HomeBlogTechnologyZyxel Nebula Review – Cloud Network Management
Zyxel Nebula Cloud Managed Networking Platform

Zyxel Nebula Review – Cloud Network Management

By Michael Kummer | Last Updated on Nov 8, 2018

This post may contain affiliate links. Please read my disclosure for more info.

Zyxel Nebula is a cloud-managed networking solution consisting of Wi-Fi access points, Ethernet switches, security gateways, and a management console. Zyxel developed Nebula to help business customers and their service providers to manage networking infrastructure more cost-effectively. For this review, I wanted to find out how much value Zyxel Nebula would provide to prosumers who can’t get the performance they need from consumer-grade equipment in residential environments.

Note that I had tested and reviewed business-class networking equipment from Ubiquiti in the past, and so I had well-defined requirements and reference points, especially regarding Wi-Fi performance and ease of use.

Reviewed Zyxel Nebula Equipment

Product
NSG200 Security Gateway

$650.00

NSW100-10P 8-Port Gigabit Switch with PoE

$220.00

NAP303 Managed Access Point

$465.00

NAP203 Managed Access Point

$159.99

NAP102 Managed Access Point

$129.99

Zyxel sent me a security gateway, two 10-port Ethernet switches, and four access points to replace my existing UniFi infrastructure for this review.

To be perfectly honest, I was hesitant to “rip out” the existing infrastructure that both my wife and I rely on, from a personal and professional perspective. But this challenge gave me an excellent opportunity to test Zyxel’s “Zero Touch” deployment claim.

Spoiler alert: The migration was much less painful than what I had anticipated!

My Migration Strategy

For those of you who haven’t followed the evolution of my network infrastructure, here is a quick overview of what I intended to replace.

I live and work out of a 3,300 square feet ranch-style home. My home office is on one side of the house, and that’s where AT&T’s fiber-optic Internet connection enters the home. The family room, where I spend most time when I’m not working, and where we stream TV shows and movies to an Apple TV, is on the opposite side of the house.

As is the case with many residential and commercial settings, a single wireless access point or router doesn’t provide proper Wi-Fi coverage for the whole area. That’s why I got into mesh networking and later expanded to commercial Wi-Fi equipment.

Before migrating to Zyxel Nebula, I had my current modem, a security gateway (router) and an 8-port switch installed in my home office. From there, I ran three CAT6 Ethernet cables into the attic where they would terminate in a second switch.

The second switch feeds the numerous Wi-Fi access points I had strategically positioned throughout the house using ceiling mounts. Additionally, the switch also connects various home security cameras to my network, but those are not part of this review.

How I Executed the Migration

First, I downloaded the Zyxel Nebula app to my iPhone, created an account and started scanning each piece of equipment I had received.

How to add new Nebula devices
How to add new Nebula devices

Each Zyxel device has a label with a QR code that you can scan to add the hardware to your Nebula account. As soon as you do that, Nebula provisions it with a default configuration. That is what Zyxel calls “Zero Touch” deployment. In my tests that worked incredibly well and it sped up the whole process.

Since Zyxel primarily designed Nebula for managed service providers who might support multiple clients and locations, I had to create an “organization” and a “site” as part of the setup process. Since I’m not a real organization and have only a single site, I used “Kummer Household” and “Home” for those parameters. You’ll see those terms in some of the screenshots below.

Create Wi-Fi SSID

The first thing I did after I had plugged in the security gateway to my ISP’s modem and transferred all Ethernet cables from the old to the new switch was to set up a Wi-Fi network. Since I didn’t want to reconfigure 40+ Wi-Fi-enabled devices, I made sure to use the same SSID and password I had used before. That way, my computers, phones, tablets and IoT devices could easily reconnect once the new access points came online.

Install Second Switch

Next, I installed the second switch in the attic, which took less than a minute. Similar to installing the primary switch in my office, all I had to do was move the Ethernet cables over and connect the device to the uninterruptible power supply (UPS).

