en-US
search-icon

Analyzer 8.3 Admin Guide

UMH

Using the UMH System Interface

This chapter content describes the Universal Management Host (UMH) system interface, one of the two management interfaces available for SonicWall Analyzer. The SonicWall Analyzer UMH system interface contains similar configuration settings for Microsoft Windows and Virtual Appliance deployments.

The SonicWall Analyzer Virtual Appliance UMH interface contains the following settings that are not applicable to Windows deployments:

System > Status
System > Licenses
System > Administration
System > Settings
System > Diagnostics
System > Backup/Restore
* 
NOTE: Microsoft Windows deployments can skip these settings as they only apply to Virtual Appliance deployments.

This section includes the following subsections:

Overview of the UMH System Interface

The SonicWall Analyzer UMH system interface is used for system management of the SonicWall Analyzer instance, including registration and licensing, setting the administrator password, configuring network and database settings, selecting the deployment role, and configuring other system settings.

When installing SonicWall Universal Management Suite on a host, a Web server is installed to provide the system management interface. The system interface is available by default at http://localhost/appliance/ after restarting the system.

Switching to the Application Interface

To switch between the System interface and the SonicWall Analyzer application interface, click Switch in the top right corner of the interface.

Viewing Online Help and Tips

To display context sensitive help for the current page, click Help in the top right corner of the interface.

Help can change to the Tips button if the current page has any context sensitive tips or video tutorials.

Clicking Tips displays dynamic links for white papers, videos, knowledge base articles, other references, and Online Help.

Logging Out of the UMH System Interface

To log out of the SonicWall Analyzer UMH system interface, click Logout in the top right corner of the interface.

Configuring UMH System Settings

This section describes the tasks you can do on the System pages of the SonicWall Analyzer UMH system interface. The SonicWall Analyzer UMH system interface contains similar configuration settings for Microsoft Windows and Virtual Appliance deployments. The SonicWall Analyzer Virtual Appliance UMH interface contain the following settings that are not applicable to Windows deployments. Microsoft Windows deployments can skip these settings as they only apply to Virtual Appliance deployments:

System > Time
System > File Manager
System > Shutdown

See the following sections:

Viewing System Status

The System > Status page provides the general information about the installation, including the name which identifies the system as a SonicWall Universal Management Host, the serial number of the SonicWall Analyzer instance, the software version, licensing status, and the system role. For SonicWall Analyzer, the role is always “Analyzer.”

Under System, the host name of the computer is listed, along with the time and other information about the host computer.

At the bottom of the page, a link is provided to access the Getting Started Guide that takes you to the Online Help table of contents.

Managing System Licenses

The System > Licenses page provides buttons for managing, refreshing, and uploading licenses. The page displays the status of Analyzer and Global Management System licenses. The Global Management System license status shows the status of your SonicWall GMS Free Trial, if activated. If you choose to upgrade to SonicWall GMS, this page shows Global Management System as fully licensed.

The value in the Count column indicates the number of appliances for which this SonicWall Analyzer or SonicWall GMS instance is licensed for reporting or management. For SonicWall Analyzer, this value is usually “unlimited,” but for SonicWall GMS, the base license is either for 10 nodes or 25 nodes, and additional node licenses can be purchased in various increments.

The Expiration column indicates the expiration date of the license. If no date is shown, the license is perpetual, and does not expire.

To display the MySonicWall login page, click Manage Licenses. You can purchase licenses and obtain license keysets on MySonicWall.

Click Refresh Licenses to refresh the license status on this page.

To upload a new license, click Upload Licenses and browse to a license file on your computer.

Upgrading from Analyzer to GMS

SonicWall Analyzer installations have the option of upgrading to SonicWall GMS without reinstalling. You can start a 30-day Free Trial of SonicWall GMS by clicking a button or link in either the Analyzer or Universal Management Host interface and following a simple procedure. When you are ready to finalize the upgrade, your SonicWall reseller can provide you with the license key for a seamless transition to SonicWall GMS.

