en-US
search-icon

GMS 8.3 Admin Guide

Appendices

Using the SonicWall GMS CLI

This describes how to access the command line interface (CLI) and how to execute CLI commands.

For information about the CLI, see the following:

Accessing the CLI

The SonicWall™ Global Management System (GMS) CLI might be accessed either locally (directly from a prompt on the GMS machine), or remotely (through an SSL connection using the GMS CLI Server-Client).

Local CLI Access

To access the CLI locally:

1
Open the command-line prompt.
2
Change to the following directory:
sonicwall_directory\cli
where sonicwall_directory is the location where GMS is installed.
3
Enter one of the following commands:
For Windows NT, enter: sgms
4
Execute any of the commands described in CLI Commands.
5
To exit from the GMS CLI, enter the following command: sgms> quit

Remote (SSL) CLI Access

The GMS CLI Server feature allows for remote clients to connect and administer CLI commands over a secure SSL connection using a lightweight Java client. The CLI server uses the gmsvpserverks (SonicWall Self-Signed) keystore.

This section provides instructions to configure both server and client for remote CLI access.

* 
NOTE: The default port for the CLI service is 5595. Ensure that this port is opened on your perimeter firewall or UTM device in order for a connection to be established. This port is configurable in the <gmsvp>/CLI/cliserver/liserver.properties file.

Using the Remote Client

To access the CLI remotely:

1
You can download the CLI Client by going to Console > Management > Settings screen and clicking Download CLI Client.
2
Download it and unzip it into “C:\CLI”, then go into the “C:\CLI” folder from DOS and run the “client.bat” file.
* 
NOTE: If you see java errors, it might be because you do not have JRE 7 installed – go ahead and install it.
3
You can then connect to your Virtual Appliance GMS from this CLI running on your Windows by running the command:
client –h GMS-IP –P 5595 –i
* 
NOTE: Just running the client provides you with the usage help.
4
Type login to log into the CLI, it prompts you for the user, password, and domain information. Type ? to get a list of all commands.

CLI Commands

This section provides both syntax and usage guidelines for common GMS CLI commands. This section contains the following sub-sections:

Logging In

To log in to the GMS CLI, use the sgms login command: sgms > login username password

Syntax

 

Syntax

username

Admin user.

password

Password of the admin user.

Usage Guidelines

When this command is entered, GMS does the following:

Checks whether the command is entered with the correct parameters.
If the command is not entered correctly, it returns the correct form of the command.
Checks the validity of the username and password.
Executes the login command.
Creates a new session with a randomly generated session ID.
Returns any command output.

Example

In the following example, the user admin logs in using the password “password.”

sgms> login admin password

Logging Out

To log out from the GMS CLI, use the logout command.

sgms> logout

Usage Guidelines

When this command is entered, GMS does the following:

Executes the logout command.
Closes the session.
Returns to the SGMS prompt from which you can login again.

Executing a Command without Logging In

To execute a command without logging in to the GMS CLI, use the login command.

sgms> login -L “username password” -C “command parameter”

Syntax

 

Syntax

username

Admin user.

password

Password of the admin user.

command

The command.

parameter

Any command parameters.

Usage Guidelines

When this command is entered, GMS does the following:

Checks whether the command is entered with the correct parameters.
If the command is not entered correctly, it returns the correct form of the command.
Checks the validity of the username and password.
Executes the login command.
Creates a new session with a randomly generated session ID.
Executes the command.
Closes the session and exits.

Example

In the following example, the user admin logs in using the password “password” and runs an addunit command.

sgms> login -L admin password -C addunit new_sonicwall.xml

Adding SonicWall Appliances

To add one or more SonicWall appliances to GMS using the CLI, use the addunit command.

sgms> addunit xml_file

Syntax

Syntax

xml_file

XML file that contains SonicWall appliance information.

Usage Guidelines

The XML file should contain the following:

<?xml version ="1.0" ?>
<sgmscommand>
     <command>addUnit</command>
     <FirewallList>
          <FirewallInfo>
               <SonicwallName>sonicwall_name</sonicwallName>
               <SonicwallPassword>password</sonicwallPassword>
               <IpAddress>ip_address</ipAddress>
               <retainManual>1</retainManual>
               <userName>username</userName>
               <SerialNumber>serial_number</serialNumber>
               <SAencryptionKey>encrypt_key</SAencryptionKey>
               <SAAuthKey>auth_key</SAAuthKey>
               <AntivirusPassword>av_password</antivirusPassword>
               <SchedulerIPAddress>scheduler_ip</schedulerIPAddress>
               <StandbySchedulerIP>standby_ip</standbySchedulerIP>
               <UseVPN>use_vpn</useVPN>
               <supportRavlin>ravlin_bit</supportRavlin>
               <snmpRead>read_string</snmpRead>
               <snmpWrite>write_string</snmpWrite>
               <httpsMgmt>https_bit</httpsMgmt>
               <managedOnLanIP>managedon_lanip</managedOnLanIP>
               <StandbyManagedAtWan>standbymanaged_atwan</standbyManagedAtWan>
               <CustomInfo>
                    <Customfield01>field_01</Customfield01>
                    <Customfield02>field_02</Customfield02>
                    ...
                    <Customfield10>field_10</Customfield10>
               </CustomInfo>
               <userList>
                    <user>user_01</user>
                    <user>user_02</user>
                    ...
               </userList>
          </FirewallInfo>
          <FirewallInfo>
               (SonicWall Configuration Information)
          </FirewallInfo>
          <FirewallInfo>
               (SonicWall Configuration Information)
          </FirewallInfo>
     </FirewallList>
</sgmscommand>
 

Usage guidelines

sonicwall_name

Required. Descriptive name for the SonicWall appliance.

ip_address

If the WAN IP address of the SonicWall appliance is static, enter the IP address. If the WAN IP address of the SonicWall appliance changes dynamically, leave this field blank.

retainManual

Optional. This will retain Manual Mode and the specified IP address will not be overwritten. Enter 1 in this field to enable the feature. An IP Address has to be specified for the tag “ipAddress” when using this feature.

userName

Required. Enter the Administrator login name for the SonicWall appliance. If you are the Administrator of the appliance, you can also enter a Local User or a Remote User name (as configured on the Firewall) for GMS Management. If using Local User or Remote User names, they must be specified in the user list.

password

Required. Password used to access the SonicWall appliance.

serial_number

Required. Serial number of the SonicWall appliance.

encrypt_key

Required. Enter a 16-character encryption key. The key must be exactly 16 characters long and comprised of hexadecimal characters. Valid hexadecimal characters are “0” to “9”, and “a” to “f” (such as 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be 1234567890abcdef.

This key must match the encryption key of the SonicWall appliance.

auth_key

Required. Enter a 32-character authentication key. The key must be exactly 32 characters long and comprised of hexadecimal characters. For example, a valid key would be 1234567890abcdef1234567890abcdef.

This key must match the authentication key of the SonicWall appliance.

av_password

If the SonicWall appliance uses the Anti-Virus feature, enter the Anti-Virus password. Otherwise, leave the field blank.

scheduler_ip

Required. Enter the IP address of the GMS server that will manage the SonicWall appliance:

If GMS is configured in a two-tier distributed environment, you can select any Agent. However, the IP address must match the IP address that you specified when configuring the SonicWall appliance for GMS management.

If GMS is in a single server environment, enter the IP address of the GMS server.

standby_ip

Enter the IP address of the standby GMS server. The standby GMS server will automatically manage the SonicWall appliance in the event of a primary failure. Any Agent can be configured as the standby.

If SonicWall GMS is in a single server environment, leave this field blank.

use_vpn

Specifies whether GMS will need a VPN tunnel to reach the SonicWall appliance (default: yes). If yes, enter use_vpn. If no, leave it blank.

ravlin_bit

Specifies whether this is a Ravlin device (default: no). If yes, enter 1. If no, enter 0. If this entry does not appear in the file, GMS assumes it is
SonicWall appliance.

read_string

Specifies the SNMP read string for Ravlin devices.

write_string

Specifies the SNMP write string for Ravlin devices.

https_bit

Specifies whether this device uses HTTPS instead of a VPN tunnel (default: no). If yes, enter 1. If no, enter 0.

managedon_lanip

Specifies the device will be managed from the LAN interface. If you will use HTTPS, this setting must be enabled.

standbymanaged_atwan

Specifies whether the SonicWall appliance will establish a VPN tunnel to the standby scheduler (default: yes). If yes, standbymanaged_atwan. If no, leave it blank.

field_01...field_10

Specifies the values of each custom field.

user_01...

Specifies the usernames of non-administrator GMS users that have access to this SonicWall appliance through the GMS UI.

Example

In the following example, two new SonicWall appliances are added to GMS. The first appliance is determining the IP address automatically, and being managed by the administrator. The second appliance is using a manually enter IP address that is set to be sticky (retained), and management permissions are given to the gmsuser.

sgms> addunit new_sonicwall.xml

The following is the content of new_sonicwall.xml.

<?xml version ="1.0" ?>
<sgmscommand>
     <command>addUnit</command>
     <FirewallList>
          <FirewallInfo>
               <sonicwallName>ABC14</sonicwallName>
               <sonicwallPassword>abc</sonicwallPassword>
               <ipAddress></ipAddress>
               <userName>admin</userName>
               <serialNumber>00F12211F114</serialNumber>
               <SAencryptionKey>1234567812345678</SAencryptionKey>
               <SAuthKey>12345678123456781234567812345678</SAuthKey>
               <antivirusPassword>avpass</antivirusPassword>
               <schedulerIPAddress>192.168.168.168</schedulerIPAddress>
               <useVPN>1</useVPN>
               <standbyManagedAtWan>1</standbyManagedAtWan>
               <standbySchedulerIP>192.168.168.23</standbySchedulerIP>
               <supportRavlin>1</supportRavlin>
               <snmpRead>abcdef12</snmpRead>
               <snmpWrite>abcdef12</snmpWrite>
               <httpsMgmt>0</httpsMgmt>
               <manageOnLanIP>0</manageOnLanIP>
               <CustomInfo>
                    <Company>SonicWAll</Company>
                    <Country>China</Country>
                    <State>California</State>
                    <Department>Engineering</Department>
               </CustomInfo>
               <userList>
                     <user>billb</user>
                     <user>dana</user>
               </userList>
          </FirewallInfo>
          <FirewallInfo>
               <sonicwallName>XYZ26</sonicwallName>
               <sonicwallPassword>abc</sonicwallPassword>
               <ipAddress>10.10.10.100</ipAddress>
               <retainManual>1</retainManual>
               <userName>gmsuser</userName>
               <serialNumber>00F1434CE265</serialNumber>
               <SAencryptionKey>1234567812345678</SAencryptionKey>
               <SAuthKey>123456781234567812345678abcdef89</SAuthKey>
               <antivirusPassword></antivirusPassword>
               <schedulerIPAddress>192.168.168.168</schedulerIPAddress>
               <useVPN>1</useVPN>
               <standbyManagedAtWan>1</standbyManagedAtWan>
               <standbySchedulerIP>192.168.168.23</standbySchedulerIP>
               <httpsMgmt>0</httpsMgmt>
               <manageOnLanIP>0</manageOnLanIP>
               <CustomInfo>
                     <Company>SonicWAll</Company>
                     <Country>China</Country>
                     <State>California</State>
                     <Department>Engineering</Department>
               </CustomInfo>
          </FirewallInfo>
     </FirewallList>
</sgmscommand>

Adding Users

To add users, use the addusers command.

sgms> addusers xml_file

Syntax

Syntax

xml_file

XML file that contains user information.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >
<Sgmscommand>
   <AddUsers>
      <AddUser>
         <UserAccountInfo>
            <Name>username</Name>
            <Password>password</Password>
            <UserTypeName>group</UserTypeName>
            <DefaultViewName>viewname</DefaultViewName>
            <FirstName>firstname</FirstName>
            <MiddleName>middlename</MiddleName>
            <LastName>lastname</LastName>
            <Phone>phone</Phone>
            <Fax>fax</Fax>
            <Email1>email</Email1>
            <Email2>email2</Email2>
            <Timeout>timeout_period</Timeout>
         </UserAccountInfo>
         <UserPermsInfo>
            <UserScreenList>
               <UserScreen pathname="screenpath" permtype="permission_type"> </UserScreen>
            </UserScreenList>
            <UserNodeList>
               <UserNode displayname="node" viewname="viewname" operationtype="optype"></UserNode>
            </UserNodeList>
            <UserActionList>
               <AddUnit>permission</AddUnit>
               <ModifyUnit>permission</ModifyUnit>
               <DeleteUnit>permission</DeleteUnit>
               <RenameUnit>permission</RenameUnit>
               <ModifyProperties>permission</ModifyProperties>
               <ReassignAgents>permission</ReassignAgents>
               <AddDeleteModifyView>permission</AddDeleteModifyView>
               <ChangeView>permission</ChangeView>
               <AllowCLI>permission</AllowCLI>
            </UserActionList>
         </UserPermsInfo>
      </AddUser>
   </AddUsers>
</Sgmscommand>
 

Usage guidelines

UserAccountInfo

User account options include:

Name—username of the user.

