- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Explanation of Management Modes
03/26/2020 
1,057 People found this article helpful
43,561 Views
Description
General information about GMS management modes
Cause
Customer wants to know which management mode is the most feasible
Resolution
Explanation of Management modes in GMS
Management Modes:
- Existing Tunnel/LAN
- HTTPS/SSL
- Management Tunnel
Explanation of each management mode and when to use them
1. Existing Tunnel/LAN:
With this management method all of the syslog files are transmitted in clear text between the firewall and the GMS server. If syslog is destined for a GMS server across a VPN, the VPN will provide encryption (of clear text syslog) while traffic is traversing the Internet. This is a very good mode for troubleshooting and simple setups, or setups with already configured S2S VPNs.
Over VPN:
Same subnet or point to point connection :
2. HTTPS/SSL:
The logic is the same as with existing tunnel/LAN mode. However, syslog are encrypted. The encryption is based on the password of the admin account. This means you must use the admin account (of the SonicWall) when adding the SonicWall to GMS. This management method is good for any network topology that requires end to end encryption for syslogs messages.
3. Management Tunnel:
Management tunnel is the only method that requires the GMS Gateway to be configured on GMS. The GMS gateway is the gateway firewall for GMS (so the firewall over which GMS communicates). On this firewall you will see the VPN tunnel, it will not be visible on the target firewall. Essentially this mode allows GMS to automate a VPN tunnel between the target firewall and the GMS gateway which passes the data on to GMS. This management method can be used if VPN is the preferred transmit method in which the only communication across the VPN is GMS and the firewall (no other network traffic is needed between the two networks).
The recommended management method is HTTPS/SSL.
Related Articles
- Can we make changes to a firewall config acquired on NSM directly through the firewall?
- Perform Restart of firewall from NSM.
- Requirement is to push cfs settings from one firewall to a group of Firewalls in NSM.
YES
NO