When five or more registered devices are connected to SonicWall Analyzer reporting, Try GMS Free - 30 Days appears next to the tabs at the top of the SonicWall Analyzer management interface.

You can also start the Free Trial by clicking Manage Licenses on the System > Licenses page of the Universal Management Host interface, and then clicking the Try link.

For details on enabling the SonicWall GMS Free Trial and purchasing the SonicWall GMS upgrade license, see the following sections:

Enabling the GMS Free Trial from Analyzer

When five or more devices are connected to SonicWall Analyzer reporting, Try GMS Free - 30 Days appears next to the tabs at the top of the SonicWall Analyzer management interface.

To find out how many devices your SonicWall Analyzer installation is handling, log in to MySonicWall and navigate to the My Products page. Click on the link for your SonicWall Analyzer installation to get to the Service Management page, and scroll to the bottom. You see the list of appliances under Associated Products.

To enable the 30-day SonicWall GMS Free Trial from the SonicWall Analyzer management interface, complete the following steps:
1
In the SonicWall Analyzer management interface, click Try GMS Free - 30 Days next to the tabs at the top of the page.

2
The Analyzer Upgrade Tool launches and guides you through the process of installing the Free Trial or Upgrade. The tool displays the Upgrade Requirements – Licensing screen. Before migrating to GMS, ensure that all appliances under Analyzer reporting are registered to the same MySonicWall account. Follow the steps provided in the screen, and then click Proceed.

3
The Upgrade Requirements – System screen displays the recommended operating system, database, and hardware system requirements. Click Proceed.

4
The Analyzer Upgrade Tool displays the login screen for MySonicWall. Enter your MySonicWall credentials and click Submit.

5
In the next Analyzer Upgrade Tool page, click the Try link in the Free Trial column for Global Management System.

6
From this point, the upgrade process continues with the same steps for access from either the SonicWall Analyzer interface or the Universal Management Host interface.

Continue the procedure by completing the following section.

Enabling the GMS Free Trial from the UMH Interface

To enable the 30-day Free Trial of SonicWall GMS from the Universal Management Host interface on your SonicWall Analyzer system, complete the following steps:
1
In the Universal Management Host interface, navigate to the System > Licenses page and click Manage Licenses.

2
If you are not already logged into MySonicWall, the MySonicWall login screen is displayed. Enter your MySonicWall credentials in the appropriate fields and log in.
3
On the next page, click the Try link in the Free Trial column for Global Management System.

4
From this point, the upgrade process continues with the same steps for access from either the SonicWall Analyzer interface or the Universal Management Host interface.

Completing the Free Trial Upgrade

This procedure provides the common upgrading steps for access from either the SonicWall Analyzer interface or the Universal Management Host interface. To get to this point in the process, follow the steps described in one of the two preceding sections:

To continue the upgrade, complete the following steps:
1
In the Analyzer Upgrade Tool page, click Continue.

2
The next screen provides a summary of GMS and Analyzer status. Verify that the Try link for the Free Trial is gone and only the Upgrade link remains. The Expiration column displays the expiration date of your Free Trial. You can click Upgrade at any time during the Free Trial to purchase the SonicWall GMS upgrade. Click Proceed.

3
In the next Analyzer Upgrade Tool page, you begin the configuration for SonicWall GMS in step 2 of the upgrade process. This page displays two sections:
Automatic Configuration

Contains a list of SonicWall firewall or CSM appliances in your Analyzer installation. These appliances are automatically configured for SonicWall GMS management.

Manual Configuration

Contains a list of SonicWall or SSL-VPN appliances in your Analyzer installation. You must manually configure these appliances for SonicWall GMS management. See Configuring Appliances for Analyzer Management for detailed instructions on enabling SonicWall GMS management on these appliances.