Password—password of the user.

UserTypeName—user group to which the user belongs.

DefaultViewName—default view for the user.

FirstName—first name of the user.

MiddleName—middle name of the user.

LastName—last name of the user.

Phone—phone number of the user.

Fax—fax number of the user.

Email1—email address of the user.

Email2—email address of the user.

Timeout—idle-timeout setting for the user.

UserPermsInfo

User permissions information include:

UserScreenList

pathname—path to a screen. For example: “Console/Management/Users” or “Policies/Access/General.”

permtype—permissions for the screen. Options include: Read Only and Read/Write.

UserNodeList

displayname—name of the node.

viewname—view in which the node appears.

UserActionList

AddUnit—specifies whether the user can add units (allow or deny).

ModifyUnit—specifies whether the user can modify units (allow or deny).

DeleteUnit—specifies whether the user can delete units (allow or deny).

RenameUnit—specifies whether the user can rename units (allow or deny).

ModifyProperties—specifies whether the user can modify unit properties (allow or deny).

ReassignAgents—specifies whether the user can reassign units to other agents (allow or deny).

AddDeleteModifyView—specifies whether the user can add, delete, or modify views (allow or deny).

ChangeView—specifies whether the user can change views (allow or deny).

AllowCLI—specifies whether the user can use the CLI (allow or deny).

Example

In the following example, the user Linda is added:

sgms> addusers linda.xml

The following is the content of linda.xml.

<? Xml version ="1.0" >
<Sgmscommand>
   <AddUsers>
      <AddUser>
         <UserAccountInfo>
            <Name>Linda</Name>
            <Password>password</Password>
            <UserTypeName>Operators</UserTypeName>
            <DefaultViewName>ISPView</DefaultViewName>
            <FirstName>Linda</FirstName>
            <MiddleName></MiddleName>
            <LastName>Griffith</LastName>
            <Phone>(408)111-2222</Phone>
            <Fax>(408)222-3333</Fax>
            <Email1>lgriffith@sonicwall.com</Email1>
            <Email2></Email2>
            <Timeout>40</Timeout>
         </UserAccountInfo>
         <UserPermsInfo>
            <UserScreenList>
               <UserScreen pathname="Console/Management/Users" permtype="Read Only"> </UserScreen>
               <UserScreen pathname="Policies/Access/General" permtype="Read/Write"></UserScreen>
            </UserScreenList>
            <UserNodeList>
               <UserNode displayname="Palo Alto1" viewname="ISPView" operationtype="Add"></UserNode>
               <UserNode displayname="Houston 1" viewname="View All" operationtype="Add"></UserNode>
            </UserNodeList>
            <UserActionList>
               <AddUnit>allow</AddUnit>
               <ModifyUnit>allow</ModifyUnit>
               <DeleteUnit>deny</DeleteUnit>
               <RenameUnit>deny</RenameUnit>
               <ModifyProperties>deny</ModifyProperties>
               <ReassignAgents>deny</ReassignAgents>
               <AddDeleteModifyView>allow</AddDeleteModifyView>
               <ChangeView>allow</ChangeView>
               <AllowCLI>deny</AllowCLI>
            </UserActionList>
         </UserPermsInfo>
      </AddUser>
   </AddUsers>
</Sgmscommand>

Changing Users

To change user settings, use the changeusers command. This command is similar to the addusers command.

sgms> changeusers xml_file

Syntax

Syntax

xml_file

XML file that contains user information.

Usage Guidelines

The XML file can contain the following:

<? Xml version ="1.0" >
<Sgmscommand>
   <AddUsers>
      <AddUser>
         <UserAccountInfo>
            <Name>username</Name>
            <Password>password</Password>
            <UserTypeName>group</UserTypeName>
            <DefaultViewName>viewname</DefaultViewName>
            <FirstName>firstname</FirstName>
            <MiddleName>middlename</MiddleName>
            <LastName>lastname</LastName>
            <Phone>phone</Phone>
            <Fax>fax</Fax>
            <Email1>email</Email1>
            <Email2>email2</Email2>
            <Timeout>timeout_period</Timeout>
         </UserAccountInfo>
         <UserPermsInfo>
            <UserScreenList>
               <UserScreen pathname="screenpath" permtype="permission_type"> </UserScreen>
            </UserScreenList>
            <UserNodeList>
               <UserNode displayname="node" viewname="viewname" operationtype="optype"></UserNode>
            </UserNodeList>
            <UserActionList>
               <AddUnit>permission</AddUnit>
               <ModifyUnit>permission</ModifyUnit>
               <DeleteUnit>permission</DeleteUnit>
               <RenameUnit>permission</RenameUnit>
               <ModifyProperties>permission</ModifyProperties>
               <ReassignAgents>permission</ReassignAgents>
               <AddDeleteModifyView>permission</AddDeleteModifyView>
               <ChangeView>permission</ChangeView>
               <AllowCLI>permission</AllowCLI>
            </UserActionList>
         </UserPermsInfo>
      </AddUser>
   </AddUsers>
</Sgmscommand>
 

Syntax

UserAccountInfo

User account options include:

Name—username of the user.

Password—password of the user.

UserTypeName—user group to which the user belongs.

DefaultViewName—default view for the user.

FirstName—first name of the user.

MiddleName—middle name of the user.

LastName—last name of the user.

Phone—phone number of the user.

Fax—fax number of the user.

Email1—email address of the user.

Email2—email address of the user.

Timeout—idle-timeout setting for the user.

UserPermsInfo

User permissions information include:

UserScreenList

pathname—path to a screen. For example: “Console/Management/Users” or “Policies/Access/General.”

permtype—permissions for the screen. Options include: Read Only and Read/Write.

UserNodeList

displayname—name of the node.

viewname—view in which the node appears.

UserActionList

AddUnit—specifies whether the user can add units (allow or deny).

ModifyUnit—specifies whether the user can modify units (allow or deny).

DeleteUnit—specifies whether the user can delete units (allow or deny).

RenameUnit—specifies whether the user can rename units (allow or deny).

ModifyProperties—specifies whether the user can modify unit properties (allow or deny).

ReassignAgents—specifies whether the user can reassign units to other agents (allow or deny).

AddDeleteModifyView—specifies whether the user can add, delete, or modify views (allow or deny).

ChangeView—specifies whether the user can change views (allow or deny).

AllowCLI—specifies whether the user can use the CLI (allow or deny).

Example

In the following example, new information is updated for the users Linda and Mike:

sgms> addusers linda.xml

The following is the content of linda-mike.xml.

<? Xml version ="1.0" >
<Sgmscommand>
   <AddUsers>
      <AddUser>
         <UserAccountInfo>
            <Name>Linda</Name>
            <Password>new-password</Password>
            <Phone>(408)555-1212</Phone>
            <Email1>linda@sonicwall.com</Email1>
            <Timeout>70</Timeout>
         </UserAccountInfo>
      </AddUser>
      <AddUser>
         <UserAccountInfo>
            <Name>Mike</Name>
            <Password>new-password</Password>
            <Phone>(408)555-1233</Phone>
            <Email1>mike@sonicwall.com</Email1>
            <Timeout>60</Timeout>
         </UserAccountInfo>
      </AddUser>
   </AddUsers>
</Sgmscommand>

Deleting a Single User

To delete users, use the deleteuser command.

sgms> deleteuser username

Syntax

Syntax

username

Name of a user.

Example

In the following example, the user Linda is deleted:

sgms> deleteuser linda

Deleting Multiple Users

To delete users, use the deleteusers command.

sgms> deleteusers xml_file

Syntax

Syntax

xml_file

XML file that contains user information.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >
<Sgmscommand>
   <DeleteUsers>
      <DeleteUser username="username"></DeleteUser>
      <DeleteUser username="username"></DeleteUser>
   </DeleteUsers>
</Sgmscommand>

Usage guidelines

username

Name of the user to delete.

Example

In the following example, the users John, Linda, and Albert are deleted:

sgms> deleteuser deleteusers.xml

The following is the content of deleteusers.xml.

<? Xml version ="1.0" >
<Sgmscommand>
   <DeleteUsers>
      <DeleteUser username="John"></DeleteUser>
      <DeleteUser username="Linda"></DeleteUser>
      <DeleteUser username="Albert"></DeleteUser>
   </DeleteUsers>
</Sgmscommand>

Adding and Removing Activation Codes

To add or remove activation codes for SonicWall appliances, use the activationcode command.

sgms> activationcode xml_file

Syntax

Syntax

xml_file

XML file that contains activation code information.

Usage Guidelines

The XML file should contain the following:

<? Xml version ="1.0" >
<Sgmscommand>
      <Activation>command_type</Activation>
      <Activation values>
           <Activation category>category</Activation _category >
            <Activation type>activation_type</Activation type>
      </Activation values>
      <Codes>
            <Code>code</code>
            <Code>code</code>
      </Codes>
</Sgmscommand>

Usage Guidelines

 

command_type

Required. Specifies the action to perform. Options include:

add—adds the specified category and type.

delete—deletes the specified activation codes.

list—lists the activation codes for the specified category and type.

To add activation codes, enter add. To remove codes, enter delete.

category

Required for add and list. Enter the category of upgrade. Options include:

Anti-Virus

Content Filter Subscription

PKI End User Certificate

Node Upgrade

PKI Administrator Certificate

VPN Upgrade

VPN Client Upgrade

HA Upgrade

activation_type

Required for add and list. Enter the type of upgrade for the selected category. Options include:

 

Anti-Virus

 

 

 

 

 

 

Content Filter Subscription

 

 

 

PKI EndUser Certificate

 

 

 

 

 

Node Upgrade

 

 

 

 

 

PKI Administrator Certificate

 

 

 

 

 

 

VPN Upgrade

 

 

VPN Client Upgrade

 

 

 

 

HA Upgrade

5 Nodes
10 Nodes
50 Nodes
100 Nodes
1000 Nodes

 

5 Nodes
10 Nodes
50 Nodes
Unlimited Nodes

 

1 Node
10 Nodes
50 Nodes
100 Nodes

 

10->25 Nodes
10->50 Nodes
10->Unlimited Nodes
25->50 Nodes
50->Unlimited Nodes

 

SOHO2/SOHO3
GX 2500/GX 2500 HA Backup
GX 6500/GX6500 HA Backup
XPRS/XPRS2/PRO 100
PRO/PRO-VX/RPO 200/PRO 300
TELE2/TELE3

 

5/10/25/50 Nodes
Unlimited Nodes

 

Single VPN Client
10 VPN Clients
100 VPN Clients
50 VPN Clients
 
PRO/PRO 200

code

Required for add and delete. One or more code numbers. Each code number must appear on its own line.

Example

In the following example, four 100 Node Anti-Virus activation codes are added to GMS:

sgms> activationcode new_virus_codes.xml

The following is the content of new_virus_codes.xml.

<? Xml version ="1.0" >
<Sgmscommand>
      <Activation>add</Activation>
      <Activation values>
           <Activation category>Anti-Virus</Activation _category >
            <Activation type>100 Nodes</Activation type>
      </Activation values>
      <Codes>
            <Code>12345678</code>
            <Code>23456780</code>
            <Code>34567890</code>
            <Code>45678901</code>
      </Codes>
</Sgmscommand>
* 
NOTE: A sample of the file is available on the SonicWall GMS CD-ROM. It is called sample_activationcode.xml and is located in the Misc directory.

Deleting Nodes Using the CLI

To delete a single node, use the deletenode command.

sgms> deletenode displayname viewname [deleteSAs {0 | 1}]

Syntax

 

Syntax

displayname

Required. Specifies the name of the node.

viewname

Required. Specifies the name of a view in which the node appears.

{0 | 1}

Specifies whether the node’s SAs are deleted. To delete the SAs, enter 1. To save the SAs, enter 0.

Example

In the following example, the node “Timbuktu52” and its SAs are deleted.

sgms> deletenode Timbuktu52 NewView deleteSAs 1

Deleting Nodes Using XML

To delete nodes or groups, use the deletenodes command.

sgms> deletenodes xml_file

Syntax

Syntax

xml_file

XML file that contains nodes to delete.

Usage Guidelines

The XML file should contain the following:
<? Xml version ="1.0" >
<Sgmscommand>
   <DeleteNodes>
      <DeleteNode displayname="displayname" viewname="viewname" deleteSAs="0" />
   </DeleteNodes>
</Sgmscommand>

 

Usage guidelines

displayname

Required. Specifies the name of the node. If you specify group parameters, all nodes that belong to the groups will be deleted.

viewname

Required. Specifies the name of a view in which the node appears.

deleteSAs

Specifies whether the node’s SAs are deleted. To delete the SAs, enter 1. To save the SAs, enter 0.

Example

In the following example, “Palo Alto 4” and all nodes within the specified groups are deleted:

sgms> activationcode node-delete.xml

The following is the content of node-delete.xml.

