Intro_to_GMS
SonicWALL GMS can be used in a variety of roles in a wide range of networks. Network administrators can use SonicWALL GMS as a Management Console role in an Enterprise network containing a single SonicWALL E-Class NSA or SuperMassive appliance and also as a Remote Management System role for managing multiple unit deployments for Enterprise and Service Provider networks consisting of hundreds and thousands of firewalls, Email Security appliances, CDP appliances and Secure Remote Access appliances.
This section includes the following subsections:
• Overview of GMS
• Deployment Requirements
• Login to SonicWALL GMS
• Navigating the SonicWALL GMS User Interface
• Understanding Dell SonicWALL GMS Icons
• Using the SonicWALL GMS TreeControl Menu
• Configuring SonicWALL GMS View Options
• Getting Help
Overview of GMS
This section contains the following subsections:
• What Is GMS?
• New Features in GMS 7.1
• Key Features in GMS 7.0
• Scaling Dell SonicWALL GMS Deployments
What Is GMS?
The Dell SonicWALL GMS is a Web-based application that can configure and manage thousands of SonicWALL firewall appliances and NetMonitor non-SonicWALL appliances from a central location.
Dell SonicWALL GMS can be used as a Management Console in an Enterprise network containing a single SonicWALL E-Class NSA or SuperMassive. SonicWALL GMS can also be used as a Remote Management System for managing multiple unit deployments for Enterprise and Service Provider networks consisting of hundreds and thousands of firewalls, Email Security appliances, CDP appliances and Secure Remote Access appliances. This dramatically lowers the cost of managing a secure distributed network. Dell SonicWALL GMS does this by enabling administrators to monitor the status of and apply configurations to all managed SonicWALL appliances, groups of SonicWALL appliances, or individual SonicWALL appliances. SonicWALL GMS also provides centralized management of scheduling and pushing firmware updates to multiple appliances and to apply configuration backups of appliances at regular intervals.
Dell SonicWALL GMS provides monitoring features that enable you to view the current status of SonicWALL appliances and non-SonicWALL appliances, pending tasks, and log messages. It also provides graphical reporting of Firewall, SRA, and CDP appliance and network activities for the SonicWALL appliances. A wide range of informative real-time and historical reports can be generated to provide insight into usage trends and security events.
Note SonicWALL Email Security reporting is not supported in SonicWALL GMS 7.1.
Network administrators can also configure multiple site VPNs for SonicWALL appliances. From the Dell SonicWALL GMS user interface (UI), you can add VPN licenses to SonicWALL appliances, configure VPN settings, and enable or disable remote-client access for each network.
New Features in GMS 7.1
The following are the key features introduced in GMS 7.1:
Multiple Agents behind a Single Gateway— This feature allows the user to add multiple agents behind the same gateway. In previous versions of GMS, only one Agent was permitted behind a gateway and additional devices were required for every distributed server added behind a gateway. The agent can be configured with settings allowing GMS to identify the gateway as either a NAT Device or a fully functioning GMS Gateway. This feature is supported only for Agents setup for SSL Management of managed appliances.
Default Tasks— The Defaults Tasks feature allows the Super Administrator to configure the tasks that get pushed to the appliances when they first get acquired by the GMS. This feature also allows users to push these tasks at a later time, not just when an appliance gets acquired by the GMS.
Enhanced Live Monitoring— The Live Monitor page in the GMS management interface has an enhanced look and feel.
Enhanced Filter Bar— The Filter bar in the Reports panel now allow you to specify multiple values per attribute for filtering instead of a single value per attribute. For instance, this feature allows you to filter on two websites, say “www.cnn.com” and “www.dell.com”, instead of only one, as in GMS 7.0. This feature also allows you to create reports on a subnet range of IP addresses.
Log Analyzer Enhancements— More columns are added in Log Analyzer and the user can customize which columns are shown or hidden. GMS 7.1 also uses the screen space more effectively to show the maximum amount of data in the Log Analyzer screen.
Reports Privacy— The Reports Privacy feature allows a GMS user to configure the GMS system to mask all IPs, user names and host names in Reports, and requires a double-authentication mechanism to unmask such identities.
64-Bit Virtual Appliance— The GMS Virtual Appliance is now available in 64-bit versions.
Note When upgrading from GMS 7.0 (32-bit) to 7.1 (64-bit), refer to the GMS 7.1 Release Notes for the upgrading procedure.
Key Features in GMS 7.0
This section provides a list of new features in Dell SonicWALL GMS:
• Scalability and Data Accessibility Enhancements—The following enhancements are included in this release:
– Drill down capabilities via direct access to the raw syslog data
– Less disk space required due to higher compression rates
– Near real-time reporting as syslogs are added to the database as they come in
• Visualization, Usability and Workflow Enhancements: Application Visualization and Intelligence—Application visualization and intelligence reporting allows administrators to see historic and real-time reports of what applications are being used by what users. Reports are completely customizable using intuitive filtering and drill-down capabilities.
Compared to the SonicOS 5.8 Visualization and Application Control features, SonicWALL GMS provides the following additional reporting features:
– More historic data than on firewall—Reporting on the firewall is done in-memory since most firewalls do not have a hard drive. SonicWALL GMS can store months of data versus minutes or hours of data on the firewall.
– Aggregation of data across multiple devices—SonicWALL GMS allow administrators to view application usage across multiple SonicWALL firewalls – not just one firewall.
– Easy access to different devices—SonicWALL GMS allow administrators to switch a report from one device to another with the click of a mouse.
• Universal Dashboard—The Universal Dashboard serves as the first place an administrator visits in SonicWALL GMS to find the information he needs. The Universal Dashboard uses several subordinate tabs. SonicWALL GMS 7.0 provides several pre-configured standard tabs but the administrator also has the ability to create their own subordinate tabs (subtabs). The primary subtab is one that includes a geographic map that auto-sizes to the region in which all SonicWALL devices are deployed. The status of each device, such as. whether the device is up or down, is shown by using different icons on the map. The remainder of the page includes widgets pulling data from across the SonicWALL GMS application including logging and monitoring data. The data shown in each widget depends on the selection made in the geographic map. Using a search bar administrators can make complex appliance selections. All widgets are animated, interactive, and intuitive.