4
When ready, click Proceed.

5
When the configuration finishes, the Analyzer Upgrade Tool displays the completion dialog box. Click Close to log out of the console and restart the system.

6
The Analyzer login page appears and requests that you reboot the system. Reboot the system. If a reboot is not done, you could encounter problems with the correct IP Address appearing.

7
After rebooting, log in with your Analyzer credentials.

When you log in, you see a button displaying the number of days left in your Free Trial at the top of the page.

8
On the System > Status page for connected appliances, you can view the log entries for task synchronization and automatic addressing mode, related to the Analyzer configuration.

Configuring Appliances for Analyzer Management

To manually configure the appliances listed in the Manual Configuration section of the Analyzer Upgrade Tool page, complete the following steps for each appliance:
1
In the SonicWall Analyzer management interface, click the tab at the top of the page that corresponds to the type of appliance, such as SSL-VPN.
2
In the left pane, right-click one of the listed appliances and select Modify Unit.
3
In the Modify Unit screen in the right pane, copy the appliance IP address in the Managed Address section to your clipboard, or make a note of it.

4
Click Cancel.
5
In the left pane, right-click the same appliance and select Login to Unit > Using HTTPS.

6
In the appliance management interface, navigate to the System > Administration page.

7
Under GMS Settings, select Enable GMS Management, or verify that it is selected.
8
In the GMS Host Name or IP Address field, paste or type the appliance IP address that you obtained from the Modify Unit screen in Step 3
9
Click Accept at the top of the appliance interface screen.
10
Click Logout in the top right corner of the appliance interface screen.
11
Repeat these steps for each appliance listed in the Manual Configuration section of the Analyzer Upgrade Tool page.

Purchasing a SonicWall GMS Upgrade

You can purchase an upgrade to SonicWall GMS at any time during the 30-day Free Trial.

To purchase the SonicWall GMS license, complete the following steps:
1
In the SonicWall GMS interface, click GMS Free Trial X Days Left, where X is the number of days left in the Free Trial.

2
On the Buy GMS page, click I want to upgrade to GMS now.

3
The Console > Licenses > Product Licenses page is displayed. Click Manage Licenses.

4
In the next page, in the Manage Service column for Global Management System, click Upgrade.

5
The next page has Serial Number and Authentication Code fields for SonicWall GMS. You must contact your SonicWall reseller to complete the purchase and obtain the 12-character serial number and authentication code. Type in the values to the Serial Number and Authentication Code fields.

6
Enter a descriptive name for the SonicWall GMS installation into the Friendly Name field. This name appears in your MySonicWall account.
7
If your SonicWall Analyzer installation currently handles more than 10 appliances, when you upgrade to SonicWall GMS, you need to purchase additional SonicWall GMS license(s) to manage the extra appliances. The standard “10-node” SonicWall GMS license provided with the Free Trial supports up to 10 managed appliances. Enter the license keys for any additional SonicWall GMS licenses into the GMS upgrade keys text box, one key per line.
8
Click Submit. The License page is displayed, showing that SonicWall GMS is now licensed.

Configuring System Time Settings (Virtual Appliance)

The System > Time page allows you to automatically configure the date and time using NTP servers.

To manually select the time, under Systems Time select the Time, Date, and Time zone.

To automatically set the time using an NTP server, select Set time automatically using NTP. Next, select the Add NTP Server icon, and enter the IP address or domain name of the NTP server. Click Update to submit your system time configuration changes. Alternatively, click Reset to reset the system time to factory defaults.

Configuring System Administration Settings

The System > Administration page allows you to configure the system behavior for administrative login sessions.

Under Host Settings, enter the number of minutes of inactivity allowed before the session is logged out. A setting of -1 allows an unlimited amount of inactivity without being logged out.

Under Enhanced Security Access, you can configure the number of failed login attempts before the admin account is locked out, and the number of minutes that the lockout lasts. You can also configure the number of days before the admin account password must be changed.

