GMS: How to acquire a firewall on GMS using Management Tunnel mode.
03/26/2020 1,099 People found this article helpful 200,056 Views
This article provides information on how to acquire a firewall in GMS using Management Tunnel Mode.
For Management VPN tunnel Mode, A SonicWall GMS gateway is required.
1) To configure GMS gateway, login to the System Interface /appliance interface of GMS and then go to Deployment -> Role.
Click the GMS Gateway radio button.
a. Click the GMS Gateway IP text-field, then enter the internal IP address of the local Gateway device. ( If you change the GMS gateway IP address or password, you must also change these settings on this page ).
b. Click the GMS Gateway Port text-field, then enter the management port used to sign into the device.
c. Click the GMS Gateway Username text-field, then enter the username used to sign into the device.
d. Click the GMS Gateway Password text-field, then enter the password used to sign into the device.
e. Click the GMS Gateway syslog Port text-field, then enter the syslog port used for syslogs sent from the managed units. And then click on Update to make the changes.
2) Login to the Firewall that has to be added on the GMS, On the firewall, go to System -> Administration -> Configure GMS.
**Firmware versions 6.5+ will have the GMS configuration located on the Manage tab under System Setup->Appliance->Base Settings:
a. Under GMS Host name or IP, put the Public ip of the GMS server and under Management Mode select IPSEC Management Tunnel.
b. Firewall will auto generate Encryption and Authentication keys for the IPSec negotiations.
These are used to create a management vpn tunnel between GMS gateway and the managed device. Copy these Encryption and Authentication Keys, these will be needed when we add the unit on GMS.
3) Click on the Add Unit dialog box on GMS for adding the firewall:
a. Enter a descriptive name for the SonicWall appliance in the Unit Name field. Do not enter the single quote character (‘) in the Unit Name field.
b. If applicable, choose a Domain to add this appliance to from the Domain pull-down list.
c. Enter the serial number of the SonicWall appliance in the Serial Number field.
d. For the Managed Address, choose weather to Determine automatically, or Specify manually. Most deployments will be able to determine the address automatically.
e. Enter the administrator login name for the SonicWall appliance in the Login Name field.
f. Enter the password used to access the SonicWall appliance in the Password field.
g. For Management Mode, select Using Management Tunnel.
h. Now use the copied encryption and authentication values from Step 2(b)and enter it under encryption and Authentication keys.
Once the unit added, we need to wait to get the unit acquired. GMS will login to the firewall using this management tunnel to acquire the unit.
We can check if IPSec management tunnel is built by logging into the GMS gateway firewall where it should show an active tunnel and the name of the tunnel will be the serial number of the managed device.