SonicWALL GMS 6.0 SP2 includes several navigation tools, to visually show what roles have been assigned to what agents (SonicWALL GMS servers), and VPN monitoring tools to show what devices are connected via VPN connections and which VPN tunnels are active. In SonicWALL GMS 7.0 these navigation tools and VPN monitoring tools are removed and replaced with similar tools available on the universal dashboard.
• Universal Scheduled Reports—In SonicWALL GMS 6.0 SP2 reports can be scheduled to be created and mailed to an email address but there’s not one place to do this centrally. SonicWALL GMS 7.0 has one place to schedule reports to be created and mailed out across multiple appliances of various types. This approach takes much less time and is much more intuitive.
Scheduled reports can be saved as templates for future use. Several standard universal scheduled report templates are included with SonicWALL GMS. Bundled universal scheduled report templates include one to help with a compliance initiative for the Payment Card Industry Data Security Standard (PCI DSS) and one to quickly visualize and report on application usage on the network for a new firewall deployment.
• NetMonitor Templates—NetMonitor is a key component of SonicWALL GMS 6.0 SP2. NetMonitor is a very powerful feature to monitor SNMP enabled devices. However, network administrators have to fully understand the SNMP protocol to configure SonicWALL GMS to monitor a device. SonicWALL GMS 7.0 adds pre-configured canned templates for SonicWALL devices to more quickly setup devices for SNMP monitoring.
• Next Generation Syslog Based Reporting—SonicWALL GMS next generation reporting provides the following new enhancements:
– Flexible and Granular Reporting—More optimized access to the underlying data also facilitates quick drill down capabilities and near real-time monitoring of data as it comes in.
– State of the Art User Interface—SonicWALL GMS 7.0 has a Flex-based Graphical User Interface (GUI). A novel and intuitive interface layout with multiple filtering options forms the front-end of a rich and interactive web-based application for data analysis.
– Reports Consolidation—Simplicity is the ultimate sophistication. The inclusion of a smart set of filters opens the door to a superior user experience. Administrators actually need a smaller set of reports to start from than before. Starting with one of the base reports, any custom report can be quickly generated by making the appropriate selections and saving the new custom report as a template for future use.
– User Centric Reporting—SonicWALL GMS now reports on all activity of a user. SonicWALL GMS 7.0 reports on user activity as logged by a single SonicWALL device. Upcoming release versions may include user centric reporting across multiple devices of different types.
– Per User Bandwidth Reporting—In SonicWALL GMS 6.0 SP2 bandwidth reporting was only given for an appliance. SonicWALL GMS 7.0 introduces more granular bandwidth reporting down to the user and application level.
– More Granular Services Reporting—In SonicWALL GMS 6.0 SP2 the current services report only lists well known services such as HTTP and FTP. In SonicWALL GMS 7.0 this list of services is greatly expanded to not so well known services and custom services.
– Client VPN Activity Reporting—A report detailing IPSec and SRA remote user sessions by user.
– Narrative Descriptions of Reports—Detailed descriptions for each available report.
– Bandwidth and Services Report per Interface—Detailed reports filtered by interfaces.
– More Detailed Summary of Services over VPN Report—Detailed report of services over VPN connections.
• Rogue Wireless Access Point Reporting—SonicWALL GMS 7.0 includes a new rogue wireless access point report. This is especially important to customers subject to the Payment Card Industry (PCI) Data Security Standard (DSS) programs operated by the major payment brands.
As part of a PCI compliance initiative, if a customer is using wireless they must be able to meet the following requirement. PCI Requirement 11.1: Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use. The Test Procedure to satisfy this Requirement is as follows:
– Verify that a wireless analyzer is used at least quarterly, or that a wireless IDS/IPS is implemented and configured to identify all wireless devices.
– If a wireless IDS/IPS is implemented, verify the configuration to generate alerts to personnel. Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use.
– Verify the organization’s Incident Response Plan (Requirement 12.9) includes a response in the event unauthorized wireless devices are detected.
– Using SonicWALL GMS 6.0 SP2 a customer can schedule a scan on an individual firewall. However it is not possible to set a scheduled task for a group of firewalls. SonicWALL GMS 7.0 adds the following functionality:
: •: Schedule and perform a wireless IDS (WIDS) scan from SonicWALL GMS at the unit/group levels.
: •: Ability to identify rogue behavior from ad-hoc or peer-to-peer networking between hosts (such as, turning a laptop into a Wireless Access Point) and accidental associations for users connecting to neighboring rogue networks.
This has been provided, using a combination of user driven on-demand reports and the new scheduled reports for rogue wireless access points in SonicWALL GMS 7.0.
– Schedule summarized reports from SonicWALL GMS at the unit/group level to be emailed out on a periodic (daily/weekly/monthly) basis.
: •: Reports are available in XML and PDF formats.
: •: On screen and scheduled reports including the following data: MAC Address (BBSID), SSID, Channel (such as, 1-11 for NA), Manufacturer, Signal Strength (helpful in locating the rogue AP).
: •: The time and date of the scan is also given, which gives an indication of the duration of the access points since discovery.
• Localization—All end-user facing reporting screens and some of the administrator management screens of SonicWALL GMS 7.0 are localized in Japanese, simplified Chinese and traditional Chinese. More specifically the following screens are localized:
– Reports tab screens
– Universal Dashboard
– Universal Scheduled Reports (including pdf reports)
– NetMonitor
– Console Panel
– Windows Installer
Note The Firewall/SRA/CDP/ES policy panels in SonicWALL GMS 7.1 are not localized.
• SonicOS Support—SonicWALL GMS 7.0 includes SonicOS support up to version 5.8.0 including IPS/ Gateway Anti-virus signature inheritance.
• SRA SMB Support—SonicWALL GMS 7.0 expands support for SonicWALL SRA SMB devices with the following functionality.
– Backup of preference files
– Web Application Firewall (WAF) reporting
Scaling Dell SonicWALL GMS Deployments
Dell SonicWALL GMS is designed to be highly scalable to support service providers and enterprise customers with large numbers of SonicWALL appliances.
