PANEL_manGmsView

Enable GMS Management

You can configure the SonicWALL security appliance to be managed by SonicWALL Global Management System (SonicWALL GMS). To configure the SonicWALL security appliance for GMS management:

1. Select the Enable Management using GMS checkbox in the Advanced options, then click Configure. The Configure GMS Settings window is displayed.

2. Enter the host name or IP address of the GMS Console in the GMS Host Name or IP Address field.

3. Enter the port in the GMS Syslog Server Port field. The default value is 514.

4. Select Send Heartbeat Status Messages Only to send only heartbeat status instead of log messages.

5. Select GMS behind NAT Device if the GMS Console is placed behind a device using NAT on the network. Type the IP address of the NAT device in the NAT Device IP Address field.

6. Select one of the following GMS modes from the Management Mode menu.

• IPSEC Management Tunnel - Selecting this option allows the SonicWALL security appliance to be managed over an IPsec VPN tunnel to the GMS management console. The default IPsec VPN settings are displayed. Select GMS behind NAT Device if applicable to the GMS installation, and enter the IP address in the NAT Device IP Address field. The default VPN policy settings are displayed at the bottom of the Configure GMS Settings window.

• Existing Tunnel - If this option is selected, the GMS server and the SonicWALL security appliance already have an existing VPN tunnel over the connection. Enter the GMS host name or IP address in the GMS Host Name or IP Address field. Enter the port number in the Syslog Server Port field.

• HTTPS - If this option is selected, HTTPS management is allowed from two IP addresses: the GMS Primary Agent and the Standby Agent IP address. The SonicWALL security appliance also sends encrypted syslog packets and SNMP traps using 3DES and the SonicWALL security appliance administrator’s password. The following configuration settings for HTTPS management mode are displayed:

• Send Syslog Messages to a Distributed GMS Reporting Server - Sends regular heartbeat messages to both the GMS Primary and Standby Agent IP address. The regular heartbeat messages are sent to the specified GMS reporting server and the reporting server port.

• GMS Reporting Server IP Address - Enter the IP address of the GMS Reporting Server, if the server is separate from the GMS management server.

• GMS Reporting Server Port - Enter the port for the GMS Reporting Server. The default value is 514.

7. Click OK.

Download URL

The Download URL section provides fields for specifying the URL address of a site for downloading the SonicWALL GVC application and SonicPoint images.

• Manually specify GVC Download URL - The SonicWALL Global VPN Client (GVC) allow users to connect securely to your network using the GroupVPN Policy on the port they are connecting to. GVC is required for a user to connect to the GroupVPN Policy. Depending on how you have set up your VPN policies, if a user does not have the latest GVC software installed, the user will be directed to a URL to download the latest GVC software.

The default URL http://help.mysonicwall.com/applications/vpnclient displays the SonicWALL Global VPN Client download site. You can point to any URL where you provide the SonicWALL Global VPN Client application.

• Manually specify SonicPoint-N image URL - SonicOS Enhanced 5.0 and higher does not contain an image of the SonicPoint firmware. If your SonicWALL appliance has Internet connectivity, it will automatically download the correct version of the SonicPoint image from the SonicWALL server when you connect a SonicPoint device. If your SonicWALL appliance does not have Internet access, or has access only through a proxy server, you must manually specify a URL for the SonicPoint firmware. You do not need to include the http:// prefix, but you do need to include the filename at the end of the URL. The filename should have a .bin extension. Here are examples using an IP address and a domain name:
  192.168.168.10/imagepath/sonicpoint.bin
  software.sonicwall.com/applications/sonicpoint/sonicpoint.bin

For more information see the Updating SonicPoint Firmware.

Caution        It is imperative that you download the corresponding SonicPoint image for the SonicOS firmware version that is running on your SonicWALL. The mysonicwall.com Web site provides information about the corresponding versions. When upgrading your SonicOS firmware, be sure to upgrade to the correct SonicPoint image.

SonicPoint Download URL (TZ 170 Series and PRO 1260)

The TZ 170 series and PRO 1260 security appliances do not contain the SonicOS firmware embedded locally on the security appliance’s memory. Therefore, if you are managing SonicPoints from a TZ 170 or PRO 1260 running SonicOS 3.1 or newer, the security appliance will download the SonicPoint image at startup for distribution to connected SonicPoint devices. The image is downloaded from software.sonicwall.com or from the URL you specify in the SonicPoint Download URL field.

The downloaded SonicPoint firmware image is signed with SonicWALL’s certificate to ensure integrity.

The default location is software.sonicwall.com/applications/sonicpoint/

If the TZ 170 or PRO 1260 running SonicOS enhanced 3.5 and requiring SonicPoint support does not have Internet access, you can download the SonicPoint image from mysonicwall.com and host it on a local web-server. In this case, enter the URL for the local server in the SonicPoint Download URL field. The specified path must always end in a ‘/’ (trailing slash). The filename should not be specified.

Selecting UI Language

If your firmware contains other languages besides English, they can be selected in the Language Selection pulldown menu.

Note         Changing the language of the SonicOS UI requires that the SonicWALL security appliance be rebooted.