<? Xml version ="1.0" >
<Sgmscommand>
   <DeleteNodes>
      <DeleteNode displayname="Country=USA:State=California:Department=Engineering:Company=
      Silicon Valley" viewname="View All" deleteSAs="1" />
      <DeleteNode displayname="Palo Alto 4" viewname="View All" deleteSAs="0" />
   </DeleteNodes>
</Sgmscommand>

Monitoring Tunnel Status

To monitor the status of a VPN tunnel, use the vpnmonitor status command.

sgms> vpnmonitor status firewall-sn [type {up | down | all }]

Syntax

 

Syntax

firewall-sn

Serial number of the firewall to view.

type {up | down | all }

Specifies which types of tunnels are displayed (default: all).

* 
NOTE: This command causes the SonicWall appliance to display the first five VPN tunnels. If the SonicWall appliance has more than five tunnels, enter the vpnmonitor N command to display the next page of results.

Example

In the following example, the status of each VPN tunnel for the SonicWall appliance with serial number 004010126FB0 is displayed:

sgms> vpnmonitor status 004010126FB0
-----------------------------------------------------------------------------
SA NAME: GroupVPN
LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]
Tunnel ID Status Destination Address Range
MT107998499199600B0D01FDBF8 Down 0.0.0.0 - 0.0.0.0
-----------------------------------------------------------------------------
SA NAME: SGMS-0006B1040148
LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]
Tunnel ID Status Destination Address Range
MT107998499489000B0D01FDBF8 Up 10.0.14.43 - 10.0.14.43
-----------------------------------------------------------------------------
SA NAME: SGMS-0006B1044046
LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]
Tunnel ID Status Destination Address Range
MT107998499529000B0D01FDBF8 Up 10.0.14.44 - 10.0.14.44
-----------------------------------------------------------------------------
SA NAME: SGMS-00401012550C
LAST UPDATED: Mar 22, 2004 Mon [11:49 AM]
Tunnel ID Status Destination Address Range
MT107998499428900B0D01FDBF8 Up 10.0.14.45 - 10.0.14.45
-----------------------------------------------------------------------------
Displayed 0 to 4 of 4 rows.

Monitoring Tunnel Statistics

To view the statistics for a VPN tunnel, use the vpnmonitor statistics command.

sgms> vpnmonitor statistics tunnel-id

Syntax

Syntax

tunnel-id

ID of the tunnel to view.

Example

In the following example, the statistics for tunnel MT107998499428900B0D01FDBF8 are displayed:

sgms> vpnmonitor statistics MT107998499428900B0D01FDBF8
Statistics for tunnel MT107998499428900B0D01FDBF8
-------------------------------------------------------------------
SA Name: SGMS-00401012550C
Gateway: 10.0.14.45
Source Address Range: 0.0.0.0 - 255.255.255.255
Destination Address Range: 10.0.14.45 - 10.0.14.45
Creation Time: 03/19/2004 10:43:34
Expiry Time: SaUpTime: No Expiry
Packets In: 18822
Packets Out: 2941
Bytes In: 267
Bytes Out: 103
Fragmented Packets In: 0
Fragmented Packets Out: 0
-------------------------------------------------------------------

Refreshing a Tunnel

To refresh a tunnel, use the vpnmonitor refresh command.

sgms> vpnmonitor refresh tunnel-id

Syntax

 

tunnel-id

ID of the tunnel to view.

Example

In the following example, tunnel MT107998499428900B0D01FDBF8 is refreshed:

sgms> vpnmonitor refresh MT107998499428900B0D01FDBF8

Renegotiating a Tunnel

To renegotiate a VPN tunnel, use the vpnmonitor renegotiate command.

sgms> vpnmonitor renegotiate tunnel-id

Syntax

Syntax

tunnel-id

ID of the tunnel to view.

Example

In the following example, tunnel MT107998499428900B0D01FDBF8 is renegotiated:

sgms> vpnmonitor renegotiate MT107998499428900B0D01FDBF8

Synchronizing Tunnel Information

To synchronize VPN information for a SonicWall appliance with GMS, use the vpnmonitor synchronize command.

sgms> vpnmonitor synchronize firewall-sn

Syntax

Syntax

firewall-sn

Serial number of the firewall to view.

Example

In the following example, tunnel status information for each VPN tunnel on the SonicWall appliance with serial number 004010126FB0 is synchronized with GMS:

sgms> vpnmonitor synchronize 004010126FB0

Configuring SonicWall Parameters

This section describes how to use the configure command to execute a group of commands using an XML configuration file.

Using the Configure Command

To execute a group of commands in an XML configuration file, use the configure command.

sgms> configure xml_file

* 
NOTE: For information on creating a configuration file, see Preparing a Configuration File on page 1115.

Syntax

Syntax

xml_file

The XML file that contains configuration instructions.

Usage Guidelines

When this command is entered, GMS does the following:

Checks whether the command is entered with the correct parameters.
If the command is not entered correctly, it returns the correct form of the command.
Checks the validity of the XML file.
Executes the command.
Closes the session and exits.

Example

In the following example, the user admin logs in using the password “password” and runs an addunit command.

sgms> configure configure.xml

Preparing a Configuration File

Configuration files can be used to set, add, or delete parameters that are normally only accessible from the GMS UI. Additional examples of XML files are found in the SGMS2/CLI directory. The following is the format of an XML configuration file:

* 
NOTE: For information on configuration parameters, see Configuration Parameters.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE Configure [
<!ELEMENT Configure (Task*)>
<!ELEMENT Task (SetParam*,DelParam*,AddParam*)>
<!ATTLIST Task
displayname CDATA #REQUIRED
viewname CDATA #REQUIRED
updatetype CDATA #REQUIRED
tasktype CDATA #REQUIRED
description CDATA #REQUIRED>
<!ELEMENT SetParam EMPTY>
<!ATTLIST SetParam
setParamName CDATA #REQUIRED
setParamValue CDATA #REQUIRED>
<!ELEMENT DelParam EMPTY>
<!ATTLIST DelParam
delParamName CDATA #REQUIRED
delParamValue CDATA #REQUIRED>
<!ELEMENT AddParam EMPTY>
<!ATTLIST AddParam
addParamName CDATA #REQUIRED
addParamValue CDATA #REQUIRED>
]>
<Configure>
<Task
displayname="firewall_parameters"
viewname="view_name"
updatetype="update_type"
tasktype="task_type"
description="description"
>
<AddParam addParamName="add_parameter_name" addParamValue="add_parameter_value"/>
<AddParam setParamName="set_parameter_name" setParamValue="set_parameter_value"/>
</Task>
</Configure>

 

Parameters

firewall_parameters

Required. Specifies the firewall or parameters of the firewalls that will updated.

To specify a single firewall, enter the firewall name. For example:

displayname="Firewall_42"

To specify more than one firewall, enter each group parameter that applies to the firwall. For example:

displayname="Country=USA:State=California:Department=Engineering"

view_name

Specifies the view to which the firewall or group of firewalls belongs. This allows you to apply changes to firewalls within a specific view.

For example, to apply the changes to firewalls that meet the parameters that you specified in the view “USA_west_coast,” enter the following:

viewname=”USA_west_coast”

update_type

Specifies the kind of update to be performed such as changing existing values, adding new values, or deleting values. Options include:

change_field—used to set a non-array-type field
add_array_field—used to add an array-type field
del_array_field—used to delete a value from an array-type field
special_action—used to perform special tasks, such as synchronizing or restarting a firewall

task_type

Specifies the task type. Options include:

Configure_FW—used to configure SonicWall firewalls
Configure_RC—used to configure Ravlin devices
Register—used to register SonicWall appliances

description

Description of the tasks you are performing. This information appears in the log files.

Parameter Settings

Used to add, delete, or set parameters.

Change Fields
Used to set independent firewall parameters.

set_parameter_name—specifies the name of the parameter.
set_parameter_value—specifies the new setting.

For example, to create a task to change the time zone of the firewall (the timezone parameter), enter the following:

updatetype=change_field
tasktype=Configure_FW
description=Change Timezone
setParamName=timezone
setParamValue=829

 

Add Fields
Used to add new firewall parameters.

add_parameter_name—specifies the name of the parameter.
add_parameter_value—specifies the new parameter setting.

For example, to add a rule (such as Allow File Transfer (FTP)), use the following text:

updatetype=add_array_field
tasktype=Configure_FW
description=Add Rule, Allow File Transfer (FTP)
setParamName=serviceNameInRule
setParamValue=File Transfer (FTP)

 

Delete Fields
Used to delete firewall parameters.

del_parameter_name—specifies the name of the parameter.
del_parameter_value—specifies the setting to delete.

For example, to remove a rule (such as Allow File Transfer (FTP)), use the following text:

updatetype=del_array_field
tasktype=Configure_FW
description=Delete Rule, Allow File Transfer (FTP)
setParamName=serviceNameInRule
setParamValue=File Transfer (FTP)

 

Special Action
Used to execute special actions such as a resetting a firewall.

set_parameter_name—specifies the name of the parameter.
set_parameter_value—specifies the action to execute.

For example, to restart a firewall, use the following text:

updatetype=special_action
tasktype=Configure_FW
description=Restart Firewall
setParamName=cgi_action
setParamValue=restart

Modifying SonicWall Parameters

This section describes how to use the ModifyArray command to change SonicWall appliance settings using an XML configuration file.

Using the ModifyArray Command

To modify a SonicWall parameter setting, use the ModifyArray command.

sgms> modifyarray xml_file

* 
NOTE: For information on creating a configuration file, see Preparing a Parameter Modification File on page 1118.

Syntax

Syntax

xml_file

The XML file that contains configuration instructions.

Usage Guidelines

When this command is entered, GMS does the following:

Checks whether the command is entered with the correct parameters.
If the command is not entered correctly, it returns the correct form of the command.
Checks the validity of the XML file.
Executes the command.
Closes the session and exits.

Example

In the following example, the value of the secondary phone number is changed to the number specified in the primary phone number field and the primary phone number is changed to 800-555-1212.

sgms> modifyarray modify.xml

The following is the content of modify.xml.

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE Configure (View Source for full doctype...)>
   <Configure>
      <Task displayname="root" viewname="AGENTCompany" description="Modify SP Profiles" arraytable
      name="SW_PROFILES" indidxcolumnname="dialupProfileInUse_0">
         <ArrayIndexColumnName paramName="dialConfigName" />
         <ModParam paramName="secPhone" paramValue="%priPhone%" />
         <ModParam paramName="priPhone" paramValue="[18005551212]" />
      </Task>
   </Configure>

Preparing a Parameter Modification File

Modification files can be used to change parameters that are normally only accessible from the GMS UI. For example, you can change the DNS Settings of the first DNS server to a specific new address or you can set the IP address of the first DNS server to the IP address of the second server for each selected SonicWall appliance.

The following is the format of an XML modification file:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE Configure [
<!ELEMENT Configure (Task*)>
<!ELEMENT Task (ArrayIndexColumnName*,ModParam*)>
<!ATTLIST Task
displayname CDATA #REQUIRED
viewname CDATA #REQUIRED
description CDATA #REQUIRED
arraytablename CDATA #REQUIRED
indidxcolumnname CDATA #REQUIRED>
<!ELEMENT ArrayIndexColumnName EMPTY>
<!ATTLIST ArrayIndexColumnName
paramName CDATA #REQUIRED>
<!ELEMENT ModParam EMPTY>
<!ATTLIST ModParam
paramName CDATA #REQUIRED
paramValue CDATA #REQUIRED>
]>
<Configure>
<Task displayname="firewall_parameters"
viewname="view_name"
description="description"
arraytablename="SW_PROFILES"
indidxcolumnname="dialupProfileInUse_0"
>
<ArrayIndexColumnName paramName="column_name"/>
<ModParam paramName="secPhone" paramValue="param_value"/>
<ModParam paramName="priPhone" paramValue="param_value"/>
</Task>
</Configure>

 

Parameters

firewall_parameters

Required. Specifies the firewall or parameters of the firewalls that will updated.

To specify a single firewall, enter the firewall name. For example:

displayname="Firewall_42"

To specify more than one firewall, enter each group parameter that applies to the firwall. For example:

displayname="Country=USA:State=California:Department=Engineering"

To specify all firewalls, enter “root”. For example:

displayname="root"

description

Description of the tasks you are performing. This information appears in the log files.

view_name

Specifies the view to which the firewall or group of firewalls belongs. This allows you to apply changes to firewalls within a specific view.

For example, to apply the changes to firewalls that meet the parameters that you specified in the view “USA_west_coast,” enter the following:

viewname=”USA_west_coast”

column_name

Specifies the array index column name.

Parameter Values

Used to modify parameters.

Modify Parameters
Used to set independent firewall parameters.

param_name—specifies the name of the parameter.
param_value—specifies the new setting. This can be a variable that refers to another the setting for another paramter. For example, the following string will change the Secondary modem phone number to the value of the Primary modem phone number:

<ModParam paramName="secPhone" paramValue="%priPhone%" />

Configuration Parameters

For the latest list of available CLI configuration parameters, see the SonicWall GMS CLI Reference Guide, which is available at the following URL:

https://support.sonicwall.com/sonicwall-gms/software/technical-documents

This chapter contains information on how to retrieve parameters that can be used with the command-line interface (CLI) configure command.

System/Time

This section describes parameters that can be configured for the time screen of the System tree. To get the firewall parameters list that needs to be configured on the firmware, it is necessary to query the back-end database.