Dell SonicWALL GMS offers a distributed management architecture, consisting of multiple servers, multiple consoles and several agents. Each agent server can manage a number of SonicWALL appliances. Additional capacity can be added to the management system by adding new agent servers. This distributed architecture also provides redundancy and load balancing, assuring reliable connections to the SonicWALL appliances under management.
In the distributed architecture, the console server provides the user a single interface to the management system. Each agent server can manage a number of SonicWALL appliances, depending on the SonicWALL GMS gateway that resides between the agent server and the SonicWALL appliances and the amount of syslog traffic from the remotely managed appliances.
• The SonicWALL GMS gateway that resides between a Dell SonicWALL GMS agent server and the SonicWALL appliances provides secure communications.
• Each SonicWALL appliance can have a primary agent server and a standby server. Each agent server can be a primary server for certain SonicWALL appliances and a standby server for other SonicWALL appliances.
• Configuration of and changes to the Dell SonicWALL GMS and the SonicWALL appliances are written to the database.
• The users at the Admin Workstations can access the Dell SonicWALL GMS console through a Web browser (HTTP) from any location. The Dell SonicWALL GMS console can also be securely accessed using SSL.
• The SonicWALL GMS console server can also be an agent server.
Deployment Requirements
Before installing Dell SonicWALL GMS, review the following deployment requirements. SonicWALL GMS can be hosted in three deployment scenarios as follows:
• Microsoft Windows software
• SonicWALL UMA appliance
• VMware ESX/ESXi virtual appliance
This section includes the following subsections:
• Operating System Requirements
• Database Requirements
• Java Requirements
• Browser Requirements
• SonicWALL Appliance and Firmware Support
• SonicWALL GMS Gateway Requirements
• Network Requirements
• SonicWALL GMS Internet Access through a Proxy Server
Note For information on capacity planning and performance tuning, refer to the About Capacity Planning.
Operating System Requirements
Microsoft Windows
The SonicWALL GMS supports the following Microsoft Windows operating systems:
• Windows Server 2003 32-bit and 64-bit (SP2)
• Windows Server 2008 SBS R2 64-bit
• Windows Server 2008 R2 Standard 64-bit
• Windows Server 2008 SP2 64-bit
• Windows Server 2012 Standard 64-bit
Note In all instances, SonicWALL GMS is running as a 32-bit application. Bundled databases run in 64-bit mode on 64-bit Windows operating systems. All listed operating systems are supported in both virtualized and non-virtualized (VMware ESXi 4.1) environments.
Hardware for Windows Server
• x86 Environment: minimum 3 GHz processor dual-core CPU Intel processor
• 4GB RAM minimum
• 300 GB disk space
A Windows 64-bit operating system with a RAM of 8-GB is highly recommended for better performance of reporting modules. Please read the Capacity Planning and Performance Tuning appendix.
SonicWALL GMS Virtual Appliance
The elements of basic VMware structure must be implemented prior to deploying the Dell SonicWALL GMS Virtual Appliance. Dell SonicWALL GMS Virtual Appliance runs on the following VMware platforms:
• ESXi 4.1
• ESXi 5.0
• ESXi 5.1
• ESXi 4.0 Update 1 (Build 208167 and newer)
• ESX 4.1
• ESX 4.0 Update 1 (Build 208167 and newer)
Use the following client applications to import the image and configure the virtual settings:
• VMware vSphere – Provides infrastructure and application services in a graphical user interface for ESX/ESXi, included with ESX/ESXi. Allows you to specify Thin or Thick (Flat) provisioning when deploying Dell SonicWALL GMS Virtual Appliance.
• VMware vCenter Server – Centrally manages multiple VMware ESX/ESXi environments. Provides Thick provisioning when deploying Dell SonicWALL GMS Virtual Appliance.
Deployment Considerations:
• All modules of the application run in 64-bit mode.
• SonicWALL GMS management is not supported on Apple MacOS.
• Microsoft HyperVisor is not a supported virtual environment.
The following hardware resources are required for the Dell SonicWALL GMS Virtual Appliance:
• RAM – at least 4 GB
Starting with GMS 7.1 the Virtual Appliances are 64-bit, which take advantage of additional RAM available to it. A minimum of 4 GB RAM is required. However, 8 GB of RAM is highly recommended for better performance of reporting modules. Please read the Capacity Planning and Performance Tuning appendix in the GMS 7.1 Admin Guide.
• CPU – 2
This is the default number of CPUs provisioned in the Dell SonicWALL GMS Virtual Appliance. The minimum required number of CPUs is 1, and the maximum that the Dell SonicWALL GMS Virtual Appliance can use is 4.
• Hard disk space:
– For the 40 GB image – Up to 40 GB on any datastore
Note The 40 GB GMS Virtual Appliance should be installed in non-production environments only. Examples of non-production environments include those for Proof of Concept (POC), pilot, and demo deployments. Only the 250 GB and 950 GB virtual appliances are supported in production environments.
– For the 250 GB image – Up to 250 GB on any datastore
– For the 950 GB image – Up to 950 GB on a datastore with either a 4 MB or 8 MB block size
When using Thick, or Flat, provisioning as the storage type option, the entire amount of disk space is allocated when you import and deploy the Dell SonicWALL GMS Virtual Appliance file. When using Thin provisioning, the initial size is very small and will grow dynamically as more disk space is needed by the Dell SonicWALL GMS application, until the maximum size is reached. Once allocated, the size will not shrink if the application space requirements are subsequently reduced.
Additional disk space provided to Dell SonicWALL GMS Virtual Appliance in the virtual environment, beyond the respective limits of 250 GB or 950 GB, will not be utilized.
ESX/ESXi can be configured with datastores of varying block sizes. The 4 or 8 MB requirement for the 950 GB deployment is because the block size determines the largest virtual disk that can be deployed, as shown in the table:
|
Block Size of Datastore
|
Largest Virtual Disk
|
|
1 MB
|
256 GB
|
|
2 MB
|
512 GB
|
|
4 MB
|
1 TB
|
|
8 MB
|
2 TB
|
|
Database Requirements
The SonicWALL GMS release supports the following databases:
• Microsoft SQL Server 2005 SP2 64-bit
• Microsoft SQL Server 2008 R2 64-bit
Regarding MS SQL Server 2005, SonicWALL GMS supports:
• SQL Server 2005 Workgroup
• SQL Server 2005 Standard
• SQL Server 2005 Enterprise
SonicWALL GMS does not support MS SQL Server 2005 Express.
MySQL Requirements
SonicWALL GMS automatically installs MySQL as part of the base installation package. Separately installed instances of MySQL is not supported with SonicWALL GMS 7.1. Separately installed instances of MySQL is supported with SonicWALL GMS 6.0 only.
Java Requirements
Download and install the latest version of the Java 7 plug-in on any system that accesses the GMS 7.1 UI. This can be downloaded from:
• http://www.java.com/
• http://www.oracle.com/technetwork/java/javase/downloads/index.html
Browser Requirements
• Microsoft Internet Explorer 8.0 or higher
Note Internet Explorer version 10.0 in Metro interfaces of Windows 8 is currently not supported.
• Mozilla Firefox 16.0 or higher
• Google Chrome 18.0 or higher
SonicWALL Appliance and Firmware Support
SonicWALL GMS 7.1 supports SonicWALL firewall App Control policy management and reporting. For SonicOS firewall App Control policy management support, use a SonicWALL firewall running SonicOS 5.8.1.4 or newer. And for SonicOS firewall App Control reporting support, use a SonicWALL firewall running SonicOS 5.8.1.0 or newer.
Legacy SonicWALL XPRS/XPRS2, SonicWALL SOHO2, SonicWALL Tele2, and SonicWALL Pro/Pro-VX models are not supported for SonicWALL GMS management. Appliances running SonicWALL legacy firmware including SonicOS Standard 1.x and SonicWALL legacy firmware 6.x.x.x are not supported for SonicWALL GMS management.
GMS supports the following appliances and firmware versions:
|
SonicWALL Platforms
|
SonicWALL Firmware Version
|
|
Firewall / Network Security
|
|
Gen-6 series appliances
|
SonicOS 6.1 or newer
|
|
SuperMassive series
|
SonicOS 6.0 or newer
Note: Only partial policy management and reporting support is currently available. The following SuperMassive specific features are not supported for centralized policy management in GMS 7.1:
Multi-blade CASS
High Availability/Clustering
Support for Management Interface
Flow Reporting Configurations
Multi-blade VPN
Advanced Switching
Restart: SonicOS versus Chassis
Contact your SonicWALL Sales representative for more information.
|
|
NSA series
|
SonicOS 5.0 or newer
|
|
TZ series
|
SonicOS Enhanced 3.2 or newer
SonicOS Standard 3.2 or newer
|
|
PRO series
|
SonicOS Enhanced 3.2 or newer
|
|
CSM series
|
SonicOS CF 2.0 or newer
|
|
Secure Remote Access
|
|
: : SonicWALL SMB SRA series
|
SonicOS SSL-VPN 2.0 or newer (management)
SonicOS SSL-VPN 2.1 or newer (reporting)
|
|
SonicWALL Aventail EX-series
|
SonicWALL Aventail 9.0 or newer
|
|
Backup and Recovery
|
|
SonicWALL CDP series
|
SonicWALL CDP 2.3 or newer (management)
SonicWALL CDP 5.1 or newer (reporting)
|
|
Email Security / Anti-Spam
|
|
|
SonicWALL Email Security series
|
SonicWALL Email Security 7.2 or newer (management only)
|
|
Non-SonicWALL Appliance Support
SonicWALL GMS provides monitoring support for non-SonicWALL TCP/IP and SNMP-enabled devices and applications.
SonicWALL GMS Gateway Requirements
A SonicWALL GMS gateway is a SonicWALL firewall appliance that allows for secure communication between the SonicWALL GMS server and the managed appliance(s) using VPN tunnels.
The SonicWALL GMS gateway must meet one of the following requirements:
• SonicWALL NSA Series network security appliance with minimum firmware version SonicOS 5.0
• SonicWALL PRO Series network security appliance with minimum firmware version SonicOS Enhanced 3.2
• SonicWALL VPN-based network security appliance
Note The SonicWALL GMS gateway should be at minimum a SonicWALL NSA 2400 with minimum firmware SonicOS 5.0, or a SonicWALL PRO 2040 with minimum firmware SonicOS Enhanced 3.2.
There are three SonicWALL GMS management methods with different SonicWALL GMS gateway requirements. When using SSL as the management method, it is optional to have a SonicWALL GMS gateway between each SonicWALL GMS agent server and the managed SonicWALL appliance(s). If you select Existing VPN tunnel, a gateway is optional. If you select Management VPN tunnel, you must have a SonicWALL GMS gateway between the SonicWALL GMS agent server and the managed SonicWALL appliance(s) to allow each SonicWALL GMS agent server to securely communicate with its managed appliance(s). The following list provides more detail on SonicWALL GMS management methods and gateway requirements:
• Management VPN tunnel—A SonicWALL GMS gateway is required. Each SonicWALL GMS agent server must have a dedicated gateway. The security association (SA) for this type of VPN tunnel must be configured in the managed SonicWALL appliance(s). SonicWALL GMS automatically creates the SA in the SonicWALL GMS gateway. For this configuration, the SonicWALL GMS gateway must be a SonicWALL VPN-based appliance. The SonicWALL GMS gateway can be configured in NAT-Enabled or transparent mode.
The reason for a dedicated gateway with this method is due to the Scheduler's function. When a unit is added into SonicWALL GMS with 'Management VPN' as the method, the scheduler service logs into the gateway and creates the management tunnel. Also, the scheduler service periodically logs into its gateway and checks for management SAs. If there are SAs created for units that the agent does not manage, the SAs are deleted. If there are two agents sharing a gateway, they will be constantly deleting the other agent’s SAs.
• Existing VPN tunnel—A SonicWALL GMS gateway is optional. SonicWALL GMS can use VPN tunnels that already exist in the network to communicate with the managed appliance(s). For this configuration, the SonicWALL GMS gateway can be a SonicWALL VPN-based appliance or another VPN device that is interoperable with SonicWALL VPN.
• SSL—A SonicWALL GMS gateway is optional. SonicWALL GMS can use SSL management instead of a VPN tunnel to communicate with the managed appliance(s). However, the SonicWALL Aventail EX-Series SRA appliance allows SSL access only to its LAN port(s), and not to its WAN port(s). This means that when SonicWALL GMS is deployed outside of the Aventail LAN subnet(s), management traffic must be routed from SonicWALL GMS to a gateway that allows access into the LAN network, and from there be routed to the Aventail LAN port.
Network Requirements
To complete the SonicWALL GMS deployment process, the following network requirements must be met:
• The SonicWALL GMS server must have access to the Internet
• The SonicWALL GMS server must have a static IP address
• The SonicWALL GMS server’s network connection must be able to accommodate 1 KB/s for each device under management. For example, if SonicWALL GMS is monitoring 100 SonicWALL appliances, the connection must support at least 100 KB/s.
Note Depending on the configuration of SonicWALL log settings and the amount of traffic handled by each device, the network traffic can vary dramatically. The 1 KB/s for each device is a general recommendation. Your installation requirements may be different.
SonicWALL GMS Internet Access through a Proxy Server
If the SonicWALL GMS server cannot access the Internet directly and needs to go through a proxy server, the following proxy entries are required in the sgmsConfig.xml file of the SonicWALL GMS server:
<Parameter name="proxySet" value="1"/>
<Parameter name="proxyHost" value="10.0.30.62"/>
<Parameter name="proxyPort" value="3128"/>
<Parameter name="proxyUser" value="0A57CF01AB39ACF8863C8089321B9287"/>
<Parameter name="proxyPassword" value="EE80851182B4B962FC3E0EDF1F00275A"/>
The proxyUser and proxyPassword parameters are required only if the Proxy Server requires authentication, in which case these are TEAV encrypted. This configuration supports both HTTP and SSL Proxy, as long as the settings are identical for both.
To exempt certain hosts from the proxy configuration and allow them to be connected to directly, add the following tag to sgmsConfig.xml:
<Parameter name="nonProxyHosts" value="*something.com|www.foo*|192.168.0.*"/>
The exact values of all of these parameters should be changed to the appropriate values for your deployment. The asterisk symbol (*) is a wildcard that means any string. The pipe symbol (|) is a delimiter for the hosts in the list.
To do TEAV encryption of the string “test”, please go to the directory <gms-install>\bin in a DOS window. Type the following command:
..\jre\bin\java -cp . TEAV test
The following output displays:
input = [test]
Encrypted: 5F397A4552CC08F2A409A9297588F134
Decrypted: [test]
To edit the sgmsConfig.xml entries, perform the following steps:
1. Login to the UMH system management interface:
http://<sgms_ipaddress>:<portnumber>/appliance
2. Navigate to the following URL:
http://<sgms_ipaddress>:<portnumber>/appliance/techSupport.html
3. Edit the sgmsConfig.xml file using the Configuration File editor.
Login to SonicWALL GMS
After registering your SonicWALL GMS product, to login into the SonicWALL GMS management interface, either double-click on the SonicWALL GMS icon on your desktop, or from a remote system, access the following URL from a web browser:
http://<sgms_ipaddress>:<portnumber>
The Dell SonicWALL GMS login page appears by default in English. To change the language setting, click your language of choice at the bottom of the login page. The available language choices for SonicWALL GMS 7.1 include English, Japanese, Simplified Chinese, and Tradition Chinese.
4. Enter the SonicWALL user ID (default: admin) and password (default: password). Select ‘Local Domain’ as the domain (default).
5. Click Submit. The Dell SonicWALL GMS management interface displays.
Note For more information on installation, login procedures, and registration of your SonicWALL GMS installation, please refer to the appropriate Getting Started Guide, available at: <http://www.sonicwall.com/us/support.html>
Navigating the SonicWALL GMS User Interface
The following sections describe the four major panels of the SonicWALL GMS UI:
• Dashboard Panel
• Appliance Panels
• Monitor Panel
• Console Panel
Dashboard Panel
The Dashboard is a tab intended to work as a customizable dashboard where you are able to monitor the latest happenings with your SonicWALL GMS 7.1 deployment, your network, the IT and Security World, as well as the rest of the world.
Upon initial login, you see a default Dashboard tab. You are able to further customize this page by configuring and adding preferred components.
Appliance Panels
The appliance panels enable administrators to add, delete, configure and view various SonicWALL appliance types managed by SonicWALL GMS. These panels include:
• Firewall Panel—Provides centralized management and reporting on compatible firewall appliances.
• SRA Panel—Provides centralized management and reporting on SonicWALL SRA and Aventail appliances.
• CDP Panel—Provides centralized management and reporting SonicWALL Continuous Data Protection appliances.
• ES Panel—Provides centralized management of SonicWALL Email Security appliances.
Within the Firewall, SRA, and CDP panels are two sub-panels:
• Policies Panel
• Reports Panel
Policies Panel
The Policies Panel is used to configure SonicWALL appliances. From these pages, you can apply settings to all SonicWALL appliances being managed by Dell SonicWALL GMS, all SonicWALL appliances within a group, or individual SonicWALL appliances.
To open the Policies Panel, click the Firewall tab at the top of the SonicWALL GMS UI and then click the Policies tab. The SonicWALL appropriate appliance Policies Panel appears:
Reports Panel
The Reports Panel is an essential component of network security that is used to view and schedule reports about critical network events and activity, such as security threats, inappropriate Web use, and bandwidth levels.
To open the Reports Panel, click the Firewall, SRA, or CDP tab at the top of the SonicWALL GMS UI and then click the Reports tab.
In the Reports Panel, you can simultaneously expand multiple screen groups, allowing you to compare them. Use Control-click (Windows) to toggle the screen group to the expanded group, without collapsing previously-opened screen groups.
Monitor Panel
The Monitor Panel is the administrator’s central tool for monitoring the status of any managed TCP/IP and SNMP capable devices and applications. The SonicWALL GMS Monitor panel provides power and flexibility to help you manage availability of network devices, creating custom threshold-based realtime monitor alerts and emailing or archiving network status reports based on your specifications.
To access the Monitoring features, click the Monitor tab at the top of the Dell SonicWALL GMS UI.
Console Panel
The Console Panel is used to configure Dell SonicWALL GMS settings, view pending tasks, manage licenses, and configure system wide granular event management settings.
To open the Console Panel, click the Console tab at the top of the Dell SonicWALL GMS UI.
Understanding Dell SonicWALL GMS Icons
This section describes the meaning of icons that appear next to managed appliances listed in the left pane of the SonicWALL GMS management interface.
|
Status Icon
|
Description
|
|
|
One blue box indicates that the appliance is operating normally. The appliance is accessible from SonicWALL GMS, and no tasks are : pending or scheduled.
|
|
|
Two blue boxes indicate that appliances in a group are operating normally. All appliances in the group are accessible from : SonicWALL GMS and no tasks are pending or scheduled.
|
|
|
Three blue boxes indicate that all appliances in the global group of this type (Firewall/SRA/CDP) are operating normally. All appliances of this type are accessible from : SonicWALL GMS and no tasks are pending or scheduled.
|
|
|
One blue box with a lightning flash indicates that one or more tasks are pending or running on the appliance.
|
|
|
Two blue boxes with a lightning flash indicate that tasks are currently pending or running on one or more appliances within the group.
|
|
|
Two blue boxes with a clock indicate that tasks are currently scheduled to execute at a future time on one or more appliances within the group.
|
|
|
: One blue box with a clock indicates that one or more tasks are scheduled on the appliance.
|
|
|
One yellow box indicates that the appliance has been added to SonicWALL GMS management (provisioned), but not yet acquired.
|
|
|
Two yellow boxes indicate that one or more appliances in the group have been added to SonicWALL GMS management, but not acquired.
|
|
|
Three yellow boxes indicate that one or more of the global group of appliances of this type (Firewall/SRA/CDP) have been added to SonicWALL GMS management, but not acquired.
|
|
|
: One yellow box with a lightning flash indicates that one or more tasks are pending on the provisioned appliance.
|
|
|
Two yellow boxes with a lightning flash indicates that tasks are pending on one or more provisioned appliances within the group.
|
|
|
: One red box indicates that the appliance is no longer sending heartbeats to SonicWALL GMS.
|
|
|
Two red boxes indicate that one or more appliance in the group is no longer sending heartbeats to SonicWALL GMS.
|
|
|
Three red boxes indicate that one or more of the global group of appliances of this type (Firewall/SRA/CDP) is no longer sending heartbeats to SonicWALL GMS.
|
|
|
Two red boxes with a lightning flash indicate that one or more appliance in the group is no longer sending heartbeats to SonicWALL GMS and has one or more tasks pending.
|
|
|
One red box with a lightning flash indicates that the appliance is no longer sending heartbeats to SonicWALL GMS and has one or more tasks pending.
|
|
Using the SonicWALL GMS TreeControl Menu
This section describes the content of the TreeControl menu within the Dell SonicWALL GMS management interface. The TreeControl menu view and update permissions can be configured for multiple SonicWALL GMS user types. SonicWALL GMS provides granular “screen permissions” to enable or disable all TreeControl menu screens for the Policies, Reports, Monitor, and Console panels. For more information on configuring SonicWALL GMS user screen, unit, or action permissions, refer to the Configuring Action Permissions.
You can control the display of the TreeControl pane by selecting one of the appliance tabs at the top. For example, when you click the Firewall tab, the TreeControl pane displays all the managed firewall units. You can display any of the following appliance types when SonicWALL GMS is managing all of these device types:
• Firewall
• SRA
• CDP
• ES
You can hide the entire TreeControl pane by clicking the sideways arrow icon, and re-display the pane by clicking it again. This is helpful when viewing some reports or other extra-wide screens, especially on the Monitor or Console panel.
To open a TreeControl menu, right-click the View All icon, a Group icon, or a Unit icon.
The following options are available in the right-click menu:
• Find—Opens a Find dialog box that allows you to search for groups or units.
• Refresh—Refreshes the SonicWALL GMS UI display.
• Rename Unit—(unit node only) Renames the selected SonicWALL appliance.
• Add Unit—Add a new unit to the SonicWALL GMS management view. Requires unit IP and login information.
• Modify Unit—(unit node only) Change basic settings for the selected unit, including unit name, IP and Login information, serial number, management port and encryption/authentication keys.
• Delete—Delete the selected unit, with option to delete interconnected SAs or to delete from NetMonitor.
• Add to NetMonitor—Add an existing unit to NetMonitor.
• Import XML—Import an edited XML file to replace the current TreeControl navigation view.
• Login to Unit—(unit node only) Login to the selected unit using HTTP or SSL protocols.
• Modify Properties—Displays the properties for the selected SonicWALL appliance.
• Manage Views—Opens a dialog box where you can create, delete, or modify a view.
• Change View—Select pre-set or user created views. Views are created in the Manage View window (see above).
• Reassign Agents—Opens a dialog box where you can change the IP address of the primary and standby schedulers and the type of VPN tunnel (management versus site-to-site) used between Dell SonicWALL GMS and the managed SonicWALL appliances.
Configuring SonicWALL GMS View Options
The Dell SonicWALL GMS UI is a robust and powerful tool you can use to apply settings to all SonicWALL appliances being managed by Dell SonicWALL GMS, all appliances or devices within a group, or individual appliances or devices simply by selecting the Global, Group, or Unit node within the Dell SonicWALL GMS UI. The Dell SonicWALL GMS UI supports up to seven levels of hierarchal depths per view.
Note Views are only available in the Policies and Reports Panel. Changing views does not affect the Console or Monitor Panels.
This section describes each view and what to consider when making changes:
• Group Node
• Unit Node
• Creating SonicWALL GMS Fields and Dynamic Views
Group Node
From the Group node of the Policies panel, changes you make are applied to all SonicWALL appliances within the group. The Global node is the top view that contains all appliances.
To open the Group node, click a group icon in the left pane of the Dell SonicWALL GMS UI. The Group Status page appears. The Group Node Status page contains a list of statistics for all SonicWALL appliances within the group.
As you move through the Dell SonicWALL GMS UI with the Group node selected and make changes, those changes are broken down into configuration tasks and applied to each subgroup and each SonicWALL appliance within the group.
As Dell SonicWALL GMS processes the tasks, some SonicWALL appliances may be down or offline. When this occurs, Dell SonicWALL GMS spools the task and reattempts the update later.
Depending on the page that you are configuring, the SonicWALL appliance(s) may automatically restart. We recommend scheduling the tasks to run when network activity is low. To determine if a change requires restarting, refer to the configuration instructions for that task.
Making group changes through the Dell SonicWALL GMS UI enables you to save time by instituting changes that affect all SonicWALL appliances within the group through a single operation. Although this is very convenient, some changes can have unintended consequences. Be careful when making changes on a group or global level.
Unit Node
From the Unit node of the Policies panel, changes you make are only applied to the selected SonicWALL appliance. To open the Unit node, click a SonicWALL appliance in the left pane of the Dell SonicWALL GMS UI. The Status page for the SonicWALL appliance appears.
From the Unit node on the Reports Panel, you can generate real-time and historical reports for the selected SonicWALL appliance.
As you navigate the Dell SonicWALL GMS UI, you can generate graphical reports and view detailed log data for the selected SonicWALL appliance. For more information, refer to the Reports Panel.
As you navigate the Dell SonicWALL GMS UI with a single SonicWALL appliance selected and make changes, those changes are broken down into configuration tasks and sent to the selected SonicWALL appliance.
As Dell SonicWALL GMS processes the tasks, the SonicWALL appliance may be down or offline. When this occurs, Dell SonicWALL GMS spools the task and reattempts the update later.
Note Depending on the page that you are configuring, the SonicWALL appliance may automatically restart. We recommend scheduling the tasks to run when network activity is low. To determine if a change requires restarting, refer to the configuration instructions for that task.
Unit Node Status Page
The Unit Node Status page contains a list of statistics for the selected SonicWALL appliance:
• SonicWALL Model—specifies the model of the SonicWALL appliance. If the unit is not registered, “Not Registered” appears instead of a model number.
• Serial Number—specifies the serial number of the SonicWALL appliance.
• Number of LAN IPs allowed—specifies the number of IP addresses that are allowed on the LAN.
• DMZ Port—specifies whether the SonicWALL appliance has a DMZ port.
• CPU—specifies the CPU used in the SonicWALL appliance.
• VPN Upgrade—specifies whether the SonicWALL is licensed for a VPN upgrade.
• VPN Clients—specifies whether the SonicWALL is licensed for VPN Clients.
• Firmware Version—specifies the version of the firmware installed on the SonicWALL appliance.
• Content Filter Subscription List/Service—specifies whether the SonicWALL appliance is licensed for a Content Filter List subscription.
• Anti-Virus Subscription—specifies whether the SonicWALL appliance has an anti-virus subscription.
• Extended Warranty—specifies whether the SonicWALL appliance has an extended warranty.
• SonicWALL Status—specifies the operational status of the SonicWALL appliance.
• Tasks Pending—specifies whether the SonicWALL appliance has any pending tasks.
• Agent Assigned—specifies the IP address of the Dell SonicWALL GMS agent server that is the primary agent managing the SonicWALL appliance.
• Standby Agent—specifies the IP address of the peer Dell SonicWALL GMS that acts as the backup agent for this SonicWALL appliance. If the primary agent fails, this Dell SonicWALL GMS server begins managing the appliance.
• Managed using Management Tunnel—specifies if the SonicWALL appliance is being managed by SonicWALL GMS using the management VPN tunnel.
• Fetch Uptime—the Uptime parameter indicates how long the SonicWALL has been running since the last time it was powered up or restarted. To display the current uptime setting at the unit level for the selected SonicWALL, click Fetch Uptime.
Creating SonicWALL GMS Fields and Dynamic Views
The Dell SonicWALL GMS uses an innovative method for organizing SonicWALL appliances. SonicWALL appliances are not forced into specific, limited, rigid hierarchies. You can simply create a set of fields that define criteria (such as, country, city, state) which separate SonicWALL appliances. Then, create and use dynamic views to display and sort appliances on the fly. For information about organizing SonicWALL appliances, see the following sections:
• About Default SonicWALL Fields
• Creating Custom Fields
• Understanding Dynamic Views
• Configuring Dynamic Views
• Changing Views
About Default SonicWALL Fields
Dell SonicWALL GMS includes standard fields that can be used to sort SonicWALL appliances based on their model, their firmware version, and other criteria. Default Dell SonicWALL GMS fields include the following:
• AV Enforcement—places the SonicWALL appliances into two groups: appliances that have anti-virus (AV) subscriptions and appliances that do not.
• AV Status—places the SonicWALL appliances into different groups based on their status.
• CFS Status—places the SonicWALL appliances into two groups: appliances that have content filtering service (CFS) subscriptions and appliances that do not.
• Dialup Mode—performs grouping based on whether an appliance has switched to dialup mode for Internet access.
• Firmware—creates a group for each Firmware version and places each SonicWALL appliance into its corresponding group.
• Management—performs grouping based on whether appliances are managed by SSL Management mode, SonicWALL GMS Management Tunnel mode, or Existing/LAN mode.
• Model—creates a group for each SonicWALL model and places each SonicWALL appliance into its corresponding group.
• Network Type—creates a group for each network type and places each SonicWALL appliance into its corresponding group. These include:
– Standard
– NAT with DHCP Client
– NAT with PPPoE Client
– NAT with L2TP Client
– NAT with PPTP Client
– NAT Enabled
– Unknown
• Nodes—creates a group for each node range and places each SonicWALL appliance into its corresponding group.