Under Administrator Password, you can change the administrator password for the SonicWall Analyzer application. Enter the current password for the system administrator (or root) account into the Current Password field, and then enter the new password into both the New Password and Confirm Password fields.

After making any changes on this page, click Update. To revert the fields on the page to their default settings, click Reset.

Managing System Settings

The System > Settings page provides a way to upload new SonicWall Analyzer software or service packs to the system. Click Browse to browse to the file you wish to upload, and then click Apply.

The page shows the current version of SonicWall UMS, and provides a History link that displays the history of all hotfixes and firmware updates that were applied to the system.

The Reinitialize Appliance to Factory Settings section allows the administrator to reset all UMH system settings to factory defaults. Click Reinitialize to reset to factory defaults. A pop-up message displays for the administrator to confirm this process.

Click OK, the system reboots and the reinitialization process takes 10-15 minutes to complete. After the reinitialization process is complete, the administrator needs to log back in to the management interface to confirm the system settings are now restored to factory defaults.

Using System Diagnostics

The System > Diagnostics page is used to set log levels, test connectivity to servers, generate Tech Support Reports, and to search and download system log files.

Under Debug Log Settings, select the log level from the System Debug Level drop-down list. Select from the following system debug verbosity levels:

No Debug
Level 1 (Codepath)
Level 2 (Simple)
Level 3 (Logic)
Level 4 (Detailed)
Level 5 (Highly Detailed)

The No Debug level setting provides no debug information, and the Level 5 (Highly Detailed) setting provides the maximum debug information.

In the Test Connectivity section, select one of the following radio buttons and then click Test to verify connectivity to that server:

Database Connectivity – Tests connectivity to the database server configured on the Deployment > Roles page.
License Manager Connectivity – Type the host name or IP address into the License Manager Host field and click Test to test connectivity to that server.
SMTP Server Connectivity – Tests connectivity to the SMTP server configured on the Deployment > Settings page.

In the Download System/Log Files section, you can enter a filter, or search value, into either of the Search Filter fields, and then press Enter, to locate log entries of interest. Click Export Logs to save the log files to a file on your computer.

To generate a TSR (Technical Support Report), select Technical Support Report (TSR), and then click Export Logs.

Using System File Manager (Virtual Appliance)

The System > File Manager page provides access to the file system. Copy files or export files to these folders. Administrators often use this page to export system settings preference files (etc/prefs) to another directory location for backup archiving.

To complete a file set export, select a folder from the drop-down menu. The page refreshes and displays the contents of the selected folder. Individual files can be exported or deleted. Click Selected Folder to select all the files for this folder. For managing a batch of files, select multiple files from the list and click Export or Delete.

Administrators can also use the file manager to import files, such as, third-party MIB files to the directory folder for multiple-vendor solution interoperability. To import or to upload a file, select a folder from the drop-down menu. The page refreshes and displays the contents of the selected folder. In the top-right corner of the page, click the plus icon to upload a file. Next, click Choose File to open the file management dialog box. In the file management dialog box, navigate to the file you would like to upload and click Open. The selected file is now displayed next to Choose File. Click Upload to complete the file manager import.

Using System Backup/Restore

The System > Backup/Restore page helps you schedule and create immediate snapshots of configuration and data on your system. Note that a minimum of 10GB of free disk space is required to perform a backup/restore operation. Navigate to the System > Status page to verify available disk space.

You can also off-load the backup/reporting data through web services by downloading a Java-based UI tool. This tool helps you setup configurations that can be used to automatically download backup snapshots to a remote location in a reoccurring schedule.

Manage Backups

Manage backups 

Name

Description

Download Auto Export Tool

Helps you setup configurations that can be used to automatically download scheduled backup snapshots to a remote location in a recurrent manner. It also allows the user to offload reporting data such as archived syslog files and archived scheduled reports to a remote location

Click here to see restore history link

Displays the restored snapshots.

Available Snapshots list

Displays all the available snapshots with type, date, product, version, and size information for each.

Download Snapshot

Downloads a snapshot of the current system configurations.

Restore Snapshot

Restores a backup snapshot, the snapshot is uploaded to your local storage and then used to restore data.

Immediate Backup/Restore

Immediate Backup/Restore 

Name

Description

Backup Now

Creates a new basic, application, or complete snapshot file.

Choose File

Selects a snapshot file from your local file system to upload to the Analyzer server.

Restore Now

Restores using the selected snapshot file.

Scheduled Backup Settings

Scheduled Backup Settings 

Name

Description

Enable Basic Backups check box

Backs up files that are essential for the system configuration and addUnit.xml files on a daily basis.

Daily At drop down lists

Selects the hour and minute for the backup schedule.

Enable Application Backups check box

Backs up basic data, database, firmware images, and HM recordings on a monthly or weekly schedule.

Backup Schedule: drop down lists

Selects the week or month, day, hour, and minute for the backup schedule.

Enable Complete Backups check box

Backs up application backup data, reporting database, and archived scheduled reports from the default archive directory on a monthly or weekly schedule.

Backup Schedule drop down lists

Selects the month or week, day, hour, and minute for the backup schedule.

Backup Snapshots to Directory text field

Backs up snapshots to the directory that is entered into the text field.

Free disk space required

Indicates the space required to perform the backup, and how much space is available for use on the resource. If available disk space is less than the estimated free disk space required, the backup process will not start. However, if the auto disk space management feature is enabled, the backup process deletes the previous backup files to free the disk space required for the backup process to begin if the following conditions are satisfied:

Auto disk space management

Select to allow Analyzer to manage the disk space and backup requirements. Auto disk space management is a configurable option provided for you to automate recovering disk space by deleting previous backup files in case of a disk space shortage for the backup process. If there is sufficient disk space for the backup process to run, this feature does not have any impact.

Update Settings

Updates the current configured settings.

Using System Shutdown (Virtual Appliance)

The System > Shutdown page allows you to restart or shut down the appliance. Click Restart to reboot the system. To stop all the services and database processing, click Shutdown.

Configuring UMH Network Options (Virtual Appliance)

This section describes the tasks you can do on the Network pages of the SonicWall Analyzer UMH system interface.

See the following sections:

Configuring Network Settings (Virtual Appliance)

This section provides network settings configuration procedures for host, networking, and search suffixes. To configure host settings, enter host and domain name information. To configure networking settings, enter host IP address, subnet mask, default gateway, and optionally enter DNS server IP addresses. Click Update to apply the host and networking settings changes. Click Reset to restore these settings to factory defaults.

Search suffixes provide the ability to automatically append a DNS suffix. For example, when you ping “sonicwall” it automatically goes to “sonicwall.engineering.” To configure Search Suffixes, click Add to include multiple search suffixes, and to remove Search Suffixes, click the check box next to the Search Suffixes list, and click Delete.

Configuring Network Routes (Virtual Appliance)

This section provides configuration procedures to add network routes. To add a network route, enter a destination network IP address, network mask, and gateway, and click Add. To edit the default network route, click the configure icon. When multiple network routes are added to the list, selecting the check box at the top-left corner of the page selects all the added network routes. Click Delete to remove a network route from the list.

* 
NOTE: The default network route cannot be deleted.

Configuring UMH Deployment Options

This section describes the tasks you can do on the Deployment pages of the SonicWall Analyzer UMH system interface.

See the following sections:

Configuring the Deployment Role

In a SonicWall Analyzer installation, the Deployment > Roles page provides a way to configure the syslog port and the database settings, and to test database connectivity.

To set the syslog port, enter the port number into the Syslog Server Port field.

Under Database Configuration, to provide credentials with which SonicWall Analyzer accesses the database, enter the account user name into the Database User field, and enter the account password into both the Database Password and Confirm Database Password fields. Additionally, you can enter a Database Driver file name and the Database URL for an explicit directory path location.