To configure the time screen, complete the following steps:
1
Open Query Analyzer, select the sgmsdb database, then execute the following queries:
Select ID from screens with names like 'Time'. Output: 1003
Query to get the details of the parameters.
Select prefs_file_name,independent,default_value from params_info where prefs_file_name in (Select param_name from sub_policy where screen_id = 1003)

Table provides the parameters returned from the previous query.

 

Query Parameters

Prefs file name

Independent

Default value

Min. value

Max. value

addCustomNTPServer

0

 

Null

Null

ntp_updateInterval

1

60

Null

Null

ntp_useDst

1

0

Null

Null

ntp_useNtp

1

0

Null

Null

ntp_utcLogs

1

0

Null

Null

timezone

1

28

Null

Null

useInternational

1

0

Null

Null

Grouping independent and array parameters from the previous query results in:

Independent Parameter list: ntp_updateInterval, ntp_useDst, ntp_useNtp, ntp_utcLogs, timezone, useInternational (Independent attribute value 0)
Array List: addCustomNTPServer (Independent attribute value 1)

The following provides the XML used to configure the Array parameters in the time screen:

<!ELEMENT Task (SetParam*,DelParam*,AddParam*)>

<!ATTLIST Task

displayname CDATA #REQUIRED

viewname CDATA #REQUIRED

updatetype CDATA #REQUIRED

tasktype CDATA #REQUIRED

description CDATA #REQUIRED>

<!ELEMENT SetParam EMPTY>

<!ATTLIST SetParam

setParamName CDATA #REQUIRED

setParamValue CDATA #REQUIRED>

xml_file The XML file that contains configuration instructions.

Using the Command Line Interface 27

<!ELEMENT DelParam EMPTY>

<!ATTLIST DelParam

delParamName CDATA #REQUIRED

delParamValue CDATA #REQUIRED>

<!ELEMENT AddParam EMPTY>

<!ATTLIST AddParam

addParamName CDATA #REQUIRED

addParamValue CDATA #REQUIRED>

]>

<Configure>

<Task

displayname="firewall_parameters"

viewname="view_name"

updatetype="update_type"

tasktype="task_type"

description="description"

>

<AddParam addParamName=" addCustomNTPServer " addParamValue="10.0.0.1"/>

</Task>

</Configure>

The following provides the XML to configure independent parameters for the time screen.

<!ELEMENT Task (SetParam*,DelParam*,AddParam*)>

<!ATTLIST Task

displayname CDATA #REQUIRED

viewname CDATA #REQUIRED

updatetype CDATA #REQUIRED

tasktype CDATA #REQUIRED

description CDATA #REQUIRED>

<!ELEMENT SetParam EMPTY>

<!ATTLIST SetParam

setParamName CDATA #REQUIRED

setParamValue CDATA #REQUIRED>

xml_file The XML file that contains configuration instructions.

Using the Command Line Interface 27

<!ELEMENT DelParam EMPTY>

<!ATTLIST DelParam

delParamName CDATA #REQUIRED

delParamValue CDATA #REQUIRED>

<!ELEMENT AddParam EMPTY>

<!ATTLIST AddParam

addParamName CDATA #REQUIRED

addParamValue CDATA #REQUIRED>

]>

<Configure>

<Task

displayname="firewall_parameters"

viewname="view_name"

updatetype="update_type"

tasktype="task_type"

description="description"

<AddParam setParamName=" ntp_updateInterval " setParamValue="30"/>

<AddParam setParamName= " ntp_useDst " setParamValue="1"/>

<AddParam setParamName=" ntp_useNtp " setParamValue="1"/>

<AddParam setParamName=" ntp_utcLogs " setParamValue="1"/>

<AddParam setParamName=" timezone " setParamValue="829"/>

<AddParam setParamName=" useInternational " setParamValue="1"/>

</Task>

</Configure>

Integrating Third-Party Appliances

This appendix is designed to help you integrate the SonicWall™ Global Management System (GMS) with ConnectWise and Flowgear third-party appliances. This appendix contains the following sections:

GMS Integration with ConnectWise

In GMS 7.0 the scheduled reports changed significantly, affecting the integration between GMS and ConnectWise. This is because of the scheduled reports in GMS 7.0 and higher having a different XML structure than the reports created in GMS 6.0.

To resolve this issue, the GMS Scheduled Reports for ConnectWise are created using Web Services and processed by backward compatibility.

* 
NOTE: The configuration procedures do not require any changes to the ConnectWise application.

System or Network Prerequisites

The GMS integration with the ConnectWise application requires the following prerequisites:

Install the latest GMS firmware.
Knowledge of web services deployment. Choose one of the following options:
If this is your first time using GMS, refer to the latest GMS Administration Guide on how to setup the deployment for Web Services, before proceeding to the Creating a Scheduled Report Section.
If you were using GMS 6.0, upgraded to GMS 7.0 or higher, and are familiar with configuring web services, proceed to the Creating a Scheduled Report section.

Creating a Scheduled Report

This section details an example configuration procedure for creating a GMS Scheduled Report using Web Services.

Use the following Uniform Resource Identifier (URI) template, Report Mapping table, and EXAMPLE System Information, for the configuration procedure:

URI Template:Report

https://<ip>:<port>/ws/addReport/?username=<gmsid>&password=<password>&encType=0&serial_number=<serial number>&report_id=<report ID from report mapping table>&sch_name=<report schedule name>

* 
NOTE: Remove the “< >” as you replace the text-field with the appropriate value.
Report Mapping Table
 

Report mapping table

Report ID

GMS 7.0 and higher Report Name

GMS 6.0 Report Name

37010

Data Usage Timeline

Bandwidth Summary

38325

Web Activity - Top Sites

Web Usage Top Sites

38526

Intrusions - Top Targets

Intrusion by Category

38425

Web Filter - Top Sites

Top Filtered Sites

System Information
 

System information

Name

Description

GMS Deployment

IP address: 10.1.1.100
Port: 443

Serial Number

000011112222

Report ID

Bandwidth Summary, 37010

Report Schedule Name

ConnectWiseReport1

NOTE: The Report Schedule Name is required to be unique to each report.
To create a GMS Scheduled Report, complete the following steps:
1
Incorporate the System Information into the URI template.
2
Copy the completed URI into your web browser’s address bar.

https://10.1.1.100:443/ws/addReport/?username=gmsws&password=password&encType=0&serial_number=000011112222&report_id=37010&sch_name=ConnectWiseReport1

GMS Integration with Flowgear

This section details the SonicWall GMS integration with the Flowgear third-party appliance. This section contains the following subsections:

Configuring Flowgear in the GMS Management Interface

This section contains configuration procedures for the Flowgear appliance through the SonicWall GMS management interface.

Linking SonicWall GMS appliances to Autotask Accounts

Autotask customers are linked to the SonicWall GMS by setting up custom groups in the SonicWall GMS management interface.

To link your SonicWall GMS to an Autotask account, complete the following steps:
1
Navigate to the Console > Management > Custom Groups page.

2
Click Add Category.
An Add Group Category pop-up window displays:

3
Enter Customer Code in both text fields.
4
Click OK.
5
Navigate to the Firewall tab.

6
Right-click Global View in the left navigation menu, and then select the Refresh option.
7
Right-click each firewall device and select the Modify Procedures option.

A list of custom groups displays with the default values:

8
Enter the Autotask Account Number for the matching customer in the CustomerCode field.

Enabling Access to Passwords

To enable passwords for firewall devices to be integrated into Autotask configuration, complete the following steps:
1
Navigate to the Console > Management > Settings page.

2
Disable Enforce Password Security.
This allows the passwords to be viewed through the Autotask management interface over a secure connection.
3
Click Update.

Setting up Autotask Accounts

SonicWall appliances are linked to Autotask by using the Account Number text field in the Autotask management interface.

1
Setup a new Autotask customer account.
2
Edit the new account so that the Autotask Account Number matches the Customer Code set up in the SonicWall GMS appliance.

Installing and Registering a DropPoint

A DropPoint is a Windows Service installed on the local infrastructure that enables the Flowgear cloud to integrate with data sources that are not exposed to the Internet. Where all data sources required for an integration are exposed to the Internet, it is not necessary to use a DropPoint.

After completing the steps in this section, you can choose a DropPoint when configuring connections to data sources.

Installing the DropPoint

To install the DropPoint application, complete the following steps:
1
Navigate to Flowgear.net and sign in.
2
In the DropPoints page, download the latest DropPoint installer.
3
Install the DropPoint on to a suitable application server within your infrastructure.

Registering the DropPoint

To register the DropPoint application, complete the following steps:
1
Navigate to the Start menu, and then launch Flowgear DropPoint.
2
Sign in with your Flowgear Credentials.
3
Select the site you would like to register the DropPoint against, and then click Register.
4
Restart the Flowgear DropPoint:
a
Navigating to the Control tab > Administrative Tools > Services page.
b
Right-click the Flowgear DropPoint and select Restart.

Configuring and Using the Accelerator

In the Workflows page, all the Workflows related to the Accelerator are displayed. Before you can use the Accelerator, you must first set up the connections for the following:

SonicWall GMS – using SonicWall GMS credentials
Autotask – using a Autotask login

The Accelerator consists of three Workflows:

Before using these Workflows, complete the following steps:
1
Click Configure next to each Workflow, and then enter the required connection information.
2
Click Test Connection to verify the details have been correctly captured and the endpoints are accessible.
3
Where the endpoint is not exposed to the Internet, choose the DropPoint registered in the last step from the DropPoint drop-down list.

Creating and Updating Configurations

This workflow refreshes the list of Autotask Configurations from SonicWall GMS.

On first use, click Run Now to pull the list of configurations through. Use the Turn On link to enable Always On mode.

In this mode, configurations are automatically refreshed every six hours.

Creating Tickets

Create Tickets raises tickets for firewall device alerts and automatically closes tickets where the originating alert is no longer present in the GMS appliance. When Always On is enabled, this workflow checks for new tickets every 15 minutes.

The SonicWall and Autotask connection configuration for Ticket Creation is the same as the prior integration. Provided these connections have been correctly specified, the Queue drop-down list is populated with a list of all available queues in Autotask. Select the queue you would like to create tickets within and click Save.

Email a Status Report

This workflow is used to provide feedback on integration activity and can be configured to run at a specific interval. Specify the email addresses you would like to receive these notifications, separating them with a semi-colon if more than one is required. Finally, indicate the types of feedback you would like to receive (configuration reports and/or ticket reports).

Capacity Planning and Performance Tuning

This appendix contains the following sections:

About Capacity Planning

In SonicWall™ Global Management System (GMS), the capacity planning process is critical to building a successful deployment. There are many factors that impact the capacity of a GMS Deployment, the following are the key factors that need to be identified first.

Incoming Syslog Volume (preferred method - more accurate than number and type of appliances
Number and type of appliances under reporting
Reporting Needs (daily, weekly, monthly, and ad-hoc)
Data Retention Policy (typically three months)
Data Backup Policy (typically one backup)

These factors determine the type of GMS deployment and System Resources required.

Topics:

Calculating the Syslog Count

Use a calculation that matches your system deployment to obtain the Syslog count.

Existing Deployment
1
The principal input to Capacity Calculator 2 is one of three things:
a
# and type of firewall
b
# of users and browsing hours or
c
Syslogs in millions/day. The most accurate is syslogs/day. This can be determined in Step 2.
2
An existing GMS system provides you with an idea of the actual syslog traffic in your network. Console > Diagnostics > Summarizer Status (see the following example).

3
If an actual measurement of syslog traffic is not available, then the following rules-of-thumb can be manually inserted into the Capacity Calculator:

Table 1.  

TZ Units

1 million syslogs per day

NSA

5 million syslogs per day

E-class

10-100 million syslogs per day

Supermassive

100-250 million syslogs per day

4
Factor in headroom for expected growth to avoid under-sizing the system and requiring a redesign.
5
Resource-wise, ensure:
a
4-8 virtual CPU cores per GMS server
b
16-64GB RAM per server
c
10k RPM local hard drives or faster
d
Dedicated CPU and RAM allocations if using a virtual appliance.
6
Any SuperMassive firewall should have a dedicated GMS Agent server.
7
On systems with high syslog volume (total disk space DB+backup approaching 1TB), set the Capacity Calculator to retain reporting data on local HDD for three months to mitigate impact of long backup times. We will use the Data Export Tool to periodically offload raw syslogs for longer term (such as 12 months) of external storage.
8
On systems with low syslog volume, (such as SOHO/TZ firewalls), you can assign up to 100 firewalls per GMS Agent for moderate levels of report generation or up to 400 firewalls per GMS Agent for management-only/no reporting requirements.
9
The output of the Capacity Calculator is a recommended deployment configuration of the GMS Distributed System.

About Performance Tuning

Topics:

How to monitor the Disk Space for Caching Requirement

This section contains the following subsections:

* 
NOTE: If you are generating weekly and monthly reports, and this process is taking upwards of an hour or so to generate each scheduled report, you need to setup your GMS for nightly optimization. Contact SonicWall Support for step-by-step procedures.

