
  • Identifies and controls applications and behaviors
  • Top application usage record

Content Filtering*

  • Social media filtering
  • Malicious Website filtering
  • URL blocking
  • Blacklist and whitelist support
  • Dynamic, cloud-based URL filtering database
  • Unlimited user license support
  • Customizable warning messages and redirection URL
  • HTTPs Domain filtering


  • Supports Anti-Virus signatures
  • Identifies and blocks over 650,000 viruses
  • Stream-based Anti-Virus engine
  • HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
  • Automatic signature updates
  • No file size limitation

Streamlined Policy Management

  • Unified policy management interface
  • Supported exclusive security features: IDP, Application Patrol, firewall (ACL)
  • Policy criteria: Source and destination IP address, destination port, time


  • Routing mode
  • Ethernet and PPPoE
  • NAT
  • VLAN tagging (802.1Q)
  • DHCP client/server/relay
  • Dynamic DNS support
  • Maximum bandwidth
  • Bandwidth limit per client IP


  • Microsoft Windows Active Directory integration
  • External RADIUS user database
  • Nebula Cloud (Nebula Control Center) authentication

Captive Portal

  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • Sign-on or click-to-continue authentication
  • Multiple instances of captive portal
  • Customizable portal templates
  • Internal or external captive portal redirect
  • Walled garden support

System Management

  • Cloud managed
  • Role-based administration
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Cloud firmware upgrade

Logging and Monitoring

  • Comprehensive local logging
  • Syslog (to up to 2 servers)
  • Real-time traffic monitoring

* IDP and Application Patrol, Content Filtering and Anti-Virus services need to be purchased on top of Professional Pack license, and will be co-terminated separately from with Professional Pack license.