Install Access Points

The most time-consuming part of the migration was to replace the existing access points. I wish I could have reused the mounting brackets from my Ubiquiti APs, but, apparently, that wasn’t the case.

For this review, I didn’t want to rip out the old mounting brackets and drill new holes, which would have involved crawling around in the attic.

I tried 3M mounting tape first, hoping it would hold the weight of the access points, but that didn’t work as you can see in the photo.

Zyxel Access Point hanging from ceiling
Zyxel Access Point hanging from the ceiling

So I ended up leaving the old mounting brackets on the ceiling, and I installed the new brackets on top of the old ones. I still had to drill holes for that, but, at least, I didn’t have to go to the attic to remove the Ubiquiti bracket that “sandwiches” the drywall.

Cosmetically, it’s not looking great because you can see a clear gap between the access point and the ceiling. But for this review, my wife was OK with that.

Test Connectivity

Once all the hardware was in place, most of my devices could reconnect to the new access points without any troubles. Only some IoT devices, such as smart light switches and bulbs required a power cycle before they could reconnect to Wi-Fi.

Overall, I was impressed by the ease of deploying the Nebula equipment. All devices worked out of the box and without requiring configuration changes. The only setup step I had to perform was to create an SSID (Wi-Fi network) to match the old one.

Zyxel Nebula Cloud Managed Platform

Zyxel Nebula Platform
Zyxel Nebula Platform
 Pros
  • Efficient Deployment (Zero Touch)
  • Powerful Management Console
  • Multi-User/Multi-Tenant Support
 Cons
  • Commercial Design
  • Some Features Require a Paid License

Many of the network management capabilities of Zyxel’s Nebula platform are overkill for what I need. I’m not a service provider, and I don’t work with one to help manage my network, so this review doesn’t go into the details of those features. But since they might be a deciding factor for many commercial customers, I wanted to share a few highlights:

  • Licenses stick with the organization and transfer from device to device. So you can upgrade the hardware without losing your investment in the license.
  • Zyxel offers a free subscription tier to maintain full control of your equipment. Some competitive solutions won’t allow you to make configuration changes without a valid (paid) subscription.
  • Nebula supports multiple tenants and sites under one management console
  • “Zero touch” makes deploying new devices a breeze and reduces the cost of ownership.

The reason why I have mentioned the terms “subscription” and “license” a few times is that the Nebula Cloud Management Platform is a subscription-based service that enables you to manage all supported devices. You can choose between a free license and a professional pack. The latter offers additional features and reporting.

Nebula is a Cloud Network Management Solution that brings the benefits of the cloud to your network. The Nebula Control Center gives centralized, easy to use, control over all Nebula wired and wireless networking devices from a single pane of glass, from any device. Nebula simplifies your business infrastructure and offers simple, intuitive and scalable management for networks of all sizes.

Zyxel’s cloud management platform is incredibly powerful and feature-rich. So it takes some getting used, especially if you recently upgraded from consumer-grade equipment.

What Does Cloud-Managed Mean?

The term cloud managed means that instead of managing your devices locally (on the Local Area Network), you do it via a platform that Zyxel operates in its data centers. Any changes you make get then pushed down to your devices. As a result, you might sometimes see a delay of one to two minutes for changes to take effect.

The advantage of that cloud-based approach is that you can hand off network management to an external service provider. That’s particularly useful if you are small- or medium-sized business without an internal IT staff; or if you are a big-shot business owner who works from home, appreciates reliable networking infrastructure but needs a knowledgeable relative or employee who can configure and troubleshoot all those gadgets without having to be onsite.

Nebula Management Console

Zyxel Nebula Management Console
Zyxel Nebula Management Console

To access the management portal, open a browser and point it to https://nebula.zyxel.com. Alternatively, you can use a mobile app from your platform’s App Store. The primary benefit of the mobile app is to keep an eye on the status of your devices. If you want to make configuration changes to your equipment, you have to use the web console. One of the few exceptions is maintaining wireless network settings, which you can do via the mobile app.