Working space is required to run reporting queries and to perform nightly optimization (if enabled). The nightly optimization is executed on a day’s worth of syslogs at a time that are stored in the reporting database, so knowing the average number of syslogs per day uploaded to the database is the first step. You can determine this number by accessing the TSR from the “/appliance” interface of the GMS server you are interested in.

The following TSR example shows the calculation for estimated work space required, using the March 2012 entry (raw_201203):

First Calculation (average syslogs per day)

Formula: (number of syslogs / number of days = syslogs per day)

Number of syslogs: 40,824,667

Number of Days: 15

Calculation: 40,824,667 / 15 = 2,721,644 (2.7 million syslogs)

So the average syslogs collected per day in March is 2.7 million syslogs.

The previous TSR approach is a workaround to determine how many syslogs your system is getting per day.

Second Calculation (working space required for optimization)

Formula: (Number of millions syslogs per day x 2GB = x GB) if this equates to less than 20GB, use 20GB.

Number of syslogs per day (use number from first calculation): 2.7 million

Calculation: 2.7 x 2GB = 5.4GB

Because 5.4GB is less than 20GB, use 20GB.

Make sure that in the previous example you maintain at least 20GB of free disk space.

Distributed Deployment

For optimal performance of GMS, it is recommended to use distributed deployment of GMS in production environment. The specifics of the distributed deployment architecture typically depend on the following:

The amount of syslogs entering the GMS system.
The types of Scheduled Reports (Daily vs. Weekly/Monthly).

In the GMS architecture, reports are created by querying in real-time the reporting databases that run on each Agent managing the appliances. Creating reports for longer time-periods (such as Monthly) requires that higher RAM and disk space be available to the reporting databases. With less RAM and disk space, monthly reports can be created, but the report generation takes longer periods.

If RAM and disk-space cannot be increased on an Agent, reducing the amount of syslogs coming into that Agent helps improve report generation performance. This is achieved either by disabling some syslogs from being sent by appliances, or by adding more Agents to distribute the load further.

Another way to increase the RAM available for reporting database is by having dedicated Agents for managing appliances, and not having Console or AIOP role systems to manage any appliance.

Virtual Appliances run 32-bit operating systems, which limits the amount of RAM that reporting databases have access to in these environments. These platforms are perfect for handing 15 to 20 million syslogs per day, and for daily reports.

For deployments where Weekly or Monthly reports are required, 64-bit operating systems (Windows), with a minimum of 8GB RAM (preferably 16GB RAM) are needed for faster performance of scheduled reports delivery.

A key factor affecting reporting performance is the disk I/O characteristics. The Syslog collection, uploading syslogs to the reporting database, and querying of the reporting database for creating reports, are very disk intensive. Continued disk I/O bottlenecks impact reporting performance. In Windows, “perfmon” can be used to monitor your disk I/O, specifically the counters “% Disk Time” and “Current Disk Queue Length.” The average value of the counter “% Disk Time” should be as low as possible (but not zero). An average value of 90 percent or more indicates that the hard disk cannot keep up with the demand. This could be because of a hard disk that is too slow, or it could be caused by excessive paging (that might require you to increase RAM). The “Current Disk Queue Length” counter tells you how many I/O operations are waiting for the hard disk to become available. Again, this number should be as low as possible. There are differing opinions of what is an acceptable value, but in general the average disk queue length should be very low, such as three or less.

The default installation of GMS installs all modules on a single drive. Separating out hard-disks for different operations further improves performance. This separation can be done in the following two areas:

Syslog Collection: By default, syslogs are collected in the “<GMSVP>\syslogs” folder. The Syslog Collector service writes the syslogs in real time in this folder. The faster the disk, the better the performance of writing syslogs to this folder. These syslogs are then read by the Summarizer service to be parsed, enhanced, and then uploaded to the reporting database. To change the syslogs collection folder, change the following sgmsConfig.xml entry:
<Parameter name="syslogFilePath" value="C:\GMSVP\syslogs"/>
Reporting Database Cache: On Windows this database cache resides in the “<GMSVP>\Infobright\cache” folder. This is a temp working folder used by the reporting database to build the query data. Because the reporting database is installed by default in the same drive as GMS is installed, it is recommended to use a different hard disk for the cache folder. This can be achieved by creating a folder such as “G:\cache” and using that folder path in the file “<GMSVP>\infobright\data\brighthouse.ini” as follows:
CacheFolder=G:\cache

It is recommended that this drive has at least 20GB space available.

Finally, consider including only a subset of report types for Monthly Scheduled reports. For instance, under “Data Usage” the sub-report “Details” is a consolidation of all other sub-reports (Timeline, Initiators, Responders and Services). So, in your monthly reports, either add the “Details” report, or the Timeline, Initiators, Responders, and Services, but do not add both.

For most GMS deployments the previously mentioned fine-tuning is not necessary. However, for deployments that see suboptimal performance of monthly reports, the previous fine-tuning steps are important. The bullets below are a recap of the fine-tuning options detailed in this section:

Check disk I/O performance and consider using a high speed HDD.
Check RAM requirements, monitor its paging and consider adding RAM.
Consider separating out drives where syslogs are stored and reporting database cache resides.
Consider distributing the deployment further by adding more agents.
Consider setting up only agents for managing units and not using consoles or AIOP system managed units at all.
Consider filtering out syslogs at the source (Firewalls) by disabling syslogs not needed, or filtering syslogs at the GMS by adding syslog filters (that allow you to collect the syslogs on the file system for auditing, but do not get uploaded to the reporting database).
Consider not adding duplicate reports to the monthly reports.

General Tuning

The following steps can be taken to improve summarizer performance:

1
Make sure the latest patches have been applied.
2
Configure Summarizer(s) to summarize more frequently:
a
Navigate to Console > Reports > Summarizer page.
3
Reduce the syslog archiving interval, which defines how often the processed syslog files are zipped and moved into the “[GMSVP]\syslogs\archivedSyslogs” folder:

Modify the value of the following parameter in the “[GMSVP]\conf\sgmsConfig.xml” file to set it to 90 (minutes):

<Parameter name="syslogArchiveInterval" value="90"/>

4
Navigate to the Monitor > Tools > Real-Time Syslog page, then disable Syslog Forwarding.
5
Navigate to the Console > Diagnostic > Debug Log Settings page, then disable any debug logging. Set it to 0.
6
Be sure to restart the GMS services after making changes to the “sgmsConfig.xml” file.

Offloading units to other agents

After performance tuning has been done and the system is still not able to keep up with the load or the performance of reports is under par, the best solution is to move some units from the low performing deployment to a new agent.

To find a suitable unit to move, complete the following steps:
1
Navigate to the root node in the tree control and go to the Reports > Data Usage > Summary page. In a distributed deployment, change the view to a Scheduler View and navigate to the scheduler that is under-performing.
2
From the date selector, pick a date for which data is available for all units. This could be an old date.
3
Enable the server-side sort option.
4
Click OK to generate the report.
5
Click on the Connections header in the grid to sort by connections. The unit(s) with the highest number of connections would be likely candidates for moving to a new agent.
6
Disable server-side sorting after you are done.

Filter Operator Support

This appendix contains the following sections:

Filter operators, uses, and results

The following tables provide available filter operators, the supported data types and combinations, along with expected and actual results when using them.

 

Filter operators, use, and results

Filter operator

Supported data type

Supported combinations

Example

GMS version

Expected result

Actual result

=

num

single

48

7.1

Retrieves all values with this value.

Retrieved all values with this value.

 

string

single

administrator

7.1

Retrieves all values with this value.

Retrieved all values with this value.

 

ip

single

10.0.5.12

7.1

Retrieves all values with this value.

Retrieved all values with this value.

 

ip

single

fe80::7c4d:9467:fad3:4796

7.2

Retrieves all values with this value.

Retrieved all values with this value.

 

ip

single

fe80:0000:0000:0000:7c4d:9467:fad3:4796

7.2

Retrieves all values with this value.

Retrieved all values with this value.

 

mac

single

00:0c:29:8f:b2:ec

8.0

Retrieves all values with this value.

Retrieved all values with this value.

!=

num

single

48

7.1

Retrieves all values apart from this value.

Retrieved all values apart from this value.

 

string

single

administrator

7.1

Retrieves all values apart from this value.

Retrieved all values apart from this value.

 

ip

single

10.0.5.12

7.1

Retrieves all values apart from this value.

Retrieved all values apart from this value.

 

ip

single, IPv6 compressed format

fe80::7c4d:9467:fad3:4796

7.2

Retrieves all values apart from this value.

Retrieved all values apart from this value.

 

ip

single, IPv6 expanded format

fe80:0000:0000:0000:7c4d:9467:fad3:4796

7.2

Retrieves all values apart from this value.

Retrieved all values apart from this value.

 

mac

single

00:0c:29:8f:b2:ec

8.0

Retrieves all values apart from this value.

Retrieved all values apart from this value.

>

num

single

48

7.1

Retrieves all values greater than this value.

Retrieved all values greater than this value.

>=

num

single

48

7.1

Retrieves all values greater than equal to this value.

Retrieved all values greater than or equal to this value.

<

num

single

48

7.1

Retrieves all values lesser than this value.

Retrieved all values lesser than this value.

<=

num

single

48

7.1

Retrieves all values lesser than or equal to this value.

Retrieved all values lesser than or equal to this value.

IN

num

Multiple values separated with a comma (,).

48,96,55

7.1

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

string

Multiple values separated with a comma (,).

admin,steve,richard

7.1

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

ip

Multiple values separated with a comma (,).

10.0.5.12,10.5.6.13

7.1

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

ip

Multiple values separated with a comma (,). IPv6 compressed format.

fe80::7c4d:9467:fad3:4796, fe80::7c4d:9467:fad3:4799

7.2

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

ip

Multiple values separated with a comma (,). IPv6 expanded format.

fe80:0000:0000:0000:7c4d:9467:fad3:4796, fe80:0000:0000:0000:7c4d:9467:fad3:4798

7.2

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

ip

Multiple values separated with a comma (,). IPv4 and IPv6 compressed format.

10.0.5.12, fe80::7c4d:9467:fad3:4799

7.2

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

ip

Multiple values separated with a comma (,). IPv4 and IPv6 expanded format.

10.0.5.12, fe80:0000:0000:0000:7c4d:9467:fad3:4798

7.2

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

 

mac

single

00:0c:29:8f:b2:ec

8.0

Retrieves all values with this value.

Retrieved all values with this value.

 

mac

Multiple values separated with a comma (,).

00:0c:29:8f:b2:ec,00:0c:29:8f:b2:ed

8.0

Retrieves all values with comma separated values.

Retrieved all values with comma separated values.

NOT IN

num

Multiple values separated with a comma (,).

48,96,55

7.1

Retrieves all but comma separated values.

Retrieved all but comma separated values.

 

string

Multiple values separated with a comma (,).

admin,steve,richard"

7.1

Retrieves all but comma separated values.

Retrieved all but comma separated values.

 

ip

Multiple values separated with a comma (,).

10.0.5.12,10.5.6.13

7.1

Retrieves all but comma separated values.

Retrieved all but comma separated values.

 

ip

Multiple values separated with a comma (,). IPv6 compressed format.

fe80::7c4d:9467:fad3:4796, fe80::7c4d:9467:fad3:4799

7.2

Retrieves all but comma separated values.

Retrieved all but comma separated values.

 

ip

Multiple values separated with a comma (,). IPv6 expanded format.

fe80:0000:0000:0000:7c4d:9467:fad3:4796, fe80:0000:0000:0000:7c4d:9467:fad3:4798

7.2

Retrieves all but the comma separated values.

Retrieved all but the comma separated values.

 

ip

Multiple values separated with a comma (,). IPv4 and IPv6 compressed format.

10.0.5.12, fe80::7c4d:9467:fad3:4799

7.2

Retrieves all but the comma separated values.

Retrieved all but the comma separated values.

 

ip

Multiple values separated with a comma (,). IPv4 and IPv6 expanded format.

10.0.5.12, fe80:0000:0000:0000:7c4d:9467:fad3:4798

7.2

Retrieves all but the comma separated values.

Retrieved all but the comma separated values.

 

mac

single

00:0c:29:8f:b2:ec

8.0

Retrieves all values apart from this value.

Retrieved all values apart from this value.

 

mac

Multiple values separated with a comma (,).

00:0c:29:8f:b2:ec,00:0c:29:8f:b2:ed

8.0

Retrieves all but the comma separated values.

Retrieved all but the comma separated values.

LIKE

str

Single value containing a * as a wildcard character.

ste*

7.1

Matches multiple values with a wildcard substitution of *.

Matched multiple values with a wildcard substitution of * In this example steve, stephen, and so on.

 

ip

Single value containing a * as a wildcard character.

10.5.6.*

7.1

Matches multiple values with a wildcard substitution of *

Matched multiple values with a wildcard substitution of * In this example, 10.5.6.10,10.5.6.11,etc

 

ip

Single value containing a * as a wildcard character.

fe80:0000:0000:0000:7c4d:9467:fad3:479*

7.2

Matches multiple values with a wildcard substitution of *.

