Introduction : Overview of GMS
Key Features in GMS 8.0
This section describes the SonicOS enhancements included in the GMS 8.0 release:
Change Order Management and Workflow — GMS 8.0 introduces a workflow automation feature that assures the correctness and the compliance of policy changes by enforcing a process for configuring, comparing, validating, reviewing and approving policies prior to deployment. The approval groups are user-configurable for adherence to company security policy. All policy changes are logged in an auditable form that ensures the firewall complies with regulatory requirements. This feature provides the ability to “Infer” what would end up on the unit as part of a task and then “Validate” that configuration based on what is presently on the unit and what is then going to be pushed to the unit. The changes can then be optionally approved by a set of users before they get deployed, through the WorkFlow mechanism. All granular details of any changes made are historically preserved to help with compliance, audit trailing, and troubleshooting.
Features no longer supported — The following features have been dropped from support:
CDP
UMA
Windows 32-bit
Firewalls with firmware older than SonicOS 5.0
Gen4 or older Firewalls
Java Applet Replacement The TreeControl application (that displays all managed appliances) and the User Management application (Console > Management > Users) have now been replaced with non-Java versions. All Java applets in the front-end have been removed, except for NetMonitor and the “Login to Unit” feature from TreeControl.
SonicOS Support — New features in SonicOS 6.2 are supported.
Support for Brazilian/Portuguese — The Login screen now includes version information and indicates Brazilian Portuguese support.
Access Rules — The Access Rules screen now allows users to update Address Objects, Address Groups, Service Objects, and Service Groups all from the same Access Rules screen instead of jumping to separate screens to carry out these operations.
Reporting
Report Database Rebuild Utility — The Reporting Database Rebuild Utility allows you to submit a request to rebuild any specific month's report table if it were to become corrupt.
Report Data Optimization — In previous versions, report data optimization exported sorted report data into a file and reloaded that data back to the report database. In GMS 8.0, instead of using a file to upload the data, a temporary table is created that exports and reimports that data, leading to better performance.
Botnet Reports Botnet reporting is added to the Reports panel and includes four report types: Attempts, Targets, Initiators, and Timeline.
Geo IP Reports Geo IP reports contain information on blocked traffic that is based on the traffic's country of origin or destination. Geo IP Reporting is added to the Reports panel and includes four report types: Attempts, Targets, Initiators, and Timeline.
MAC Address in Reporting This feature shows the Media Access Control (MAC) address on the report page. This adds detail to the current device-specific information in the report panel and the PDF report. New columns “Initiator MAC” and “Responder MAC” are added to the following reports:
Data Usage > Initiators
Data Usage > Responders
Data Usage > Details
User Activity > Details
Web Activity > Initiators
Enhanced Reporting Database The Reporting Database has been upgraded to a newer version that offers better performance and higher reliability.
Distributed Universal Scheduled Report PDF report generation is now distributed and uses an engine that can make better use of your CPU and RAM resources, resulting in faster delivery of scheduled reports with larger volumes and more rows of data.
CSV File Import for IPS Signatures — You can import configurations of your IPS signatures (such as Block vs Logged, and so on) from a spreadsheet in CSV format.
Enhanced USR Template Manager — In addition to the PCI Report template, HIPAA and SOX templates are added to Universal Scheduled Reports as an aid for compliance audits.
Signature Details — You can view the details of any signature matched with the new “Show Signature details” or “Show Spyware Signature details” right-click options.
Update at Unit-And-One-Level-Up Permission — The “Update At Unit and One Level Up” option is an addition to the existing screen permissions for users and user types, which now include:
None
View Only
Update at Unit Level Only
Update at Unit and One Level Up
Update at All Levels
The new permission is especially useful in the management of firewalls that are distributed geographically and where each location uses high availability (HA) or a handful of firewalls with similar policies and configurations, and where technicians are allocated to those geographic locations to make such changes.
In these deployments, technicians are given permission to make changes to the firewall at the Unit and Group levels, as long as that Group level is just one level higher than the firewall level, as it would be on an immediate parent node on a firewall or unit node. Technicians for these deployments do not normally have full permissions at the higher level nodes, however, they can have full permissions at the unit and the unit's parent node levels.
USR-Customizing Sorting Option in PDF — Provides additional sorting options for Scheduled PDF reports.
