en-US
search-icon

GMS 8.3 Admin Guide

UMH

UMH System Settings

This describes how to configure the system settings that are available on the SonicWall™ Global Management System (GMS) UMH system pages.

* 
NOTE: GMS provides the “UMH” or “UMA” (/appliance) system interface in GMS Software and Virtual Appliance deployments. The switch icon is used to toggle between application and system interfaces.

This includes the following:

Status

This section describes the UMH System > Status page, used to view general status of the appliance hardware and licensed firmware.

The UMH System > Status page is shown in the following figure:

This page identifies the following specifications:

 

Specifications

Item

Usage

Name

Displays the user-friendly name of the system.

Serial Number

Displays the system identification number.

Version

Displays current firmware version and date.

License

Displays the Global Management System or ViewPoint license status.

Role

Displays configuration set in the
Deployment > Roles section of the user interface.

Host Name / IP

Displays the system host name (for example, an FQDN such as mysystem.myhost.com) and IP address. This field can display IPv4 and IPv6 addresses.

Current Time

Displays the current date and time, based on your localized time zone settings

Operating System

Displays the system’s currently loaded operating system.

CPU

Displays basic specifications (speed and number of cores) for the system’s processor.

RAM

Displays amount of random access memory (RAM) installed on the system.

Available Disk Space

Displays free space and total space, in gigabytes.

Licenses

This section describes the UMH System > Licenses page, used to view and manage GMS and ViewPoint licenses.

The UMH System > Licenses page is shown in the following figure:

This page identifies the following specifications:

 

Specifications

Item

Usage

Security Service

The current license type based on product registration and serial number.

Support Service

The available SonicWall support types based on product registration and serial number.

Status

License status. If unlicensed, you must purchase a license or register your product or appliance.

Count

Number of valid licenses.

Expiration

Expiration date of your current license.

In addition, you might also use the buttons on this screen to:

Manage Licenses through your MySonicWall.com account
Refresh Licenses by connecting with the SonicWall licensing server
Upload Licenses if no external network connection is available

Time

This section describes the Virtual Appliance System > Time page, used to view and manage the appliance date/time settings. This page is only available on the Virtual Appliance.

This page allows the administrator to set the following time and date settings:

Time in Hours/Minutes/Seconds
Date in Month / Day / Year
Time Zone from standard international time zones or coordinated universal time (UTC) for deployments spanning multiple time zones.
Set time automatically using NTP might be selected for auto-updated time using standard time servers. Selecting this option causes the system to automatically adjust for daylight savings time in time zones that recognize DST.

Click Add NTP Server to add an NTP server. The added servers are displayed in the list. Up to 5 NTP servers can be added.

To remove an NTP server from the list, click the Delete icon next to it.

Administration

This section describes the UMH System > Administration page, used to manage basic administrative settings.

The UMH System > Administration page is shown in the following figure:

This page provides the following functions:

 

Functions 

Item

Usage

Host Settings

 

Inactivity Timeout

Number of minutes before an administrator is forcefully logged out of the user interface. Entering a value of -1 allows the account to remain logged in until the appliance is power cycled. Ensure that your console is in a secure location as this setting can expose your system to potential physical security issues. The default value is 10 minutes.

Enhanced Security Access (ESA)

 

Enforce Password Security

Check this box to enforce the password security settings in the following boxes.

Number of failed login attempts before user can be locked out

Number of tries a user has to enter the correct password before being locked out of the system for a specified time. Default is 6.

User lockout minutes

Time specified for locking a user out after the user has failed to correctly log in the specified number of times. Default is 30 minutes.

Number of days to force password change

Number of days before a user is forced to change his or her password. Default is 90 days.

Administrator Password

 

Administrator Name

Default administrator login name, admin.

Current Password

The current password for the admin account.

New Password

The new password for the admin account.

Confirm Password

The new password for the admin account.

To change the administrator password, enter the Current Password in the appropriate field, and then enter a New Password and confirm that password.

Click Update when you are finished making changes. Click Reset to return to default settings.

Settings

This section describes the UMH System > Settings page, used to manage manual software or firmware upgrades and, on the appliance, reinitialization of factory default settings.

The UMH System > Settings page is shown in the following figure:

On the UMH, this page displays the current version of SonicWall GMS running on the system, and provides a link to click for the history of upgrades on this system.

This page also allows the administrator to:

Upload a SonicWall GMS Firmware Upgrade, Service Pack, or Hotfix by uploading a valid software image from your local drive. After uploading the software, click Apply to reboot the system with the new version.
Reinitialize an appliance back to the original factory default settings. Click Reinitalize to begin the process.

Diagnostics

The UMH System > Diagnostics page is used to set the log debug level, test connectivity to servers, and download system/log files.

This page provides the following diagnostic capabilities:

Debug Log Settings – Set the System Debug Level by selecting a value from the pull-down list. Select 0 for no debug information in the logs, 1 or 2 for more debug information, and 3 for maximum debug information. Click Update to apply your changes, or click Reset to return to the default setting of 3.
Test Connectivity – Select one of the following options and then click Test to test connectivity:
Database Connectivity – Test connectivity using the database parameters configured on the Deployment > Roles page.
License Manager Connectivity – Test connectivity with the host name that you type into the License Manager Host field.
SMTP Server Connectivity – Test connectivity using the SMTP server displayed here. The SMTP server is configured on the Deployment > Settings page.
Ping – Enter the Hostname or IP Address of the server to ping. This field can accept/display IPv4 and IPv6 addresses.
Probe Test – Enter the Hostname or IP Address of the server to probe. This field can accept/display IPv4 and IPv6 addresses. The port to use can be specified after the Hostname, separated by a colon. Use square brackets to enclose an IPv6 address when the port number is also specified.
For Example: [2604:b00:a:2:0:1:df96:c605]:1234
Download System/Log Files – In this section you can generate a Technical Support Report (TSR), view or search log files, and export archived log tables.
For information about generating a TSR see Technical Support Report.
For information about viewing and searching log files, see Logs.
Export Logs – Click this button to export the selected system/log files.

Technical Support Report

The Tech Support Report generates a detailed report of the SonicWall security appliance configuration and status, and saves it to the local hard disk using Export Reports. This file can then be e-mailed to SonicWall Technical Support to help assist with a problem.

* 
TIP: You must register your SonicWall security appliance on mysonicwall.com to receive technical support.

Before e-mailing the Tech Support Report to the SonicWall Technical Support team, complete a Tech Support Request Form at https://www.mysonicwall.com. After the form is submitted, a unique case number is returned. Include this case number in all correspondence, as it allows SonicWall Technical Support to provide you with better service.

Logs

The Logs check box and selection screen allows for the selection of one or more application or system logs. Within the log list, you can select multiple logs using the Ctrl key and search log titles using the Search Filter field.

The Search Filter field accepts regular expressions, such as *Summarizer* for files with “Summarizer” in their name, or *.?r? for files with an extension that has “r” as the middle letter (for example, leak.wri and mysql.err). After entering a search filter value, click the right arrow next to the field to see the resulting file list.

After you have selected the appropriate log files, click Export Logs. Log(s) are exported to a zip file in a location which you specify.

File Manager

This section describes the UMA appliance System > File Manager page, used to view and manage system files for a Virtual Appliance. This page is only available on the Virtual Appliance.

The File Manager feature provides a way to view the file system and export, delete, add, or modify files without opening an SSH session to the appliance. You can select the folder to view from the Select Folder pull-down list. To search for certain file names, enter search parameters using regular expressions in the Search Filter field and then click the right arrow next to the field.

This page allows the administrator to complete the following actions:

 

Administrator actions

Item

Usage

Export

Exports the currently selected file. If the file size is larger than 5MB, the file is exported as a .zip file. Files exported should be less than 200MB. Single files can be exported by clicking the Export icon to the right of the file name.

Delete

Deletes the currently selected file if correct permissions are available. Single files can be deleted by clicking the Delete icon to the right of the file name.

Add/Edit (Upload)

Allows files to be added to, or overwritten in, the currently selected folder. This feature is only available for certain folders and files. Files can be uploaded by clicking the Upload icon (a plus sign) in the upper right corner of the screen.

See also Working with Multiple Files.

Working with Multiple Files

Both Export and Delete actions are supported on multiple files.To perform these actions on multiple files:

1
Select check boxes for multiple files, or click Select All to choose all files.
2
Click Export or Delete on the bottom of the screen to perform these actions on selected files.
* 
NOTE: Multiple files are exported as a .zip file. Be aware that files larger than 200MB might take a large portion of your unit’s bandwidth.

Backup/Restore

The following sections provide an overview of the Backup/Restore feature, user interface, and configuration procedures for the System > Backup/Restore page:

What is Backup/Restore?

The Backup/Restore page is used to create or restore a snapshot of configurations and data using the Manage Backups, Immediate Backup/Restore, and Scheduled Backup Settings sections.

The Manage Backups section allows you to download a Java based tool to schedule the offloading of backup snapshots to a remote location. This data export feature allows you to periodically offload backup data and archived reports from your UMH appliance to an offsite client. Web Services are used with this feature, see the Web Services chapter for more information.

The Immediate Backup/Restore section allows you to create a new snapshot file and download it instantly.

The Scheduled Backup Settings section provides information and granular configuration options on your regularly scheduled system backups.

Backup/Restore User Interface Overview

This section details the different functions of the Backup/Restore page’s user interface.

Manage Backups
 

Manage backups 

Name

Description

Download Auto Export Tool

Helps you setup configurations that can be used to automatically download scheduled backup snapshots to a remote location in a recurrent manner. It also allows the user to offload reporting data such as archived syslog files and archived scheduled reports to a remote location

Click here to see restore history link

Displays the restored snapshots.

Available Snapshots list

Displays all the available snapshots with type, date, product, version, and size information for each.

Download Snapshot

Downloads a snapshot of the current system configurations.

Restore Snapshot

Restores a backup snapshot, the snapshot is uploaded to your local storage and then used to restore data.

Immediate Backup/Restore
 

Immediate Backup/Restore 

Name

Description

Backup Now

Creates a new basic, application, or complete snapshot file.

Choose File

Selects a snapshot file from your local file system to upload to the GMS server.

Restore Now

Restores using the selected snapshot file.

Scheduled Backup Settings
 

Scheduled Backup Settings 

Name

Description

Enable Basic Backups check box

Backs up files that are essential for the system configuration and addUnit.xml files on a daily basis.

Daily At drop down lists

Selects the hour and minute for the backup schedule.

Enable Application Backups check box

Backs up basic data, database, firmware images, and HM recordings on a monthly or weekly schedule.

Backup Schedule: drop down lists

Selects the week or month, day, hour, and minute for the backup schedule.

Enable Complete Backups check box

Backs up application backup data, reporting database, and archived scheduled reports from the default archive directory on a monthly or weekly schedule.