If you are on the paid subscription tier, Nebula can send you “push notifications” to your mobile phone to alert you if your uplink or any of the devices have gone offline. I wish Zyxel would make that feature part of the free license because such notifications are useful for almost everybody.

Zyxel Nebula Security Gateway

Zyxel Nebula Security Gateways
 Pros
  • Gigabit Firewall Performance
  • Decent VPN and IDP Throughput
  • Two WAN Ports for Fail-over Support
 Cons
  • Wall-mounting only an option for NSG50
  • Power Plug Easily Comes Loose
  • Limited AV Throughput

Zyxel offers three models of its cloud-managed security gateway that mostly differ in performance, number of ports and mounting options. I got to test the top-tier NSG200.

Features

The NSG200 Zyxel gave me for this review has a ton of useful features that most (business) users can benefit from. As a result, some of the “cons” I mentioned above, might not apply to you. They impact me because I don’t have a server rack to mount my NSG200. So I would have preferred a wall-mounting option, which is only available for the NSG50.

Additionally, my fiber-optic internet upload offers almost 1,000 megabits per second (Mbps) of bandwidth. That’s over twice as fast as the NSG200 can handle when you enable anti-virus scanning and intrusion detection and prevention (IDP). As a result, I don’t use some of those security features.

The other feature I would have liked to have is support for X.509 certificate-based authentication for the site-to-site VPN. That way, I could permanently connect the NSG200 to our corporate network and wouldn’t have to worry about using a software VPN client on my iMac.

But to be fair, my Ubiquiti security gateway doesn’t have any of those missing features either. So I’m not losing anything with the Zyxel gateway.

If your site requires an always-on Internet connection, you’ll appreciate that the NSG200 supports up to two WAN uplinks with traffic shaping and fail-over. Before I switched to a fiber-optic connection, I often had issues with Comcast’s unreliable and analog cable link. During that time, I considered signing up for backup DSL service, but I didn’t have the router to support two uplinks.

Besides the aforementioned benefits, the NSG200 supports all the features you would expect from a mid-tier router and more, including:

  • Stateful firewall
  • Custom routing options
  • Content and security filtering
  • Site-to-Site VPN
  • L2TP over IPSEC client (VPN)
  • Walled Garden
  • Captive portal
  • Traffic shaping
  • External authentication (AD, Radius) and external DNS server support

Technical Specifications

NSG50 NSG100 NSG200
10/100/1000 Mbps RJ-45 ports 4 x LAN (GbE)
2 x WAN (1x SFP, 1x GbE)
4 x LAN (GbE)
2 x WAN (GbE)
5 x LAN (GbE)
2 x WAN (GbE)
USB ports 1 2 2
SPI firewall throughput (Mbps) 300 450 1,250
VPN throughput (Mbps) 100 150 500
IDP throughput (Mbps) 110 160 500
AV throughput (Mbps) 50 90 300
SP throughput (Mbps, AV and IDP) 50 90 300
Max. TCP concurrent sessions 20,000 40,000 80,000
Max. TCP session rate 2,000 2,000 8,000
Max. concurrent IPsec VPN tunnels 10 40 200
VLAN interface 8 16 16
Fan-less
Mounting Options Wall Rack Rack
Price (incl. 1 Year Subscription) $229.99 $400.00 $650.00

Overall, the NSG200 is a solid mid-tier security gateway and router with a ton of easy-to-use configuration options.

Zyxel Nebula Switches

Zyxel Nebula Switches
Zyxel Nebula Switches
 Pros
  • Solid Switching Performance
  • Ethernet and SFP Ports
  • Optional Power-over-Ethernet (PoE) Ports
 Cons
  • You Can’t Wall-mount Them
  • The Fan is Noisy (PoE Models)

For this review, Zyxel has sent me two of their NSW100-10P switches. The number 10 indicated the number of ports the switch has and “P” indicates Power-over-Ethernet (PoE) support. The latter is useful for wireless access points and security cameras because it enables me to power them over Ethernet, instead of having to connect the devices to a traditional power outlet.