Improved Inheritance Filters — In earlier versions of GMS, when a Screen was selected for inheritance, GMS automatically selected dependent screens so that a comprehensive list of interdependent screens was included in the filter. For instance, selecting an Access Rule screen for inheritance would automatically select dependent screens such as Zones, Address Objects, Service Objects, and so on. This was not only confusing, but it also led to undesirable end results. To inherit a few rules, GMS inherited all Zones, Address Objects, and Service Objects even when they did not need to be inherited. In GMS 8.0, the filters have been enhanced to address these limitations: selecting a filter does not additionally select the dependent screens, which minimizes confusion. Instead, GMS automatically determines which objects are needed to be inherited, and inherits only those dependent objects instead of all the objects from dependent screens. If you are upgrading from a version prior to GMS 8.0, your old filters will remain intact to take advantage of this more intuitive approach in GMS 8.0, you will need to re-create your filters.
Log Analyzer — The Firewall > Reports > Analyzers > Log Analyzer page has been updated with an out-of-the-box default view.
TLS Support in Emails — Provides support for Microsoft Office 365 and Gmail.
Packet Data View for Signature Alerts
The disabling of default Syslog filters is allowed by Superadmin
Comments Possible for Syslog Filters
Number of Syslog messages per file configurable through UI
Support for Firewall's Native Backup/restore Functionality — In GMS 8.0, you can now perform a System Backup of the firmware image on a firewall, if the firewall supports this functionality. Using GMS 8.0, you can also boot such firewalls using their System Backup image. This functionality is provided in GMS 8.0 in the Policies Panel > Register/Upgrades > Firmware Upgrade screen, in the “System Backup” section.
All Windows Modules of GMS 8.0 are now 64-bit — Provides better usage of system resources and better performance.
High-level User Interface Changes
Secure Remote Access (SRA) has been renamed to Secure Mobile Access (SMA).
The CDP tab is removed
SRA and ES tabs are no longer shown by default, but can be activated on Console > Management > Settings.
Discontinued View Attributes — The following Attributes can no longer be used to create your Views - these have been discontinued because these were associated with older firewalls or discontinued features:
Enable Anti-Virus Client Automated Enforcement
Network Type
PKI Status
VPN Present
Instance Name
New Diagnostics > Cluster Status screen
Screen Groups and Screens Removed
WGS Screen Group
WGS > Settings
WGS > URL Allow List
WGS > IP Deny List
WGS > Custom Log
WGS > External Authentication
WGS > Profiles
Application Filters Screen Group
Application Filters > Settings
Application Filters > Category Sets
Application Filters > Ports
Network > Settings
Network > Switch Ports
System > Licensed Nodes
Log > Log Settings
Content Filter > CFL Filter List
Content Filter > CFS Standard
Firewall > Services
Firewall > Rules
Users > ULA Settings
Network > Intranet
Network > Routing
Network > RIP
Network > DMZ Addresses
Network > One-to-One NAT
Network > Ethernet
DHCP > Setup
VPN > Configure
VPN > ULA Settings
Web Filters > Settings
Web Filters > Policies
Web Filters > Custom Categories
Web Filters > Miscellaneous
Web Filters > Custom Block Page
Policies > Policy List
Users > HTTP URL ULA
Security Services > Email Filter
Hardware Failover > Monitoring
Screens renamed
Log > “Enhanced Log Settings” renamed to “Log Settings”
Log > “Enhanced Log Categories” renamed to “Log Categories”
Content Filter > “Websense” renamed to “Websense Enterprise”
Network > “Routing (ENH)” renamed to “Routing”
Network > “RIP (ENH)” renamed to “RIP”
Screen group “Hardware Failover” renamed to “High Availability”
VPN > “Configure 2.0" renamed to “Configure”
Changes to sections within screens
The “Add User” section of the Users > Settings screen has been removed from GMS.
In the Firewall > Policies > Content Filter > Custom List screen, the Timing (Filter List/URL Keywords/Custom Sites) section has been removed from the screen.
In the Firewall > Policies > Wireless > IDS screen, the SonicOS Standard references (visible at group/global levels) has been removed.
In the Console > Tasks > Default Tasks screen, the task titled “Setup minimal Syslog Categories for reporting Gen 3 Units” has been removed and the remaining tasks for Gen 3 have been renamed and have no reference to Gen 3, such as “Setup minimal Syslog Categories for reporting.”
Console Management screen ordering changes
Firewall Access Rules screen renamed to HTML5
Packet Viewer Functionality in Log Viewer