Explanation of Management Modes

03/26/2020 1057 12118

DESCRIPTION:
General information about GMS management modes

CAUSE:
Customer wants to know which management mode is the most feasible

RESOLUTION:

Explanation of Management modes in GMS

Management Modes:

1. Existing Tunnel/LAN
2. HTTPS/SSL
3. Management Tunnel

Explanation of each management mode and when to use them

1. Existing Tunnel/LAN:

With this management method all of the syslog files are transmitted in clear text between the firewall and the GMS server.  If syslog is destined for a GMS server across a VPN, the VPN will provide encryption (of clear text syslog) while traffic is traversing the Internet. This is a very good mode for troubleshooting and simple setups, or setups with already configured S2S VPNs.

Over VPN:

Same subnet or point to point connection :

2. HTTPS/SSL:

The logic is the same as with existing tunnel/LAN mode. However, syslog are encrypted. The encryption is based on the password of the admin account. This means you must use the admin account (of the SonicWall) when adding the SonicWall to GMS.  This management method is good for any network topology that requires end to end encryption for syslogs messages.

3. Management Tunnel:

Management tunnel is the only method that requires the GMS Gateway to be configured on GMS. The GMS gateway is the gateway firewall for GMS (so the firewall over which GMS communicates). On this firewall you will see the VPN tunnel, it will not be visible on the target firewall. Essentially this mode allows GMS to automate a VPN tunnel between the target firewall and the GMS gateway which passes the data on to GMS.  This management method can be used if VPN is the preferred transmit method in which the only communication across the VPN is GMS and the firewall (no other network traffic is needed between the two networks).

The recommended management method is HTTPS/SSL.