How can I enable Zero Touch?

Zero Touch is designed to make the experience of adding a unit to Capture Security Center smooth and setting up for management and reporting easy.

Warning:

NSM Advanced License will automatically reboot firewall when adding to it to NSM.

For NSM Advanced License, NSM will configure reporting on the firewall. The process will enable AppFlow on firewall, which will reboot firewall automatically without notification. It is recommended to configure in an maintenance window.

For NSM Essential License, NSM uses CTA reports for reporting. This does not need to configure AppFlow on firewall. It does not need to reboot firewall.

Enable Zero Touch when firewall has already registered in mysonicwall.com:

1. Log into mysonicwall.com, find the firewall, clicking on the serial number. Change "Managed By" from On-Box to Cloud. If this is the first device in this tenant enabling cloud manage, you will have option "NSM Europe" or "NSM North America". Select the one close to you. Click on OK and checkmark to confirm:
2.  Now Zero Touch option shows up beneath "Managed By". Slide the bar to enable Zero Touch:

NSM entry will show up in the bottom of the page. You can go to NSM by going to menu at the right hand side clicking on Services/Available Services/Capture Security Center, find the correct tenant from dropdown list, and click on Network Security Manager tile.  

Then click on Firewalls/Inventory to see firewalls added to NSM. Initially firewall will show offline unmanaged. When next time firewall reaching Licensing server, Licensing server will let the firewall know that it is Zero Touch enabled, and firewall will reach out to Zero Touch server for connection and configuration. It might take a few minutes to serial hours depending when the firewall checks into Licensing server last time.

Enable Zero Touch when registering a new product or by going to the product details page.

1. Go to https://Cloud.SonicWall.com, login with your mysonicwall.com account.
   
   
   
   
2. Registration and Licensing of firewall appliance for Zero Touch. Register the firewall (if not completed already).
   
   
1. Click on the MySonicWall tile.
2. Click Add Product.
3. Enter the serial and click Next.
4. Type a friendly Name and it's Auth Code.
5. Enable Zero Touch.
6. Click Register.
   
   
   
   
3. If the product has already been registered, select the Service Management screen for the firewall (Product Management | My Products) and choose Product Details context menu.
   
   
   1. Enable/Confirm Zero Touch for this product type (slider).
      
      
      
4. Activate/Confirm AGSS/CGSS (Comprehensive Gateway Security Suite) service as a pre-requisite before activation for cloud services.
   
   
   1. Choose the Licenses context menu.
   2. Choose AGSS/CGSS and license it with a proper activation key.
      
      
      
5. Continuing on the Licenses context menu, activate/confirm Cloud Management Services.
   1. Click Try to activate CSC Management and Reporting service.
   2. Click Try to activate CSC Analytics service.
      

      NOTE:Management or Management/Analytics licenses is required to test Zero Touch
      
      
      
      

6. Return to the pull down Curtain page and should see either Management, Reporting, or Analytics tiles on the curtain depending on services activated.
   

Firewall Acquisition for Zero Touch

1. Login to the firewall appliance UI that you are using for Zero Touch.Ensure the firewall is running SonicOS 6.5.1.1-42n or newer (required for Zero Touch).
2. From the curtain drop down, choose Management tile, should see Auto Added Zero Touch appliance on Device Manager (left hand menu). Status should be Success after full acquisition has completed.

Troubleshooting Firewall Acquisition

In some cases, where unit is already deployed (not net new or factory default), steps might need to be taken to kick start acquisition.

After above activation/licensing is completed, restart the appliance so firewall appliance re-syncs to Cloud Zero Touch servers. Check Management tile to confirm acquisition is taking place. Proceed to Step 2 if does not occur.

1. Login to the UI of the firewall, and enter the diag menu (alter end of URL to /diag.html for Gen6 Firewalls or IP/sonicui/7/m/mgmt/settings/diag for Gen7 Firewalls) to force Zero Touch task.
   
   Step 1: Choose Enable Zero Touch and click Accept.
   Step 2: Click Restart Zero Touch Task