Backup Schedule drop down lists

Selects the month or week, day, hour, and minute for the backup schedule.

Backup Snapshots to Directory text field

Backs up snapshots to the directory that is entered into the text field.

Free disk space required

Indicates the space required to perform the backup, and how much space is available for use on the resource. If available disk space is less than the estimated free disk space required, the backup process will not start. However, if the auto disk space management feature is enabled, the backup process deletes the previous backup files to free the disk space required for the backup process to begin if the following conditions are satisfied:

The auto disk space management feature should be enabled.
Old backup files should be off loaded. (such as a backup file name should end with "_O") For example, "GMS_8.2_M_2016_10_18_23_34_CA_O.zip"
Deleting old backup files should release sufficient disk space for the backup process to continue.

Auto disk space management

Select to allow GMS to manage the disk space and backup requirements. Auto disk space management is a configurable option provided for you to automate recovering disk space by deleting previous backup files in case of a disk space shortage for the backup process. If there is sufficient disk space for the backup process to run, this feature does not have any impact.

Update Settings

Updates the current configured settings.

Configuring the Backup/Restore Page

This sections provides example configurations for the Manage Backups, Immediate Backup/Restore, and Scheduled Backup Settings sections on the System > Backup/Restore page.

Configuring Manage Backups

To take an online backup or upload a snapshot file for restore, complete the following configuration steps:

1
Click Download Auto Export Tool.
The tool downloads to your local system.
2
Click Here to view the restore history.
3
To download an existing snapshot, select an available snapshot and then click Download Snapshot.
4
To restore a backup snapshot, select an available snapshot and then click Restore Snapshot.
The Restore Options pop up window displays.

a
Select the desired Restore Options.
b
Click OK.

Configuring Immediate Backup/Restore

To create, download, and upload snapshots, complete the following configuration steps:

1
To create a new snapshot file, click Backup Now.
The Backup Options pop up window displays:

a
Select a backup option.
Basic—performs a daily backup of configuration files. This option is enabled by default.
Application—schedules a weekly or monthly backup of configuration files, the central/SGMS database, HM recordings, and firmware images. A weekly backup is scheduled by default.
Complete—schedules a weekly or monthly backup of configuration files, the central/SGMS database, HM recordings, firmware images, reporting database, and archived scheduled reports (only from a default active directory). This backup option is disabled by default.
b
Click OK.
The configured backup is populated in the Available Snapshots list.
2
To restore existing data:
a
Select an Available Snapshot and then click Restore Now.

or
b
Upload a snapshot by clicking Choose File, selecting a file to backup, and then clicking Restore Now.

Configuring Scheduled Backup Settings

By default, your system is on a backup schedule for daily at 10:00 pm and weekly on Fridays at 10pm. Only 1 snapshot per backup type is saved. Old snapshots are not deleted if the backup directory is changed, they need to be deleted manually.

To change the scheduled backup intervals for the Basic, Application, and/or Complete backups, complete the following steps:
* 
NOTE: Disabling the check boxes greys out the Backup Schedule settings.

1
Select Enable Basic Backups.
This check box is enabled by default.
2
Use the Backup Schedule drop down lists to select a daily time for the Basic Backup.
3
Select Enable Application Backups.
This check box is enabled by default.
4
Use the Backup Schedule drop down lists to select the month or week, day, and time for the Application Backup.
5
Select Enable Complete Backups.
This check box is disabled by default. Complete backups should be enabled only when there is enough disk space available (the free disk space required is displayed). If there is not enough space available, backups are not taken.
6
Use the Backup Schedule drop down lists to select the month or week, day, and time for the Complete Backup.
7
Enter a directory to backup the snapshots in the Backup snapshots to directory [installDir]: text field.
8
Click Update Settings.

Shutdown

This section describes the Virtual Appliance System > Shutdown page, used to shut down or restart the virtual appliance. This page is only available on the virtual appliance.

This page allows the administrator to shut down or restart the virtual appliance, temporarily disconnecting users and stopping services.

If you made any changes to the settings, be sure to apply them before you restart or shut down. The process of restarting generally takes about three minutes.

To restart the virtual appliance, click the Restart button and than click OK in the confirmation dialog box.

To shut down the virtual appliance, click the Shutdown button and than click OK in the confirmation dialog box.

UMH Network Settings

This describes how to configure the network settings that are available in the SonicWall™ Global Management System (GMS) Virtual Appliance Network screens.

* 
NOTE: The Network screens are only available on the GMS Virtual Appliance.

This includes the following:

Settings

This section describes the Virtual Appliance Network > Settings page, used to configure basic networking and host settings.

This page allows the administrator to configure the following settings:

 

Settings available to administrator 

Item

Usage

Name

A descriptive name for this virtual appliance

Domain

In the form of “sonicwall.com”; this domain is not used for authentication

Host IP address

The static IP address for the eth0 interface of the GMS virtual appliance. You can keep the default IP address, or enter a different IP address.

Subnet mask

In the form of “255.255.255.0”

Default gateway

The IP address of the network gateway – this is the default gateway of your perimeter firewall or networking appliance, not the GMS Gateway.

DNS server 1

The IP address of the primary DNS server

DNS server 2

(Optional) – The IP address of the secondary DNS server

DNS server 3

(Optional) – The IP address of the tertiary DNS server

* 
NOTE: The fields under Networking can accept/display IPv4 and IPv6 addresses.

To apply your changes to the above fields, click Update. To revert to default settings, click Reset.

You can also configure suffixes and enable suffix searches on this page, to aid in host name resolution. If the UMA cannot resolve a host name to its IP address, it appends one suffix at a time to the host name in the order the suffixes are configured, and tries to resolve the host name with that suffix.

To enable suffix searches, select Search Suffix.

To add a suffix, click Add to open the Add/Edit Search Suffix dialog box. Type the desired suffix into the Search Suffix field and then click Add. You can click the Configure icon for the suffix to edit it, or click the delete icon to delete it.

* 
NOTE: Adding, configuring, or deleting a suffix restarts the Web server on the Virtual Appliance, and disconnects your browser login session.

Routes

This section describes the Virtual Appliance Network > Routes page, used to configure default or alternate network routes.

The default route is generally populated with the Default Gateway, specified in the Network > Settings page.

To add an alternate route, complete the following steps:
1
Click Add.
2
Enter the route information in the following field:
Destination Network
Network Mask
Gateway Address
* 
NOTE: These fields can accept/display IPv4 and IPv6 addresses.
3
Click Add. The new route populates in the Network Routes table.

UMH Deployment Settings

This describes how to configure the settings that are available in the SonicWall UMH Deployment pages.

* 
NOTE: The UMH appliance and the SonicWall™ Global Management System (GMS) application both provide a system settings interface, referred to as “UMH” in GMS software deployments. In either scenario, the switch icon is used to toggle between application and system interfaces.

This includes the following:

Deployment Roles

The role that you assign to your GMS instance defines the SonicWall Universal Management Suite services that it will provide. GMS uses these services to perform management, monitoring, and reporting tasks.

Your GMS instance can be deployed in any of the following roles:

All In One
Database Only
Console
Agent
Reports Summarizer
Monitor
Event
Syslog Collector
Flow Server
All in One-Flow Server (Demo Mode Only)

In the UMH system management interface, clicking Details in the same row as a role provides a list of the services that run on a system in that role, and information about using the role.

* 
NOTE: All the roles listed previously can be run on any platform of GMS; namely Windows and Virtual Appliance, except for Flow Server and “All in One-Flow Server (Demo Mode Only).” Those two roles are supported on Virtual Appliance platforms.

As the number of managed appliances increases, a more distributed deployment provides better performance. To manage large numbers of SonicWall appliances, you can use several SonicWALL GMS appliances operating in different roles in a distributed deployment. You can also use Windows Server machines running SonicWall GMS in any of the roles.

The All-In-One or Database Only roles automatically include the Infobright with Postgres databases.

You can add multiple consoles to your GMS Deployment and that in such a deployment, all consoles except one should be marked as redundant consoles, and that the Include Redundancy check box can be used for configuring a GMS console as a redundant console.

You can scale your deployment to handle more units and more reporting by adding more systems in the Agent role. Agents provide built-in redundancy capability, meaning that if an Agent goes down, other Agents can perform the configuration tasks and other tasks of the Agent that went down.

When first deploying GMS, if you are going to use a Microsoft SQL Server as the GMS database, then make sure you install the SQL Server database first and then use the IP and credentials of the SQL Server for role configuration of all GMS appliances and servers. If using Infobright with Postgres, first install a GMS appliance/server that has the Infobright with Postgres database included with it.

You can install a GMS appliance/server that has an Infobright with Postgres database included in one of the following ways:

By selecting a role that includes the database automatically, such as All In One or Database Only
By selecting Include Database (PostgreSQL) if configuring the appliance with any other role

All role configuration is performed in the appliance management interface, available at the URL: http://<IP address>:<port>/appliance/

Refer to the following sections for instructions on manually configuring the system role:

Configuring the All In One Role

All In One deployments are ideal for managing a small number of SonicWall appliances or for test environments.

* 
NOTE: SonicWall recommends that you use a multi-system distributed deployment in production environments, with the database on a dedicated server and the other services on one or more systems. When only one other system is deployed, the Console role should be assigned to it.

The All In One role provides all services utilized by SonicWall GMS:

Syslog Collector
Reports Scheduler
Update Manager
Reports Summarizer
SNMP Manager
Scheduler
Monitoring Manager
Web Server
Database
Flow Server

The All In One role allows Gateway configurations for the following:

None— No gateway is specified.
If you do not wish to configure a gateway, complete the following steps:
1
Click None.

2
Select HTTP or HTTPS for the MSM Server Protocol.
3
Click the MSM Server Port text-field, then enter the MSM Server port number.
4
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
5
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
NAT Device— Use this option when a NAT device is configured as the gateway. The GMS appliance does not have to login to the unit for any reason and all NAT configurations are taken care of by the network Administrator directly through the device’s management interface. To configure the NAT device, complete the following steps:
6
Select NAT Device.

7
Click the NAT Device IP text-field, then enter the NAT Device IP address. This field can accept/display IPv4 and IPv6 addresses.
8
Click the NAT Device Syslog Port text-field, then enter the NAT Device Syslog port number. This is the Syslog port used for Syslogs sent from the managed units.
9
Select HTTP or HTTPS for the MSM Server Protocol.
10
Click the MSM Server Port text-field, then enter the MSM Server port number.
11
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
12
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
GMS Gateway— Use this option when a SonicWall device is acting as a Gateway. Using a SonicWall appliance is recommended, but can be setup as a NAT Device if all units are managed using SSL. To configure the GMS Gateway, complete the following steps:
13
Click GMS Gateway.

14
If the SonicWALL GMS connects to managed appliances through a GMS gateway, click the GMS Gateway IP text-field, then enter the internal IP address of the device. This field can accept/display IPv4 and IPv6 addresses.
If you change the GMS gateway IP address or password, you must also change the settings on this page. To determine if a GMS Gateway is required, see the SonicWall Getting Started Guide for your product
15
Click the GMS Gateway Port text-field, then enter the management port used to sign into the device.
16
Click the GMS Gateway User text-field, then enter the username used to sign into the device.
17
Click the GMS Gateway Password text-field, then enter the password used to sign into the device.
18
Confirm the GMS Gateway Password you entered.
19
Click the GMS Gateway Syslog Port text-field, then enter the Syslog port used for syslogs sent from the managed units.
20
Select HTTP or HTTPS for the MSM Server Protocol.
21
Click the MSM Server Port text-field, then enter the MSM Server port number.
22
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
23
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.

Configuring the Database Only Role

The Database Only role is used in a multi-server SonicWall GMS deployment. In this role, the server is configured to run only the database service. SonicWall recommends that one of the servers in a multi-server GMS deployment is assigned a Database Only role.

Only the SonicWall Universal Management Suite Database service runs on a Database Only system.

The Infobright with PostgreSQL(IB-PG) database engine is pre-installed along with the SonicWall GMS installation. SonicWall GMS can also use a MySQL database or a Microsoft SQL Server database installed on a server. On the Deployment > Role page in the SonicWALL GMS appliance management interface, you can configure your SonicWall GMS systems to use either an MySQL or SQL Server database.

To deploy your SonicWALL GMS in the Database Only role, perform the steps described in the Configuring Database Settings section, on page 1117.

Configuring the Console Role

The Console role is used in a multi-server, distributed SonicWall GMS deployment. In this role, the SonicWall GMS installation will run all SonicWall Universal Management Suite services except for the Database service. In this scenario, the Database role is assigned to a separate appliance or server.

In the Console role, the SonicWALL GMS behaves as an Agent, and also provides the following functions:

Provides Web user interface for the SonicWall GMS application
Emails Scheduled Reports
Performs Event Management tasks
Performs various periodic checks, such as checking for new appliances that can be managed, checking for new firmware versions of managed appliances, and similar functions

The Console role allows Gateway configurations for the following:

None— No gateway is specified.
If you do not wish to configure a gateway, complete the following steps:
1
Click None.

2
Select HTTP or HTTPS for the MSM Server Protocol.
3
Click the MSM Server Port text-field, then enter the MSM Server port number.
4
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
5
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
NAT Device— Use this option when a NAT device is configured as the gateway. The GMS appliance does not have to login to the unit for any reason and all NAT configurations are taken care of by the network Administrator directly through the device’s management interface. To configure the NAT device, complete the following steps:
6
Select NAT Device.

7
Click the NAT Device IP text-field, then enter the NAT Device IP address.
8
Click the NAT Device Syslog Port text-field, then enter the NAT Device Syslog port number. This is the Syslog port used for Syslogs sent from the managed units.
9
Select HTTP or HTTPS for the MSM Server Protocol.
10
Click the MSM Server Port text-field, then enter the MSM Server port number.
11
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
12
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
GMS Gateway— Use this option when a SonicWall device is acting as a Gateway. Using a SonicWall appliance is recommended, but can be setup as a NAT Device if all units are managed using SSL. To configure the GMS Gateway, complete the following steps:
13
Click GMS Gateway.

14
If the SonicWALL GMS will connect to managed appliances through a GMS gateway, click the GMS Gateway IP text-field, then enter the internal IP address of the device.
If you change the GMS gateway IP address or password, you must also change the settings on this page. To determine if a GMS Gateway is required, see the SonicWall Getting Started Guide for your product
15
Click the GMS Gateway Port text-field, then enter the management port used to sign into the device.
16
Click the GMS Gateway User text-field, then enter the username used to sign into the device.
17
Click the GMS Gateway Password text-field, then enter the password used to sign into the device.
18
Confirm the GMS Gateway Password you entered.
19
Click the GMS Gateway Syslog Port text-field, then enter the Syslog port used for syslogs sent from the managed units.
20
Select HTTP or HTTPS for the MSM Server Protocol.
21
Click the MSM Server Port text-field, then enter the MSM Server port number.
22
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
23
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.

Configuring the Agent Role

The Agent role can be used in a distributed deployment of SonicWall GMS. The primary functions of this role include the following:

Manages units by acquiring them, pushing configuration tasks to the units and tracking their up/down status
Performs monitoring based on ICMP probes, TCP probes, and SNMP OID retrievals
Collects and stores syslog messages
Performs report summarization

The following SonicWall Universal Management Suite services run on an Agent system:

Syslog Collector
Reports Summarizer
SNMP Manager
Scheduler
Monitoring Manager

The Agent role allows Gateway configurations for the following:

None— No gateway is specified. The agent is facing the unit directly without any device between them
If you do not wish to configure a gateway, complete the following steps:
1
Click None.

2
Select HTTP or HTTPS for the MSM Server Protocol.
3
Click the MSM Server Port text-field, then enter the MSM Server port number.
4
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
5
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
NAT Device— Use this option when a NAT device is configured as the gateway. The GMS appliance does not have to login to the unit for any reason and all NAT configurations are taken care of by the network Administrator directly through the device’s management interface. To configure the NAT device, complete the following steps:
6
Select NAT Device.