• Registered—places the SonicWALL appliances into two groups: appliances that are registered and appliances that are not.
• Scheduler—creates a group for each scheduler agent and places each SonicWALL appliance into its corresponding group.
• UnitStatus—performs grouping based on the Up/Down/Provisioned status of appliances.
• VPN Present—places the SonicWALL appliances into two groups: appliances that have VPN and appliances that do not.
• Warranty Status—places the SonicWALL appliances into two groups: appliances that have current warranties and appliances that do not.
Creating Custom Fields
When first configuring Dell SonicWALL GMS, you can create custom fields that you can use to organize managed appliances. Dell SonicWALL GMS supports up to ten custom fields.
Note Although Dell SonicWALL GMS supports up to ten custom fields, only seven fields can be used to sort SonicWALL appliances in any view.
The following are examples of custom fields that you can use:
• Geographic—useful for organizing SonicWALL appliances by location. Especially useful when used in combination with other grouping methods. Geographic fields may include:
– Country
– Time Zone
– Region
– City
• Customer-based—useful for organizations that are providing managed security services for multiple customers. Customer-based fields may include:
– Company
– Division
– Department
• Configuration-based—useful when SonicWALL appliances have very different configurations. (such as, Filtering, No Filtering, Pornography Filtering, Violence Filtering, or VPN).
• User-type—different service offerings can be made available to different user types. For example, engineering, sales, and customer service users can have very different configuration requirements. Or, if offered as a service to end users, you can allow or disallow network address translation (NAT) depending on the number of IP addresses that you want to make available.
Dell SonicWALL GMS is pre-configured with four custom fields: Country, Company, Department, and State. These fields can be modified or deleted. To add fields, follow these steps:
1. Click the Console tab, expand the Management tree and click Custom Groups.
2. Right-click Custom Groupings in the right pane.
3. Select Add Category from the pop-up menu.
4. Enter the name of the group in the Category Name field.
Note: Category names can only contain alpha-numeric characters. Special characters and/or spaces are not accepted.
5. Enter the default value for the group in the Default Value field.
6. Click Ok. You can create up to ten fields.
Note Although the fields appear to be in a hierarchical form, this has no effect on how the fields appears within a view.
To modify or delete fields, right-click any of the existing fields and select Properties or Delete Category, respectively from the pop-up menu.
Understanding Dynamic Views
After creating custom fields and reviewing the Dell SonicWALL GMS fields, Dell SonicWALL GMS administrators can set up views to dynamically filter the SonicWALL security appliances that are displayed in the SonicWALL GMS user interface based on fields.
Note Each view can filter for a maximum of seven fields.
Some views can include the following:
• Standard Geographic Views—When the number of SonicWALL appliances managed by Dell SonicWALL GMS becomes large, you can divide the appliances geographically among SonicWALL administrators.
For example, if one administrator is responsible for each time zone in the United States, you can choose the following grouping methods:
– Administrator 1: Country: USA, Time Zone: Pacific, State, City.
– Administrator 2: Country: USA, Time Zone: Mountain, State, City.
– Administrator 3: Country: USA, Time Zone: Central, State, City.
– Administrator 4: Country: USA, Time Zone: Eastern, State, City.
• Firmware Views—To ensure that all SonicWALL appliances are using the current firmware, you can create a view to check and update firmware versions and batch process firmware upgrades when network activity is low.
For example, if you want to update all SonicWALL appliances to the latest firmware at 2:00 A.M., you can use the following grouping method:
– Firmware Version, Time Zone
If you want to update SonicWALL appliances only for companies that have agreed to the upgrade and you want the upgrades to take place at 2:00 A.M., you can use the following grouping method:
– Company, Firmware Version, Time Zone
• Registration Views—To ensure that all SonicWALL appliances are registered, you can create a registration view and check it periodically. To create a registration view, you can use the following grouping method:
– Registration Status, any other grouping fields
• Upgrade Views—You can create views that contain information on which upgrades customers do not have and forward this information to the Sales Department.
For example, you can choose the following grouping methods:
– Content Filter List, Company, Division, Department
– Anti-Virus, Company, Division, Department
– Warranty Status, Company, Division, Department
Configuring Dynamic Views
To create a view, follow these steps:
1. Right-click anywhere in the left pane of the Dell SonicWALL GMS window and select Manage Views from the pop-up menu. The Edit View page appears.
2. Type a descriptive name for the new view in the View Name field.
3. To make this view available to non-administrators, select Visible to Non-Administrators.
4. To add a view category, click Add Level. View categories are used to filter SonicWALL appliances in your view. The Group Categories column contains categories that are a combination of custom fields and SonicWALL GMS fields.
5. To change the Group Category field, select the desired field from the pull-down list. For a list of SonicWALL GMS fields and their meanings, refer to the About Default SonicWALL Fields.
6. Choose an Operator to apply to apply to the value for this view:
– equals (default value)
– starts with
– ends with
– contains
– does not equal
– does not contain
7. Type a value for the category in the Value column.
8. You can add up to seven categories or levels.
9. To delete a view category, select the level and click Delete Level.
10. When you are finished configuring this view, click Modify View.
11. When you are finished, click Done.
Changing Views
To change views from within the Dell SonicWALL GMS UI, follow these steps:
1. Right-click anywhere in the left pane of the Dell SonicWALL GMS window and select Change View from the pop-up menu. The Change View dialog box appears.
2. Select a view and click OK. The SonicWALL GMS UI displays only the SonicWALL appliances that meet the requirements of the filters defined in the view.
Getting Help
In addition to this manual, Dell SonicWALL GMS provides on-line help resources. To get help, follow these steps:
1. Navigate to the page where you need help.
2. Click the Question Mark (?) in the upper right-hand corner of the window. Help for the selected page appears.
Tips and Tutorials
Tips and tutorials are also available in some section of the user interface, and are denoted by a “Lightbulb” icon:
To access tips and tutorials:
1. Navigate to the page where you need help.
2. If available, click the Lightbulb icon in the upper right-hand corner of the window. Tips, tutorials, and online help are displayed for this topic.