Matched multiple values with a wildcard substitution of *. In this example fe80:0000:0000:0000:7c4d:9467:fad3:4791/2/3/4/5

 

ip

Single value containing a * as a wildcard character.

fe80::1234:* fe80::123% fe80:%::1234

7.2

fe80:0:0:0:0:0:1234:% fe80:0:0:0:0:0:0:123% fe80:%:0:0:0:0:0:1234

 

 

mac

Single value not containing a * as a wildcard character.

00:0c:29:8f:b2:ec

8.0

Retrieves all values with this value.

Retrieved all values with this value.

 

mac

Single value containing a * as a wildcard character.

00:0c:29:8f:b2:e*

8.0

Matches multiple values with a wildcard substitution of *.

Matched multiple values with a wildcard substitution of *. In this example, 00:0c:29:8f:b2:e1,00:0c:29:8f:b2:e2,and so on.

NOT LIKE

str

Single value containing a * as a wildcard character.

ste*

7.1

Matches multiple values except those matched with a wildcard substitution of *.

Matched multiple values except those matched with a wildcard substitution of *. In this example, steve, stephen, and so on.

 

ip

Single value containing a * as a wildcard character.

10.5.6.*

7.1

Matches multiple values except those matched with a wildcard substitution of *.

Matched multiple values except those matched with a wildcard substitution of *. In this example, 10.5.6.10, 10.5.6.11, and so on.

 

ip

Single value containing a * as a wildcard character.

fe80:0000:0000:0000:7c4d:9467:fad3:479*

7.2

Matches multiple values except those matched with a wildcard substitution of *.

Matched multiple values except those matched with a wildcard substitution of *. In this example, fe80:0000:0000:0000:7c4d:9467:fad3:4791/2/3.

 

mac

Single value not containing a * as a wildcard character.

00:0c:29:8f:b2:ec

8.0

Retrieves all values but this value

Retrieves all values with this value.

 

mac

Single value containing a * as a wildcard character.

00:0c:29:8f:b2:e*

8.0

Matches multiple values except those matched with a wildcard substitution of *

Matched multiple values except those matched with a wildcard substitution of * In this example 00:0c:29:8f:b2:e1,00:0c:29:8f:b2:e2,etc

IS (renamed from BETWEEN)

num

Multiple values separated by commas (,). Supports range expression, supports negation.

87,240

7.1

Selects all the comma separated values.

Selected all comma separated values.

 

 

 

87 - 240

7.1

Selects all values in the range.

Selected all values in the range.

 

 

 

87 - 240 , ! 95 - 100

7.1

Selects all values in the range and removes those that are not in the range specified by the ! operator.

Selected all values in the range and removes those that are not in the range specified by the ! operator.

 

ip

Multiple values separated by commas (,). Supports range expression, supports negation, CIDR notation.

172.27.60.87,172.27.60.240

7.1

Selects all comma separated values.

Selected all comma separated values.

 

 

 

172.27.60.*,172.27.60.*

7.1

Selects all comma separated values by performing a like on individual IPs.

Selected all comma separated values by performing a like on individual IPs.

 

 

 

172.27.60.87 - 172.27.60.240

7.1

Selects all values in the range.

Selected all values in the range.

 

 

 

172.27.60.87 - 172.27.60.240 , !172.27.60.90 - 172.27.60.100

7.1

Selects all values in the range and removes those that are not in the range specified by the ! operator.

Selected all values in the range and removes those that are not in the range specified by the ! operator.

 

 

 

10.0.14.1/24

7.1

Selects all values in the range.

Selected all values in the range.

 

 

 

fe80::7c4d:9467:fad3:4796, fe80::7c4d:9467:fad3:4799

7.2

Selects all comma separated values.

Selected all comma separated values.

 

 

 

fe80:0000:0000:0000:7c4d:9467:fad3:478*, fe80:0000:0000:0000:7c4d:9467:fad3:479*

7.2

Selects all comma separated values by performing a like on individual IPs.

Selected all comma separated values by performing a like on individual IPs.

 

 

 

fe80::7c4d:9467:fad3:4796 - fe80::7c4d:9467:fad3:4799

7.2

Selects all values in the range.

Selected all values in the range.

 

 

 

fe80::7c4d:9467:fad3:4780-fe80::7c4d:9467:fad3:4799 , !fe80::7c4d:9467:fad3:4785 - fe80::7c4d:9467:fad3:4795

7.2

Selects all values in the range and removes those that are not in the range specified by the ! operator.

Selected all values in the range and removes those that are not in the range specified by the ! operator.

 

 

 

10.5.5.90, fe80::7c4d:9467:fad3:4799

7.2

Selects all comma separated values.

Selected all comma separated values.

 

 

 

10.5.9.*, fe80:0000:0000:0000:7c4d:9467:fad3:479*

7.2

Selects all comma separated values by performing a like on individual IPs.

Selected all comma separated values by performing a like on individual IPs.

 

 

 

10.5.9.50 - 10.5.9.100 , !fe80::7c4d:9467:fad3:4785 - fe80::7c4d:9467:fad3:4795

7.2

Selects all values in the range and removes those that are not in the range specified by the ! operator.

Selected all values in the range and removes those that are not in the range specified by the ! operator.

 

 

 

fe80:0:0:0:95c7:257c:163f:fc1c/128

7.2

Selects all values in the range.

 

 

mac

Single value without a wildcard character.

00:0c:29:8f:b2:ec

8.0

Retrieves all values with this value.

Retrieves all values with this value.

 

 

Multiple values separated with a comma (,).

00:0c:29:8f:b2:ec,00:0c:29:8f:b2:ed

8.0

Retrieves all comma separated values.

Retrieved all comma separated values.

 

 

Single value containing a * as a wildcard character.

00:0c:29:8f:b2:e*

8.0

Retrieves all records found by replacing * in the MAC.

Retrieved all records found by replacing * in the MAC. For example, 00:0c:29:8f:b2:e1,00:0c:29:8f:b2:e2,and so on.

 

 

Multiple values not containing a * as a wildcard character.

00:0c:29:8f:b1:*,00:0c:29:8f:b2:*

8.0

Retrieves all records found by replacing * in the MAC.

Retrieved all records found by replacing * in the MAC For example, 00:0c:29:8f:b1:e1,00:0c:29:8f:b2:e1,and so on.

IS NOT (renamed from NOT BETWEEN)

num

Multiple values separated with a comma (,). Supports range expression, supports negation.

87,240

7.1

Selects all values except comma separated values.

Selected all values except comma separated values.

 

 

 

87 - 240

7.1

Selects all values in the string except those in the range.

Selected all values in the string except those in the range.

 

 

 

87 - 240 , ! 95 - 100

7.1

Selects all values not in the range and adds those that are in the range specified by the ! operator.

Selected all values not in the range and adds those that are in the range specified by the ! operator.

 

ip

Multiple values separated by commas (,). Supports range expression, supports negation.

172.27.60.87,172.27.60.240

7.1

Selects all values except comma separated values.

Selected all values except comma separated values.

 

 

 

172.27.60.*,172.27.60.*

7.1

Selects all values except comma separated values by performing a like on individual IPs.

Selected all values except comma separated values by performing a like on individual IPs.

 

 

 

172.27.60.87 - 172.27.60.240

7.1

Selects all values in the string except those in the range.

Selected all values in the string except those in the range.

 

 

 

172.27.60.87 - 172.27.60.240 , !172.27.60.90 - 172.27.60.100

7.1

Selects all values not in the range and adds those that are in the range specified by the ! operator.

Selected all values not in the range and adds those that are in the range specified by the ! operator.

 

 

 

10.0.14.1/24

7.1

Selects all values not in the range.

Selected all values not in the range.

 

 

 

fe80::7c4d:9467:fad3:4796, fe80::7c4d:9467:fad3:4799

7.2

Selects all values except comma separated values.

Selected all values except comma separated values.

 

 

 

fe80:0000:0000:0000:7c4d:9467:fad3:478*, fe80:0000:0000:0000:7c4d:9467:fad3:479*

7.2

Selects all values except comma separated values by performing a like on individual IPs.

Selected all values except comma separated values by performing a like on individual IPs.

 

 

 

fe80::7c4d:9467:fad3:4796 - fe80::7c4d:9467:fad3:4799

7.2

Selects all values except values in the range.

Selected all values except values in the range.

 

 

 

fe80::7c4d:9467:fad3:4780-fe80::7c4d:9467:fad3:4799 , !fe80::7c4d:9467:fad3:4785 - fe80::7c4d:9467:fad3:4795

7.2

Selects all values except values in the range and adds those that are in the range specified by the ! operator.

Selected all values not in the range and adds those that are in the range specified by the ! operator.

 

 

 

10.5.5.90, fe80::7c4d:9467:fad3:4799"

7.2

Selects all values but comma separated values.

Selected all values except comma separated values.

 

 

 

10.5.9.*, fe80:0000:0000:0000:7c4d:9467:fad3:479*

7.2

Selects all values except comma separated values by performing a like on individual IPs.

Selected all values except comma separated values by performing a like on individual IPs.

 

 

 

10.5.9.50 - 10.5.9.100 , !fe80::7c4d:9467:fad3:4785 - fe80::7c4d:9467:fad3:4795

7.2

Selects all values except values in the range and adds those that are in the range specified by the ! operator.

Selected all values not in the range and adds those that are in the range specified by the ! operator.

 

mac

Single value without a wildcard character.

00:0c:29:8f:b2:ec

8.0

Retrieves all values except those with this value.

Retrieves all values except those with this value.

 

 

Multiple values separated with a comma (,).

00:0c:29:8f:b2:ec,00:0c:29:8f:b2:ed

8.0

Retrieves all records except records with these comma separated value MACs.

Retrieved all records except records with these comma separated value MACs.

 

 

Single value containing a * as a wildcard character.

00:0c:29:8f:b2:e*

8.0

Retrieves all records except those found by replacing * in the MAC.

Retrieved all records except those found by replacing * in the MAC. For example, 00:0c:29:8f:b2:e1,00:0c:29:8f:b2:e2,etc

 

 

Multiple values not containing a * as a wildcard character.

00:0c:29:8f:b1:*,00:0c:29:8f:b2:*

8.0

Retrieves all records except those found by replacing * in the MAC.

Retrieved all records except those found by replacing * in the MAC. For example, 00:0c:29:8f:b1:e1,00:0c:29:8f:b2:e1,and so on.

 

Filter and data types

Filter type

Data type

Appliance Name

STRING

Appliance Serial

STRING

Application

STRING

Application Category

STRING

Application IP

IP

Blocked

STRING

Category

STRING

Dst Interface

STRING

Dst Port

NUM

Full URL

STRING

Fw Action

STRING

ID=Message ID

STRING

Initiator Country

STRING

Initiator Host

STRING

Initiator IP

IP

Initiator Port

NUM

Interface

STRING

Match

STRING

Policy

STRING

Priority

STRING

Reason

STRING

Responder Country

STRING

Responder Host

STRING

Responder IP

IP

Service

STRING

Service

STRING

Sess

STRING

Signature

STRING

Site IP

IP

Site Name

STRING

Src Interface

STRING

Src Port

NUM

Target Country

STRING

Target Host

STRING

Target IP

IP

Target Port

NUM

URL

STRING

User

STRING

VPN Policy

STRING

Initiator MAC

MAC

Responder MAC

MAC

Target MAC

MAC

GMS Best Practices

This appendix contains the following sections:

Security Status

Feature

Instantly know your node’s security status by using the SonicWall™ Global Management System (GMS) Dashboard.

The Dashboard allows you to monitor your entire firewall network at-a-glance.

Best Practices

As the following image shows, customize your Dashboard to include components such as security alerts, threat posturing, data usage, application usage, firewall status, as well as any external RSS websites that might interest you.

For more information, see Using the Dashboard tab.

Backup Utilities

Feature

Stop losing hours of work and months of data using the GMS backup utility.

The Backup/Restore utility helps retain firewall configuration settings and historical data in the event of a catastrophe, potentially saving hours of work and months of priceless information.

Best Practices

As shown in the following image, create a daily schedule of Basic Backups for all your firewall and GMS settings, as well as weekly Application Backups of your GMS database content, firewall firmware images, and daily backup items. You can also schedule monthly Complete Backups of your entire firewall syslog history, reports generated to date, and weekly and daily backup items.

 

For more information, see Scheduled Backup Settings.

Change View

Feature

Efficiently manage and informatively report on firewalls with Change View by clicking the Change View icon located at the top left of the button bar.

The Change View feature allows you to logically group your firewalls for ease-of-management and informative summary reporting.

Best Practices

Use the default views pre-defined by hardware model, firmware release, alphabetically. Add custom views such as a company name, a geographical location, or any other criteria that makes managing and reporting on groups of firewalls more efficient for your needs.

For more information, see Changing Views.

Role-based User Access

Feature

Precisely govern user privileges using Role-based User Access.

Role-based Access allows screen-by-screen privileges for any number of GMS User roles, ranging from the SuperAdmin to the standard user who can view only one report.

Best Practices
Create categories of user roles such as Admins, Operators, and Guest Users.
Assign unit permissions for firewalls in Change View (see Change View) to categories of user roles.
Assign Action Permissions to categories of user roles (such as Add Unit, Delete Unit, Manage Views, Show Dashboard, Enable CLI, and Webservices).
Assign a schedule and/or an expiration that the account is enabled. There is no practical limit to the number of users you can create, each with over 5 x10128 combinations of administrative privileges.

For more information, see Users.

Workflow

Feature

Eliminate security policy errors with Workflow.

Workflow is a change management feature that enforces and automates the process of validating logic while enforcing the approval of the security policy before it can be configured on the firewall.

Best Practices

Enable Change Order management for tracking all firewall policy changes and color-code them for an easy-to-read visual comparison and a validation of the policy's logic through GMS. Change management logs the user who made the change, what the change was, and when it was made.

Enable Approval management to have others review and approve proposed changes. Approval management logs who made the change, what the change was, who approved the change, why the change was made, and when it was made.

For more information, see Introduction to Workflow and Change Management.

Report Panel Customization

Feature

See usage and threat patterns and conduct forensic investigations by customizing the output of the Report panel.

The GMS Reporting feature includes over 70 pre-defined “one-click” reports, each customizable by date range, filtering criteria, and live link drill-down options.

Best Practices
Specify the time range of the report of interest to narrow the event (for example, Custom).
Choose the number rows to see the “top” occurrences (such as 20).
Use the GMS Filter Bar parameters and operators to narrow the report results (such as Intrusion LIKE QuickTime).
Use the GMS buttons to Save, Schedule Report, Export to PDF, and Export to CSV to repeat the customized report and create soft copies for offline analysis and distribution.

For more information, see Managing Firewall Reports.

Universal Scheduled Reports

Feature

Get regular security and compliance assurances using automated Universal Scheduled Reports.

The Universal Schedule Report feature enables you to schedule any of the 70+ pre-defined reports, as well as your own custom reports, or compliance reports for PCI, HIPAA, and SOX.

Best Practices
Customize your report with a meaningful title on the cover sheet (such as Report Content and Firewall(s)).
Add an appropriate logo (for example, a company or client name).
Optimize performance by running reports on separate schedules (10 or fewer firewalls per schedule, 10 or fewer reports per firewall), or 10 or fewer rows per report).

For more information, see Using the Universal Scheduled Reports Application.

Alert Settings

Feature

Perform realtime monitoring of your security infrastructure using automated Alerts.

The Alert Settings feature proactively sends alerts for urgent status updates such as firewall down, WAN down, high CPU utilization, high bandwidth utilization, disk quota, and customized criteria such as threat events.

Best Practices:
Enable all of the default Alert Settings: Unit Status Report, Database Info, New Firmware Availability, and so on.
Customize Threshold and Alert Settings to suit your organization's need for realtime notification of network security events.

For more information, see Adding Alerts.

Registration and Upgrades

Feature

Manage your entire inventory of network firewall licenses using Registration/Upgrades.

The Registration/Upgrades feature uses a single screen, searchable view of licensing for the entire firewall network.

Best Practices
Filter views by the Security Service name, Subscription type, or the Expiration Date.
Synchronize licenses with www.MySonicWall.com without having to individually log in to each firewall.
Upgrade the firmware on firewalls using an image from www.MySonicWall.com or an image file stored locally on GMS.
Save money on AV clients and VPN client licenses by sharing them amongst firewalls within a GMS License Sharing Group.
Create hard copies or .PDF copies of your license inventory.

For more information, see Registering and Upgrading SonicWall Firewall Appliances.

Administrator Passwords

Feature

Restrict local administrator access to a firewall by having GMS generate a new, random password for the firewall using the firewall Policies > System > Administrator screen.

Best Practices

Change the firewall administrator password immediately after the firewall has been acquired by GMS by leaving the password fields empty so that GMS generates a random password. Only authorized GMS users with assigned privileges to the unit are able to make changes to the firewall.

For more information, see Configuring Administrator Settings.

 

License Agreements

You can view the End User License Agreement and all Third-Party Product Licenses in the Console > Help > About screen of the SonicWall™ Global Management System (GMS) user interface.

This appendix details the following licensing agreements:

End User Software License Agreement

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SONICWALL PRODUCT. BY INSTALLING OR USING THE SONICWALL PRODUCT, YOU (AS THE CUSTOMER, OR IF NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) INDICATE ACCEPTANCE OF AND AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT FOR AND ON BEHALF OF THE CUSTOMER. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, THEN DO NOT USE THE PRODUCT AND RETURN IT TO THE PLACE OF PURCHASE WITH PROOF OF PURCHASE WITHIN THIRTY (30) DAYS OF PURCHASE FOR A REFUND. IF YOU DO PROCEED TO INSTALL OR USE THE SONICWALL PRODUCT, YOU WILL HAVE INDICATED ACCEPTANCE AND AGREEMENT WITH THE TERMS AND CONDITIONS HEREIN. NOTWITHSTANDING THE FOREGOING, THIS AGREEMENT SHALL NOT SUPERSEDE ANY OTHER SIGNED AGREEMENT BETWEEN YOU AND SONICWALL THAT EXPRESSLY GOVERNS USE OF THE SONICWALL PRODUCT. IN INSTANCES WHERE YOU PURCHASE THROUGH A RESELLER OR DISTRIBUTOR, FINAL PRICES AND TERMS AND CONDITIONS OF SALE, INCLUDING WITHOUT LIMITATION ANY TERMS REGARDING PAYMENT OR RETURNS, WILL BE AS AGREED BETWEEN YOU AND THE THIRD PARTY FROM WHICH YOU MAKE SUCH PURCHASES; HOWEVER, THE TERMS SET FORTH HEREIN REGARDING YOUR USE OF THE SOFTWARE REMAIN APPLICABLE.

“Product” means the SonicWall labeled hardware and related documentation (“Hardware”) and/or proprietary SonicWall labeled software, firmware and related documentation (“Software”) purchased by you (“Customer” or “you”) either directly from SonicWall or a Reseller. “Services” means the Support Services described below and any other services provided with or for the Products directly by SonicWall or its agents. “Reseller” shall mean those entities to which SonicWall or SonicWall’s authorized distributors distribute the Products for resale to end users. Except as otherwise agreed upon by the parties, this Agreement will also cover any updates and upgrades to the Products provided to Customer by SonicWall directly or through a Reseller (except as might be otherwise indicated, such updates and upgrades shall be deemed Products).

1
LICENSE(S) AND RESTRICTIONS
a
Licenses—Subject to the terms and conditions of this Agreement, SonicWall grants to Customer, and Customer accepts from SonicWall, a nonexclusive, non-transferable (except as otherwise set forth herein) and non-sublicensable license (“License”) to: (i) execute and use the Software on the Hardware with which the Software is provided (pre-installed) in accordance with the applicable Documentation; and, (ii) for Software provided in standalone form (without Hardware), install, execute and use the Software on the Hardware or hardware device(s) on which it is intended to be used in accordance with the applicable Documentation and the License purchased. If Customer purchased multiple copies of standalone Software, Customer’s License to such standalone Software includes the right to install, use and execute up to the number of copies of Software Licenses purchased.

In addition, the License includes the right to (x) make a reasonable number of additional copies of the Software to be used solely for non-productive archival purposes, and (y) make and use copies of the end user documentation for Hardware and/or Software provided with the Products (“Documentation”) as reasonably necessary to support Customer’s authorized users in their use of the Products.

b
License Limitations—Order acknowledgments, Documentation and/or the particular type of the Products/Licenses purchased by Customer might specify limits on Customer’s use of the Software, and which limits apply to the License(s) granted hereunder for such Software. Such limits might consist of limiting the number of copies of the Software, the term of the License, or the number or amount of nodes, storage space, sessions, calls, users, subscribers, clusters, devices, ports, bandwidth, throughput or other elements, and/or require the purchase of separate Licenses to use or obtain particular features, functionalities, services, applications or other items. Use of the Software shall be subject to all such limitations.
c
For Customer’s Internal Business—Each License shall be used by Customer solely to manage its own internal business operations as well as the business operations of its Affiliates. Notwithstanding the foregoing, if Customer is in the regular business of providing firewall, VPN or security management for a fee to entities that are not its Affiliates (“MSP Customers”), Customer may use the Products for its MSP Customers provided that either (i) Customer, and not MSP Customers, maintain control and possession of the Products, and (ii) MSP Customers do not use the Software. If MSP Customers have possession and/or control of Products in whole or in part, this Agreement must be provided to MSP Customers and they must agree that their use of the Products is subject to the terms and conditions of this Agreement. Customer will not provide, make available to, or permit use of the Software in whole or in part by, any third party, including MSP Customers and contractors, without SonicWall's prior written consent, unless such use by the third party is solely on Customer’s behalf, is strictly in compliance with the terms and conditions of this Agreement, and Customer is liable for any breach of this Agreement by such third party. Customer agrees to indemnify and hold SonicWall harmless from and against any claims by MSP Customers against SonicWall relating to the Products and/or Customer’s services for MSP Customers. “Affiliate” means any legal entity controlled by a party to this Agreement, but only for so long as such control relationship exists.
d
Evaluation License—If the Software is provided by SonicWall or a Reseller at no charge for evaluation purposes, then Section 1(a) above shall not apply to such Software and instead Customer is granted a non-production License to use such Software and the associated documentation solely for Customer’s own internal evaluation purposes for an evaluation period of up to thirty (30) days from the date of delivery of the Software, plus any extensions granted by SonicWall in writing (the “Evaluation Period”). There is no fee for Customer’s use of the Software for nonproduction evaluation purposes during the Evaluation Period, however, Customer is responsible for any applicable shipping charges or taxes which may be incurred, and any fees which may be associated with usage beyond the scope permitted herein. NOTWITHSTANDING ANYTHING OTHERWISE SET FORTH IN THIS AGREEMENT, CUSTOMER UNDERSTANDS AND AGREES THAT EVALUATION SOFTWARE IS PROVIDED “AS IS” AND THAT SONICWALL DOES NOT PROVIDE A WARRANTY OR MAINTENANCE SERVICES FOR EVALUATION LICENSES, AND SONICWALL BEARS NO LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES RESULTING FROM USE (OR ATTEMPTED USE) OF THE EVALUATION SOFTWARE THROUGH AND AFTER THE EVALUATION PERIOD AND HAS NO DUTY TO PROVIDE SUPPORT TO CUSTOMER.
e
Restrictions—Customer may not (i) modify, translate, localize, adapt, rent, lease, loan, create or prepare derivative works of, or create a patent based on the Software or any part thereof, (ii) make copies except as expressly authorized under this Agreement, (iii) copy the Software onto any public or distributed network, (iv) modify or resell the Software, use the Software in connection with the operation of any nuclear facilities, or use for purposes which are competitive to SonicWall, or (v) except as expressly authorized in Section 2(c) above, operate the Software for use in any time-sharing, outsourcing, service bureau or application service provider type environment. Unless and except to the extent authorized in the applicable Documentation, Software provided with and/or as the Product, in part or whole, is licensed for use only in accordance with the Documentation as part of the Product, and Software components making up a Product may not be separated from, nor used on a separate or standalone basis from the Product. Each permitted copy of the Software and Documentation made by Customer hereunder must contain all titles, trademarks, copyrights and restricted rights notices as in the original. Customer understands and agrees that the Products may work in conjunction with third party products and Customer agrees to be responsible for ensuring that it is properly licensed to use such third party products. Any Software provided in object code form is licensed hereunder only in object code form. Except to the extent allowed by applicable law if located in the European Union, and then only with prior written notice to SonicWall, Customer shall not disassemble, decompile or reverse engineer the Software in whole or in part or authorize others to do so. Customer agrees not to use the Software to perform comparisons or other “benchmarking” activities, either alone or in connection with any other software or service, without SonicWall’s written permission; or publish any such performance information or comparisons.
f
Third Party Software—There may be certain third party owned software provided along with, or incorporated within, the Products (“Third Party Software”). Except as set forth below, such Third Party Software shall be considered Software governed by the terms and conditions of this Agreement. However, some Products may contain other Third Party Software that is provided with a separate license agreement, in which case such Third Party Software will be governed exclusively by such separate license agreement (“Third Party License”) and not this Agreement. Any such Third Party Software that is governed by a Third Party License, and not this Agreement, will be identified on the applicable Product page on SonicWall’s website and/or in a file provided with the Product. Except as SonicWall may otherwise inform Customer in writing, the Third Party License gives Customer at least the license rights granted above, and may provide additional license rights as to the Third Party Software, but only with respect to the particular Third Party Software to which the Third Party License applies. SUCH THIRD PARTY SOFTWARE UNDER A THIRD PARTY LICENSE IS PROVIDED WITHOUT ANY WARRANTY FROM SONICWALL AND ITS SUPPLIERS, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. Notwithstanding the foregoing, SonicWall shall honor its warranty, maintenance and support obligations in respect to the SonicWall Products regardless of whether the warranty, maintenance or support issue is caused in whole or in part by the Third Party Software provided by SonicWall with the Product.
g
Updates/Upgrades—If Customer purchases or otherwise is eligible to receive a Software update or upgrade, you must be properly licensed to use the Product identified by SonicWall as being eligible for the update/upgrade in order to install and use the Software update/upgrade. A Software update/ upgrade replaces and/or supplements the Software Product that formed the basis for your eligibility for the update/upgrade, and does not provide you an additional License (copy) of the Software to use separately from the Software Product to be updated/upgraded. You may use the resulting updated/upgraded Product only in accordance with the terms of this Agreement.
h
Activation Keys May Expire—Certain Products, including Security Services that provide regular ongoing updates for Software (e.g., Security Service consisting of anti-virus signature updates), may come with an activation key or license key (a key that must be entered to activate the Product, “Activation Key”). If the Activation Key for a Product is not activated within five (5) years from the date of issuance by SonicWall, such Activation Key(s) may expire and no longer activate the Product. Products that come with an expiring Activation Key will operate for the contracted term of the License (or purchased Security Service), so long as the Activation Key is activated within five (5) years from SonicWall’s date of issuance.
2
OWNERSHIP

SonicWall and its licensors are the sole and exclusive owners of the Software, and all underlying intellectual property rights in the Hardware. All rights not expressly granted to Customer are reserved by SonicWall and its licensors.