The disadvantage of Zyxel’s PoE switches is that their built-in fan is relatively loud. They are not annoyingly loud, but the noise is noticeable and more than what I’m used to from the Ubiquiti switches.

The NSW100-10P switches I was testing, have all the features you would expect from devices of this class:

  • Port Aggregation and Bonding
  • Cable Diagnostics
  • VLAN Tagging
  • IP Filtering
  • Radius Policies for MAC-based Authentication
  • PoE Schedules
  • Quality of Service (QoS) for VLANs

Technical Specifications

NSW100-10 NSW100-10P NSW100-28 NSW100-28P NSW200-28P
10/1000 Mbps Ports 8 24
10/1000 Mbps PoE Ports 8 24 24
10 Gigabit SFP+ 4
Gigabit combo (SFP/RJ-45) 2 2 4 4
Switching Capacity (Gbps) 20 20 56 56 128
Forwarding Rate (Mbps) 14.88 15 41.67 41.67 95.2
Packet Buffer (KB) 448 448 1536 1536 1536
Acoustic Noise (dBA) 0 37.7 0 59.6 42.075
Total PoE power budget (Watt) 180 375 375
Price (incl. 1 Year Subscription) $139.99 $220.00 $217.43 $385.00 $500.00

Overall, I’m happy with the feature-set and performance of Zyxel’s Nebula switches. My advice is to pick a fan-less model if you don’t need PoE and if you don’t have a dedicated server room where noise is not an issue.

Zyxel Nebula Access Points

Zyxel Nebula Access Points
Zyxel Nebula Access Points
 Pros
  • MU-MIMO for Enhanced Performance
  • Flexible Mounting Options
  • Support for Up To Eight SSIDs
 Cons
  • Commercial Design
  • Throughput Limited to 900 Mbps

Zyxel offers four cloud-managed access points, including an outdoor model with external antenna support that I haven’t tested. For this review, Zyxel sent me one NAP303, one NAP203, and two NAP102 access points.

Similar to what I did with Ubiquiti’s APs, I installed the most powerful AP (NAP303) in our family room, where we spend a lot of time and stream movies. The mid-tier NAP203 I installed in our living room to cover a bulk of our IoT devices (thermostats…) and the NAP102 I placed in my office. The reason for that is because my iMac is hardwired to the switch, and so I don’t need the best Wi-Fi performance in my office.

The two things I noticed immediately when installing the NAPs was their slightly taller form factor and “old school” commercial design. Of course, neither has any impact on their performance, and only a few users would care about that outside of a residential environment.

Beyond that, the access points have performed as well as I had expected. The installation was straightforward, and beyond creating an SSID, there was no configuration required.

Roaming and Handoff

Besides spotless coverage, one of the primary pain points with Wi-Fi I have had in the past was roaming and handover. I often make or accept a call in the kitchen or family room while my iPhone is connected to the nearest access point in that area. If I then walk into my office to continue the conversation, I want my phone to handoff to the access point in my office for the best possible connection.

Most consumer-grade Wi-Fi equipment doesn’t support that. Zyxel offers various features that enable and encourage devices to hand off to the nearest access point with no or little interruption, such as dropped packages. Roaming and handoff are very much client-dependent, and newer clients offer better and more seamless support than older clients. But the great thing about Zyxel’s implementation is that the company has implemented features to make the handoff process more reliable for a wide range of devices by offering:

  • Smart steering based on signal thresholds
  • Assisted roaming using 802.11k/v protocols

Technical Specifications

NAP102 NAP203 NAP303
WLAN Maximum Throughput 450 Mbps 900 Mbps 900 Mbps
MIMO Channels 2×2 3×3 3×3
Antennas 1 2 6
Power-over-Ethernet
Number of LAN Ports 1 2 2
Antenna Gain 2.4 GHz 3 dBi
5 GHz 4 dBi
Ceiling: 2.4 GHz 3 dBi
5 GHz 4 dBi
Wall: 2.4 GHz 4 dBi
5 GHz 5 dBi
2.4 GHz, 4 dBi
5 GHz, 6 dBi
Mounting Options Ceiling Ceiling or Wall Ceiling or Wall
Price (incl. 1 Year Subscription) $129.99 $159.99 $465.00

Overall, I was impressed by the performance and ease-of-deployment of the Nebula access points.