7
Click the NAT Device IP text-field, then enter the NAT Device IP address.
8
Click the NAT Device Syslog Port text-field, then enter the NAT Device Syslog port number. This is the Syslog port used for Syslogs sent from the managed units.
9
Select HTTP or HTTPS for the MSM Server Protocol.
10
Click the MSM Server Port text-field, then enter the MSM Server port number.
11
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
12
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
GMS Gateway— Use this option when a SonicWall device is acting as a Gateway. The GMS appliance needs to be able to login to the unit and pull additional information such the WAN IP of the device. This type of device is typically used when Units managed by the Agent are either on the management tunnel or an existing tunnel. In the case of SSL, a GMS gateway is really not necessary. Using a SonicWall is recommended, but can be setup as a NAT Device if all units are managed using SSL. To configure the GMS Gateway, complete the following steps:
13
Click GMS Gateway.

14
If this SonicWALL GMS will connect to managed appliances through a GMS gateway, click the GMS Gateway IP text-field, then enter the internal IP address of the device.
If you change the GMS gateway IP address or password, you must also change the settings on this page. To determine if a GMS Gateway is required, see the SonicWall Getting Started Guide for your product
15
Click the GMS Gateway Port text-field, then enter the management port used to sign into the device.
16
Click the GMS Gateway User text-field, then enter the username used to sign into the device.
17
Click the GMS Gateway Password text-field, then enter the password used to sign into the device.
18
Confirm the GMS Gateway Password you entered.
19
Click the GMS Gateway Syslog Port text-field, then enter the Syslog port used for syslogs sent from the managed units.
20
Select HTTP or HTTPS for the MSM Server Protocol.
21
Click the MSM Server Port text-field, then enter the MSM Server port number.
22
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
23
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.

Configuring the Reports Summarizer Role

The Reports Summarizer role is used to dedicate a server for performing only summarization of reports in a multi-server GMS deployment. Syslogs collected by the Syslog Collector service are consumed by the Reports Summarizer service to create generate reports. In such a deployment, it is essential that the Syslog Collectors running on various GMS Servers write syslogs to folders that are accessible by Reports Summarizer systems.

The following services run on a Summarizer system:

SonicWall Universal Management Suite - Reports Summarizer
SonicWall Universal Management Suite - Web Service Server
To deploy your SonicWALL GMS in the Reports Summarizer role, complete the following steps in the appliance management interface:
1
Navigate to the Deployment > Roles page. Under Host Role Configuration, select Reports Summarizer.

2
To use a MySQL or Microsoft SQL Server database on another system, do not select this check box.
3
Configure the database settings as described in Configuring Database Settings.
4
Configure the Web port settings as described in Configuring Server Settings.
5
To apply your changes, click Update.
To change the settings on this page back to the defaults, click Reset.

Configuring the Monitor Role

The Monitor role is used to dedicate the SonicWall GMS installation to monitoring appliances and applications in a multi-server SonicWall GMS deployment. The monitoring is based on ICMP probes, TCP probes, and SNMP OID retrievals.

Only the SonicWall Universal Management Suite Monitoring Manager service runs on a Monitor system.

To deploy your SonicWALL GMS in the Monitor role, complete the following steps in the appliance management interface:
1
Navigate to the Deployment > Roles page. Under Host Role Configuration, select Monitor.

2
To use a MySQL or Microsoft SQL Server database on another system, do not select this check box.
3
Configure the database settings as described in Configuring Database Settings.
4
Configure the Web port settings as described in Configuring Server Settings.
5
To apply your changes, click Update.
To change the settings on this page back to the defaults, click Reset.

Configuring the Event Role

The Event, or Event Management, role of a GMS Server is used to dedicate a server for performing only event based alerting of appliances and applications in a multi-server SonicWALL GMS deployment.

The following services run on an Event Management system:

SonicWall Universal Management Suite - Event Manager
SonicWall Universal Management Suite - Web Service Server
To deploy your SonicWALL GMS in the Event role, complete the following steps in the appliance management interface:
1
Navigate to the Deployment > Roles page. Under Host Role Configuration, select Event.

2
To use a MySQL or Microsoft SQL Server database on another system, do not select this check box.
3
Configure the database settings as described in the Configuring Database Settings section, on page 1117.
4
Configure the Web port settings as described in the Configuring Server Settings section, on page 1119.
5
To apply your changes, click Update.
To change the settings on this page back to the defaults, click Reset.

Configuring the Syslog Collector Role

The Syslog Collector role can be assigned to a SonicWall GMS installation in a multi-server deployment of SonicWall GMS. In this role, the SonicWall GMS installation is dedicated to collecting syslog messages on the configured port (by default, port 514). The syslog messages are stored in the SonicWall GMS file system.

The syslog messages are used by the Reports Summarizer service running on another SonicWall GMS server or SonicWall GMS in the distributed deployment. The folder where the Syslog Collector service stores the syslog messages must be accessible by the server running the Reports Summarizer service.

Only the SonicWall Universal Management Suite Syslog Collector service runs on a Syslog Collector system.

To deploy your SonicWALL GMS in the Syslog Collector role, complete the following steps in the appliance management interface:
1
Navigate to the Deployment > Roles page. Under Host Role Configuration, select Syslog Collector.

2
If this SonicWALL GMS listens for syslog messages on a non-standard port, type the port number into the Syslog Server Port field. The default port is 514.
3
To use a MySQL or Microsoft SQL Server database on another system, do not select this check box.
4
Configure the database settings as described in Configuring Database Settings.
5
Configure the Web port settings as described in Configuring Server Settings.
6
To apply your changes, click Update.
To change the settings on this page back to the defaults, click Reset.

