Troubleshoot steps if a firewall status is Offline on NSM SaaS

 There may be a high number of reasons for a firewall to not be acquired by the NSM. From the Internet connection, to configuration issues which can block the connection between the firewall and the CSC, in this article we will discuss a few troubleshoot steps on how to acquire and to get the proper reports from the Firewall on NSM

By default, if the Cloud Management and Zero Touch are enabled for a Firewall from MySonicWall account, all the configuration regarding the acquirement of the firewall shall be made by the NSM, which will be logged in as an admin to the firewall, hence the reason why the firewall will be set on non-config mode for the users if it will be acquired by the NSM. There are a few conditions in order to have the firewall managed by the NSM

Acquire Unit:

1. Access the firewall locally, navigate to Device | Settings | Licenses and press the Synchronize button.
2. Navigate to Device | Administration, check if Management using NSM/GMS is enabled
   
   
3. For GMS/NSM Host Name or IP Address use the following, depending on your collocation:
     For US Colo: nsm-uswest-syslog.sonicwall.com
     For EU Colo: nsm-eucentral-syslog.sonicwall.com
4. Under Device | Administration | Audit / SonicOS API, make sure the SonicOS API is enabled as well.
5. Access the diag page of the firewall:  How to Access the Internal Settings of the firewall
6. Use CRTL + F to find "sgms", make sure it's enabled
   
7. Also, search also for "zero" and restart the Zero Touch task.
   
   FQDN for the following:     
   US Colo: 
       nsm-uswest-zt.sonicwall.com
       nsm-uswest-iczt.sonicwall.com (For Instant Connect Zero Touch)
       EU Colo:
       nsm-eucentral-zt.sonicwall.com
       nsm-eucentral-iczt.sonicwall.com
8. After those steps go to the NSM Inventory and Synchronize again the firewall.
   
9. If it doesn't get online after 5-10 minutes, try again to Synchronize the firewall. If the issue is still persisting, you can try to go to your MySonicwall account and to put the firewall from Cloud management to On-Box and after ~15 minutes to put it again under Cloud management.
10. After that, check if the firewall is appearing on the NSM, if it's appearing, to go the firewall locally, access the diag page again, restart the Zero Touch Task again and see if the firewall is going online.
11. Reconfigure Reporting and Analytics. and make sure the App Flow is enabled.
    
12. How to configure and use the Packet Monitor, Set the log level to Inform/Alert, import GMS/Analyzer template on the logs:
    
13. How to set the Log Settings
14. Refresh the licenses from the firewall:   Manage and Sync the Licenses from SonicWall GUI
15. On the Access Rules, there should be a default Access Rule WAN>WAN, HTTPS management with allow (Enable HTTPS Management on the WAN Interface)
16.      In case you have made changes to the default Access Rules trough CLI, we need to create a new Access Rule which can let the NSM to manage the firewall
    Create a FQDN object with on of the following addresses, depending of your Colo:
        US Colo: nsm-uswest.sonicwall.com
        EU Colo: nsm-eucentral.sonicwall.com
    
    Create an Access Rule WAN > WAN with:
        Source FQDN created
        Destination WAN interface management IP
        Service: HTTPS Management
17. Synchronize a few times the firewall after all those steps and try to click on Reconfigure Reporting and Analytics as well and there should be firewall online after 10-15 minutes with data coming in.
18.  Also, make sure you have the flow reporting enabled on the CFS default Action Object
    
    
19.  Enable the App Control and logging for all Apps as well: