How can I acquire a firewall with HTTPS Management in GMS using a distributed deployment?

03/26/2020 1,242 People found this article helpful 487,007 Views

Description

How to Acquire a firewall with HTTPS/SSL Management in GMS using a distributed deployment

Resolution

NOTE: A typical distributed deployment consists of a Virtual Appliance or Windows server deployed as a Console or All-in-one server with one or more of these same devices deployed as Agents.

Step 1: Configure the firewall to send syslogs to GMS. Navigate to System | Administration in the firewall.

Firewall firmware prior to 6.5.X.X:

Firewall firmware 6.5.X.X and newer:

Step 2: Under System | Administration navigate to Advanced Management and click Configure.

Step 3: Add the GMS IP address (The INTERNAL IP of the Primary GMS Console or All-in-One Internal IP).

Step 4: If GMS is behind a NAT device (i.e, across the WAN), check "GMS Behind NAT Device". Add the External IP of the device upstream of the server.

NOTE: Make sure the nat device has the appropriate access rule and NAT policy allowing UDP 514 to the GMS Agent. The upstream device responsible for the NAT to the GMS server, if a SonicWall NGFW, is referred to as a GMS Gateway.

Step 5: If sending syslogs to one of the distributed agents (rather than the primary Console or All-In-One IP), check the box to "Send Syslog Messages to a Distributed Reporting GMS Server". Add the Internal IP of that destination agent.

Step 6: Log into GMS and navigate to the Firewall Tab. Select Add Unit.

Step 7: Add a Friendly Name, Serial Number, Admin Account and Password, choose SSL for the Management Mode and click OK. Make sure you add the correct port you are using to manage the firewall if different then 443.

Step 8: Select the AGENT IP Address of the Agent that you wish this device to report to. This can later be modified by right-clicking the firewall and selecting "modify agent", but requires a similar change on the firewall.