To test connectivity to the database server, click Test Connectivity. A pop-up message displays the database connectivity status.

When finished, click Update to apply the changes. To revert the fields on the page to their default settings, click Reset.

Configuring Deployment Settings

This section describes the UMH Deployment > Settings page, used for Web port, SMTP, and SSL access configuration.

The Deployment > Settings page is identical in both the UMH management interfaces.

See the following sections:

Configuring Web Server Settings

Web Server Settings configuration is largely the same on any role:

1
Navigate to Deployment > Settings > Web Server Settings in the /appliance management interface.
2
To use a different port for HTTP access to SonicWall Analyzer, type the port number into the HTTP Port field. The default port is 85.

If you enter another port in this field, the port number must be specified when accessing the appliance management interface or SonicWall GMS management interface. For example, if port 8080 is entered here, the appliance management interface would be accessed with the URL: http://<IP Address>:8080/appliance/.

3
To use a different port for HTTPS access to the SonicWall Analyzer, type the port number into the HTTPS Port field. The default port is 443.

If you enter another port in this field, the port number must be specified when accessing the appliance management interface or SonicWall GMS management interface. For example, if port 4430 is entered here, the appliance management interface would be accessed with the URL: https://<IP Address>:4430/appliance/.

4
Click Enable HTTPS Redirection to redirect HTTP to HTTPS when accessing the Analyzer management interface.
5
In the Public IP text-field, enter the public IP or FQDN of the outside web services.
6
When you are finished configuring the Web Server Settings, click Update.

Configuring SMTP Settings

The SMTP Configuration section allows you to configure an SMTP server name or IP address, a sender email address, and an administrator email address. You can test connectivity to the configured server.

To configure SMTP settings, complete the following steps:
1
Navigate to the Deployment > Settings page under the SMTP Configuration section.
2
Type the FQDN or IP address of the SMTP server into the SMTP server field.
3
Click Use TLS if you would like to use Transport Layer Security (TLS) for your mail server connectivity, such as for Gmail or Office365. TLS ensures privacy between you and communicating applications on the Internet, and that no third-party can eavesdrop or tamper with your messages.
4
If the SMTP server in your deployment is set to use authentication, click the Use Authentication check box. This option is necessary for all outgoing Analyzer emails to properly send to the intended recipients. Enter the username in the User field, and enter/confirm the password in the Password and Confirm Password fields. This is the username/password that is used to authenticate against the SMTP server.
5
Type the email address from which mail is sent into the Sender address field.
6
Type the email address of the system administrator into the Administrator address field.
7
To test connectivity to the SMTP server, click Test Connectivity.
8
To apply your changes, click Update.

Configuring SSL Access

The SSL Access Configuration section allows you to configure and upload a custom Keystore/Certificate file for SSL access to the GMS appliance, or select the default local keystore.

To configure SSL access, complete the following steps:
1
Navigate to the Deployment > Settings page under SSL Access Configuration section.
2
Select Default to keep, or revert to, the default settings, where the default GMS Web Server certificate with 'gmsvpserverks' keystore is used.
3
Select Custom to upload a custom keystore certificate for GMS SSL access.
4
In the Keystore/Certificate file field, click Browse to select your certificate file.
* 
NOTE: Your custom file is renamed to ‘gmsvpservercustomks’ after upload.
5
Type the password for the keystore certificate into the Keystore/Certificate password field.
6
Click View to display details about your keystore certificate.
7
Click Update to submit your changes.

Controlling Deployment Services

The Deployment > Services page provides a list of the services that are running on your system as part of SonicWall Analyzer. It also provides a way to stop or start any of the services.

To stop a service that is currently Enabled, select the check box for that service and then click Disable/Stop.

To start a service that is currently Disabled, select the check box for that service and then click Enable/Start.

To restart a service that is either Enabled or Disabled, select the check box for that service and then click Restart.