Zyxel Nebula Licensing

Zyxel Nebula Subscription Tiers
Zyxel Nebula Subscription Tiers

Each Zyxel Nebula devices comes with a free license that should be sufficient for most non-commercial users.

If you need additional features, such as user auditing, notifications & alerts, advanced VPN features, etc., you can upgrade to a professional license pack. You can subscribe to the Professional Pack on an annual basis, or you can purchase a lifetime license.

Below are examples of how much a Zyxel Nebula Lifetime License costs per device for the following device types:

Device Type
Access Point Lifetime License

$177.99

Security Gateway Lifetime License

$315.99

Ethernet Switch Lifetime License

$221.99

Issues Encountered

The Zyxel Nebula platform worked overall well and met most of my expectations. I did run into a few issues that I wanted to point out:

The Power Cable Of The Security Gateway Is Lose

The rounded power plug of the Zyxel NSG200 is incredibly loose and comes out with only the slightest pull. I accidentally unplugged the gateway several times by just lifting it and moving it to another position. Zyxel is aware of the issue, and they are working on a fix.

Mobile App Keeps Logging Me Out

The mobile app keeps logging me out every 24 hours or so. As a result, I have to re-authenticate every time I want to use the app. While that’s only a minor inconvenience, I hope it doesn’t interfere with the delivery of push notifications. But either way, Zyxel ought to fix that and also add TouchID of FaceID on iOS to remove the need for username and password.

Random Device Disconnects

During the first few days of testing, I noticed that some of my devices, such as my iPhone and home security cameras would randomly disconnect from Wi-Fi or lose internet connectivity. The cause of the latter was due to my ISPs modem going offline for a minute at 4 AM. The Wi-Fi disconnects were likely caused by configuration changes I had made.

After the initial setup, I clicked through the management console and made changes without reading the documentation. You know, that’s what pros do :)

One of the settings I messed with was client steering, dynamic channel switching (DCS), and dynamic frequency selection (DFS).

The latter enables an access point to automatically switch channels if it detects radar or interference that looks like a radar signal. When it does, any connected device might go offline for a few seconds before it can reestablish connectivity using a different channel. To resolve that problem, I turned DFS off. Most consumer-grade Wi-Fi clients don’t support DFS channels anyway, so turning that setting of won’t affect me.

I also made sure that I enabled “DCS client aware” to prevent my access points from selecting better channels while clients are connected to it. You can read more about those radio settings in the online help.

Note that anytime you make changes to those settings, your APs may drop all clients. Most computers and smartphones immediately reconnect without any issues, but I have noticed that some IoT devices don’t. For instance, some of my LIFX smart bulbs don’t reconnect until you power cycle them. That’s a bit annoying, but a problem LIFX has to fix.

Conclusion

With its Nebula product line, Zyxel offers an easy-to-manage cloud platform and combines advanced features and rapid deployment capabilities. As a result, it’s not only an excellent fit for small- and medium-sized businesses but also for residential environments and prosumers that have high demands on networking equipment and Wi-Fi coverage.

Where does that leave me? Well, I already own a ton of Ubiquiti devices, and my investment goes beyond networking infrastructure. So I’ll stick with what I have, but for a new deployment, I’d seriously consider Zyxel’s Nebula platform and so should you.

What networking equipment do you use at your business or home? And what do you like/dislike about it? Let me know by leaving a comment below!

Join the conversation!

Your email address will not be published. Required fields are marked *