Configuring the Flow Server Role

* 
NOTE: This role is only supported on Virtual Appliance platforms.

The Flow Server role can be used in a distributed deployment of SonicWall GMS. The primary functions of this role include the following:

Collect and stores flows from the firewalls
Performs report summarization

The following SonicWall Universal Management Suite services run on an Agent system:

SonicWall Universal Management Suite - Flow Server

The single service that runs in this role is SonicWall Universal Management Suite - Flow Server. The flows are collected and stored in internal databases. To be able to create reports out of these flows, you will need to have a GMS server in this deployment with a minimum version of 7.1 and a role of “Console” or “All in One,” and so on. You will also need to make sure that the following ports are open:

UDP 2055
UDP 5055
TCP 9063
TCP 9064
TCP 9065
TCP 9066
TCP 9067
To deploy your SonicWALL GMS in the Flow Server role, complete the following steps in the appliance management interface:
1
Navigate to the Deployment > Roles page. Under Host Role Configuration, select Flow Server.
2
Configure the database settings as described in Configuring Database Settings.
3
Configure the Web port settings as described in Configuring Server Settings.
4
To apply your changes, click Update.
To change the settings on this page back to the defaults, click Reset.

Configuring the All in One-Flow Server (Demo Mode Only).

All In One deployments are ideal for managing a small number of SonicWall appliances or for test environments.

* 
NOTE: SonicWall recommends that you use a multi-system distributed deployment in production environments, with the database on a dedicated server and the other services on one or more systems. When only one other system is deployed, the Console role should be assigned to it.
* 
NOTE: This deployment is supported on Virtual Appliances, but not Windows.

The All in One - Flow Server configuration is to be used for demonstrating the Flow Server functionality and should NOT be used in production environments.

Following services run on an All in One-Flow Server Management system:

SonicWall Universal Management Suite - Database
SonicWall Universal Management Suite - Event Manager
SonicWall Universal Management Suite - Flow Server
SonicWall Universal Management Suite - Monitoring Manager
SonicWall Universal Management Suite - Reports Database
SonicWall Universal Management Suite - Reports Scheduler
SonicWall Universal Management Suite - Reports Summarizer
SonicWall Universal Management Suite - Scheduler
SonicWall Universal Management Suite - Syslog Collector
SonicWall Universal Management Suite - Update Manager
SonicWall Universal Management Suite - Web Server
SonicWall Universal Management Suite - Web Services

The All In One role allows Gateway configurations for the following:

None— No gateway is specified.
If you do not wish to configure a gateway, complete the following steps:
1
Click None.

2
Select HTTP or HTTPS for the MSM Server Protocol.
3
Click the MSM Server Port text-field, then enter the MSM Server port number.
4
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
5
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
NAT Device— Use this option when a NAT device is configured as the gateway. The GMS appliance does not have to login to the unit for any reason and all NAT configurations are taken care of by the network Administrator directly through the device’s management interface. To configure the NAT device, complete the following steps:
6
Select NAT Device.

7
Click the NAT Device IP text-field, then enter the NAT Device IP address.
8
Click the NAT Device Syslog Port text-field, then enter the NAT Device Syslog port number. This is the Syslog port used for Syslogs sent from the managed units.
9
Select HTTP or HTTPS for the MSM Server Protocol.
10
Click the MSM Server Port text-field, then enter the MSM Server port number.
11
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
12
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.
GMS Gateway— Use this option when a SonicWall device is acting as a Gateway. Using a SonicWall appliance is recommended, but can be setup as a NAT Device if all units are managed using SSL. To configure the GMS Gateway, complete the following steps:
13
Click GMS Gateway.

14
If the SonicWALL GMS connects to the managed appliances through a GMS gateway, click the GMS Gateway IP text-field, then enter the internal IP address of the device.
If you change the GMS gateway IP address or password, you must also change the settings on this page. To determine if a GMS Gateway is required, see the SonicWall Getting Started Guide for your product
15
Click the GMS Gateway Port text-field, then enter the management port used to sign into the device.
16
Click the GMS Gateway User text-field, then enter the username used to sign into the device.
17
Click the GMS Gateway Password text-field, then enter the password used to sign into the device.
18
Confirm the GMS Gateway Password you entered.
19
Click the GMS Gateway Syslog Port text-field, then enter the Syslog port used for syslogs sent from the managed units.
20
Select HTTP or HTTPS for the MSM Server Protocol.
21
Click the MSM Server Port text-field, then enter the MSM Server port number.
22
Click the Syslog Server Port text-field, then enter the Syslog Server port number.
23
To apply your changes, click Update. To change the settings on this page back to the defaults, click Reset.

Configuring Database Settings

Database settings configuration is largely the same for any role when you choose to include the database on that appliance. For roles that automatically include the default My SQL database, such as All In One or Database Only, the Database Type, Database Host, and Database Port fields are not editable. This is also the case for any role when Include Database (MySQL) is selected. The Administrator Credentials fields are displayed only if the role has been defined to include the installation of the IB-PG database. These are not available when a SQL Server database is selected.

This section describes the options for configuring the database settings for either the MySQL database or the Microsoft SQL Server database. SonicWALL GMS runs the MySQL database, but SonicWall GMS can also use either a MySQL or a SQL Server database running on a Windows Server machine in a multi-system deployment.