3
TERMINATION OF LICENSE(S)

All licenses to the Software hereunder shall terminate if Customer fails to comply with any of the provisions of this Agreement and does not remedy such breach within thirty (30) days after receiving written notice from SonicWall. Customer agrees upon termination to immediately cease using the Software and to destroy all copies of the Software which may have been provided or created hereunder.

4
SUPPORT SERVICES

SonicWall’s current Support Service offerings (“Support Services”) and the terms and conditions applicable to such Support Services are set forth in SonicWall’s Support Services Terms located http://www.sonicwall.com/us/support/Services.html and are incorporated herein by reference. Support Services may require an additional fee. Unless otherwise agreed to in writing, SonicWall’s Support Services are subject to SonicWall’s Support Services Terms which are in effect at the time the Support Services are purchased by Customer, and these terms and conditions will be incorporated herein by reference at that time. SonicWall reserves the right to change the Support Services Terms from time to time by posting such changes on its website, which shall apply to any Support Services purchased on or after the date of such posting.

5
SONICWALL WARRANTY
a
Warranty—SonicWall warrants to Customer (original purchaser Customer only) that for the applicable warranty period (“Warranty Period”) the Hardware will be free from any material defects in materials or workmanship and the Software, if any, will substantially conform to the Documentation applicable to the Software and the License purchased (“Limited Warranty”). Except as may indicated otherwise in writing by SonicWall, the Warranty Period for Hardware is one year from the date of registration of the Hardware Product (or if sooner, seven days after initial delivery of the Hardware Product to Customer), and the applicable warranty period for Software is ninety days from the date of registration of the Software Product (or if sooner, seven days after initial delivery/download) of the Software Product to/by Customer. SonicWall does not warrant that use of the Product(s) will be uninterrupted or error free nor that SonicWall will correct all errors. The Limited Warranty shall not apply to any non-conformance (i) that SonicWall cannot recreate after exercising commercially reasonable efforts to attempt to do so; (ii) caused by misuse of the Product or by using the Product in a manner that is inconsistent with this Agreement or the Documentation; (iii) arising from the modification of the Products by anyone other than SonicWall; or (iv) caused by any problem or error in third party software or hardware not provided by SonicWall with the Product regardless of whether or not the SonicWall Product is designed to operate with such third party software or hardware. SonicWall's sole obligation and Customer's sole and exclusive remedy under any express or implied warranties hereunder shall be for SonicWall to use commercially reasonable efforts to provide error corrections and/or, if applicable, repair or replace parts in accordance with SonicWall’s Support Services Terms. Customer shall have no rights or remedies under this Limited Warranty unless SonicWall receives Customer’s detailed written warranty claim within the applicable warranty period.
b
Disclaimer—EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH ABOVE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW SONICWALL HEREBY DISCLAIMS ON BEHALF OF ITSELF, ITS SUPPLIERS, DISTRIBUTORS AND RESELLERS ALL WARRANTIES, EXPRESS, STATUTORY AND IMPLIED, APPLICABLE TO THE PRODUCTS, SERVICES AND/OR THE SUBJECT MATTER OF THIS AGREEMENT, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE.
6
LIMITATION OF LIABILITY

The Products are not designed, manufactured, authorized or warranted to be suitable for use in any system where a failure of such system could result in a situation that threatens the safety of human life, including without limitation any such medical, life support, aviation or nuclear applications. Any such use and subsequent liabilities that may arise from such use are totally the responsibility of Customer, and all liability of SonicWall, whether in contract, tort (including without limitation negligence) or otherwise in relation to the same is excluded. Customer shall be responsible for mirroring its data, for backing it up frequently and regularly, and for taking all reasonable precautions to prevent data loss or corruption. SonicWall shall not be responsible for any system downtime, loss or corruption of data or loss of production. NOTWITHSTANDING ANYTHING ELSE IN THIS AGREEMENT OR OTHERWISE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL SONICWALL, ITS SUPPLIERS, DISTRIBUTORS OR RESELLERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, LOST OR CORRUPTED DATA, LOST PROFITS OR SAVINGS, LOSS OF BUSINESS, REPUTATION, GOODWILL OR OTHER ECONOMIC LOSS OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE PRODUCTS OR THE SERVICES, WHETHER OR NOT BASED ON TORT, CONTRACT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT SONICWALL HAS BEEN ADVISED OR KNEW OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SONICWALL'S MAXIMUM LIABILITY TO CUSTOMER ARISING FROM OR RELATING TO THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNTS RECEIVED BY SONICWALL FOR THE PRODUCTS AND THE SERVICES PURCHASED BY CUSTOMER, PROVIDED THAT WHERE ANY CLAIM AGAINST SONICWALL RELATES TO PARTICULAR PRODUCTS AND/OR SERVICES, SONICWALL'S MAXIMUM LIABILITY SHALL BE LIMITED TO THE AGGREGATE AMOUNT RECEIVED BY SONICWALL IN RESPECT OF THE PRODUCTS AND/OR SERVICES PURCHASED BY CUSTOMER AFFECTED BY THE MATTER GIVING RISE TO THE CLAIM. (FOR MAINTENANCE SERVICES OR A PRODUCT SUBJECT TO RECURRING FEES, THE LIABILITY SHALL NOT EXCEED THE AMOUNT RECEIVED BY SONICWALL FOR SUCH MAINTENANCE SERVICE OR PRODUCT PURCHASED BY CUSTOMER DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM).

CUSTOMER EXPRESSLY AGREES TO THE ALLOCATION OF LIABILITY SET FORTH IN THIS SECTION, AND ACKNOWLEDGES THAT WITHOUT ITS AGREEMENT TO THESE LIMITATIONS, THE PRICES CHARGED FOR THE PRODUCTS AND SERVICES WOULD BE HIGHER.

7
GOVERNMENT RESTRICTIONS

Customer agrees that the Products provided under this Agreement, which may include technology and encryption, are subject to the customs and export control laws and regulations of the United States, may be rendered or performed either in the U.S., in countries outside the U.S., or outside of the borders of the country in which Customer or Customer’s system is located, and may also be subject to the customs and export laws and regulations of the country in which the Products are rendered or received. Customer agrees to abide by those laws and regulations. Customer agrees that it will not export or re-export the Products without SonicWall's prior written consent, and then only in compliance with all requirements of applicable law, including but not limited to U.S. export control regulations. Customer has the responsibility to obtain any required licenses to export, re-export or import the Products. Customer shall defend, indemnify and hold SonicWall and its suppliers harmless from any claims arising out of Customer’s violation of any export control laws relating to any exporting of the Products. By accepting this Agreement and receiving the Products, Customer confirms that it and its employees and agents who may access the Products are not listed on any governmental export exclusion lists and will not export or re-export the Products to any country embargoed by the U.S. or to any specially denied national (SDN) or denied entity identified by the U.S. Applicable export restrictions and exclusions are available at the official web site of the U.S. Department of Commerce Bureau of Industry and Security (www.bis.doc.gov). For purchase by U.S. governmental entities, the technical data and computer software in the Products are commercial technical data and commercial computer software as subject to FAR Sections 12.211, 12.212, 27.405-3 and DFARS Section 227.7202. The rights to use the Products and the underlying commercial technical data and computer software is limited to those rights customarily provided to the public purchasers as set forth in this Agreement. The Software and accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, modification, reproduction, release, performance, display or disclosure of the Software and accompanying Documentation by the United States Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement.

8
GENERAL
a
Governing Law and Venue—This Agreement shall be governed by and construed in accordance with the laws of the State of California, without giving effect to any conflict of laws principles that would require the application of laws of a different state. The parties agree that neither the United Nations Convention on Contracts for the International Sale of Goods, nor the Uniform Computer Information Transaction Act (UCITA) shall apply to this Agreement, regardless of the states in which the parties do business or are incorporated. Any action seeking enforcement of this Agreement or any provision hereof shall be brought exclusively in the state or federal courts located in the County of Santa Clara, State of California, United States of America. Each party hereby agrees to submit to the jurisdiction of such courts. Notwithstanding the foregoing, SonicWall is entitled to seek immediate injunctive relief in any jurisdiction in the event of any alleged breach of Section 1 and/or to otherwise protect its intellectual property.
b
Assignment—Except as otherwise set forth herein, Customer shall not, in whole or part, assign or transfer any part of this Agreement or any rights hereunder without the prior written consent of SonicWall. Any attempted transfer or assignment by Customer that is not permitted by this Agreement shall be null and void. Any transfer/assignment of a License that is permitted hereunder shall require the assignment/transfer of all copies of the applicable Software along with a copy of this Agreement, the assignee must agree to all terms and conditions of this Agreement as a condition of the assignment/transfer, and the License(s) held by the transferor Customer shall terminate upon any such transfer/assignment.
c
Severability—If any provision of this Agreement shall be held by a court of competent jurisdiction to be contrary to law, such provision will be enforced to the maximum extent permissible and the remaining provisions of this Agreement will remain in full force and effect.
d
Privacy Policy—Customer hereby acknowledges and agrees that SonicWall’s performance of this Agreement may require SonicWall to process or store personal data of Customer, its employees and Affiliates, and to transmit such data within SonicWall or to SonicWall Affiliates, partners and/or agents. Such processing, storage, and transmission may be used for the purpose of enabling SonicWall to perform its obligations under this Agreement, and as described in SonicWall’s Privacy Policy (www.SonicWall.com/us/Privacy_Policy.html, “Privacy Policy”) and may take place in any of the countries in which SonicWall and its Affiliates conduct business. SonicWall reserves the right to change the Privacy Policy from time to time as described in the Privacy Policy.
e
Notices—All notices provided hereunder shall be in writing, delivered personally, or sent by internationally recognized express courier service (e.g., Federal Express), addressed to the legal department of the respective party or to such other address as may be specified in writing by either of the parties to the other in accordance with this Section.
f
Disclosure of Customer Status—SonicWall may include Customer in its listing of customers and, upon written consent by Customer, announce Customer's selection of SonicWall in its marketing communications.
g
Waiver—Performance of any obligation required by a party hereunder may be waived only by a written waiver signed by an authorized representative of the other party, which waiver shall be effective only with respect to the specific obligation described therein. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.
h
Force Majeure—Each party will be excused from performance for any period during which, and to the extent that, it is prevented from performing any obligation or service as a result of causes beyond its reasonable control, and without its fault or negligence, including without limitation, acts of God, strikes, lockouts, riots, acts of war, epidemics, communication line failures, and power failures.
i
Audit—Customer shall maintain accurate records to verify compliance with this Agreement. Upon request by SonicWall, Customer shall furnish (a copy of) such records to SonicWall and certify its compliance with this Agreement.
j
Headings—Headings in this Agreement are for convenience only and do not affect the meaning or interpretation of this Agreement. This Agreement will not be construed either in favor of or against one party or the other, but rather in accordance with its fair meaning. When the term “including” is used in this Agreement it will be construed in each case to mean “including, but not limited to.”
k
Entire Agreement—This Agreement is intended by the parties as a final expression of their agreement with respect to the subject matter hereof and may not be contradicted by evidence of any prior or contemporaneous agreement unless such agreement is signed by both parties. In the absence of such an agreement, this Agreement shall constitute the complete and exclusive statement of the terms and conditions and no extrinsic evidence whatsoever may be introduced in any judicial proceeding that may involve the Agreement. This Agreement represents the complete agreement and understanding of the parties with respect to the subject matter herein. This Agreement may be modified only through a written instrument signed by both parties.

 

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://support.sonicwall.com.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the Support Portal provides direct access to product support engineers through an online Service Request system.

The Support Portal enables you to:

View knowledge base articles and technical documentation
Download software
View video tutorials
Collaborate with peers and experts in user forums
Get licensing assistance
Access MySonicWall
Learn about SonicWall professional services
Register for training and certification

To contact SonicWall Support, refer to https://support.sonicwall.com/contact-support.

To view the SonicWall End User Product Agreement (EUPA), see https://www.sonicwall.com/legal/eupa.aspx. Select the language based on your geographic location to see the EUPA that applies to your region.