To configure the database settings for any role, complete the following steps in the appliance management interface:
1
Navigate to the Deployment > Roles page and select the role for this appliance.
2
To run the MySQL database on this SonicWall GMS, select Include Database (MYSQL). To use a Microsoft SQL Server database on another system, do not select this check box.
3
Under Database Configuration, if Include Database (MySQL) was not selected in the previous step, select either MySQL or SQL Server from the Database Type pull-down list. This field is not editable if you previously selected Include Database (MySQL) or if the selected role is All In One or Database Only.

4
In the Database Host field, type in the IP address of the database server or accept the default, localhost, if this SonicWALL GMS includes the database. This field is not editable if you previously selected Include Database (MySQL) or if the selected role is All In One or Database Only. This field can accept/display IPv4 and IPv6 addresses.
* 
NOTE: If your deployment requires an instance name for the SQL server database, when completing the Database Host field, enter the Host or IP address, followed by a back slash and the instance name. The format should look as follows: 10.20.30.40\INSTANCE.
5
To use a different port when SonicWall GMS accesses the database, type the port into the Database Port field. The default port is 3306.
6
To use a different user name when SonicWall GMS accesses the database, type the user name into the Database User field. The default user name is “sa”.
7
Type the password that SonicWall GMS uses to access the database into both the Database Password and Confirm Database Password fields.
8
If your deployment uses a custom database driver, type the value into the Database Driver field. Otherwise, accept the default, com.mysql.jdbc.Driver.
9
If your deployment uses a custom database URL, type the value into the Database URL field. If you are using a different port, change the default port, 3306, in the URL. Otherwise, accept the default URL, jdbc:mysql://localhost:3306.

Deployment Settings

This section describes the UMH Deployment > Settings page, used for Web port, SMTP, and SSL access configuration.

The Deployment > Settings page is identical in both the UMH management interfaces.

See the following sections:

Configuring Server Settings

Web Server Settings configuration is largely the same on any role:

1
Navigate to Deployment > Settings > Web Server Settings in the /appliance management interface.

2
To use a different port for HTTP access to the SonicWALL GMS, type the port number into the HTTP Port field. The default port is 85.

If you enter another port in this field, the port number must be specified when accessing the appliance management interface or SonicWall GMS management interface. For example, if port 8080 is entered here, the appliance management interface would be accessed with the URL: http://<IP Address>:8080/appliance/.
3
To use a different port for HTTPS access to the SonicWALL GMS, type the port number into the HTTPS Port field. The default port is 8445.

If you enter another port in this field, the port number must be specified when accessing the appliance management interface or SonicWall GMS management interface. For example, if port 4430 is entered here, the appliance management interface would be accessed with the URL: https://<IP Address>:4430/appliance/.
4
Click Enable HTTPS Redirection to redirect HTTP to HTTPS when accessing the GMS management interface.
5
In the Public IP text-field, enter the public IP or FQDN of the outside web services. This field can accept/display IPv4 and IPv6 addresses.
6
When you are finished configuring the Web Server Settings, click Update.

Configuring SMTP Settings

The SMTP Configuration section allows you to configure an SMTP server name or IP address, a sender email address, and an administrator email address. You can test connectivity to the configured server.

To configure SMTP settings:
1
Navigate to the Deployment > Settings page.

2
Under the SMTP Configuration section, type the FQDN or IP address of the SMTP server into the SMTP server field. This field can accept/display IPv4 and IPv6 addresses.
3
Click Use TLS if you would like to use Transport Layer Security (TLS) for your mail server connectivity, such as for Gmail or Office365. TLS ensures privacy between you and communicating applications on the Internet, and that no third-party can eavesdrop or tamper with your messages.
4
If the SMTP server in your deployment is set to use authentication, click Use Authentication. This option is necessary for all outgoing GMS emails to properly send to the intended recipients. Enter the username in the User field, and enter/confirm the password in the Password and Confirm Password fields. This is the username/password that is used to authenticate against the SMTP server.
5
Type the email address from which mail is sent into the Sender address field.
6
Type the email address of the system administrator into the Administrator address field.
7
To test connectivity to the SMTP server, click Test Connectivity.
8
To apply your changes, click Update.

Configuring SSL Access

The SSL Access Configuration section allows you to configure and upload a custom Keystore/Certificate file for SSL access to the GMS appliance, or select the default local keystore.

To configure SSL access:
1
Navigate to the Deployment > Settings page.

2
In the SSL Access Configuration section, select one of these:
Default to keep, or revert to, the default settings, where the default GMS Web Server certificate with gmsvpserverks keystore is used.
Custom to upload a custom certificate for GMS SSL access.
* 
NOTE: A Custom upload can be performed either of the following ways:
Directly as a Certificate: The certificate file (.crt/.cer), its corresponding key file (.key) and the password are required.
Using a Keystore: The keystore and the store password are required, which would be converted and stored as a certificate.
3
In the Certificate file field, click Choose File to select your (.crt/.cer) certificate file.
4
In the Certificate Key file field, click Choose File to select your (.key) certificate key file.
5
Enter the password for the certificate into the Certificate password field.
6
Click View to display details about your certificate.

Deployment Services

This section describes the UMH Deployment > Services page, used for starting and stopping the GMS services running on the system.

The Deployment > Services page is identical in both the UMH management interfaces.

Details are available for the current role, and the status of each service is displayed on the page

The page is shown below for the All In One role that includes all services.

To start, stop, or restart one or more services, complete the following steps:
1
Navigate to the Deployment > Services page.
2
Select the check box next to Service Name to select all services, or select one or more check boxes for individual services.
3
To disable or stop the selected services, click Disable/Stop.
4
To enable or start the selected services, click Enable/Start.
5
To restart the selected services, click Restart.