This article summarizes a step by step procedure for the installation and set up of analyzer with a SonicWall firewall on Windows Platform.
The Analyzer installation file can be downloaded from your MySonicWall account from the Download Center. Analyzer comes as GMS/Analyzer - Virtual Appliance and GMS/Analyzer Windows distributions (Fig. 1). This article discusses the installation of the Windows version on a Server 2012R2.
Windows Operating System requirements for Analyzer 8.5
Windows Server 2012 Standard 64-bit, Windows server 2012R2 Standard 64-bit, Windows server 2012R2 Data Center, Windows 8.1 64-bit.
Analyzer uses two separate databases for storing the configurations (e.g., MySQL) and storing the reports ( EXAMPLE:Infobright). A major improvement in the newer versions of Analyzer is the use of Postgres SQL for storing the reports. This change is reflected in the two types of installation files available under each software version. EXAMPLE: If you have a previous version of Analyzer (e.g., 8.1) and you want to upgrade to the later version, please download the SW 8.2 GMS/Analyzer Windows or GMS/Analyzer Windows (for version 8.3) file. If you are considering a fresh installation, please download either SW 8.2 GMS/Analyzer RV2 Windows or GMS/Analyzer Postgres Windows(for version 8.3) file. While you are in the Download Center, please consider downloading a copy of the Analyzer Administrator Guide, which provides step-by-step instructions for the installation, configuration and administration. Fig. 1. Downloading the Analyzer installation file.
Double-clicking the installation file will guide you through the installation procedure. Please make sure you have the IP address of the analyzer installation (e.g., Server 2012R2) and the SonicWall Network Appliance. Installations steps are summarized below with screenshots (Fig. 2).
Fig. 2. Installation of Analyzer on a Windows host.
While the installation procedure outlined above is self-explanatory, let us review the following steps in Fig. 2.
Step 5 in Fig 2, The IP address can be obtained from Network Connection Details of the host. It is a good idea to install the analyzer in the subnet as the SonicWall Firewall IP address, EXAMPLE: 192.168.168.0/24 here. If the Analyzer and SonicWall firewall are in different subnets, one has to make sure that they are communicating with each other.
Step 6 in Fig 2, The Analyzer GUI control can be accessed via a web server by typing https://localized:port number or https://IPaddress:portnumber. These web protocols use TCP port 80 (HTTP) and TCP port 443 (HTTPs). If you get an error about the ports "... already being used by another Web Server/Application...", change the default ports to a alternative port numbers (as in Step 7 in Fig 2).
Step 8 in Fig 2, This is a general notice that informs the user about Windows firewall requirements. It is a good idea to create a firewall exclusion for the Analyzer ports in the Windows firewall.
Step 10 in Fig 2, Please note that you have to restart the host after the installation for the required services to start.
First login and Registration
Once the Analyzer is installed, it can be access it via a web browser. Please note for the first time, you will be directed to an HTTP page as in Fig. 3. The default user name is admin and password is password . Once you have registered the installation all subsequent login pages will use HTTPs. One can also access the web GUI by double-clicking the Analyzer Icon. Fig. 3. First time login to Analyzer GUI control.
For registration, the host (computer) must be connected to the Internet so that Analyzer can contact the license server (Fig. 4). One will have to present the credentials for theMySonicWall account (4). If you are using a new installation, the default serial number is analyzer (5). If you already have a license the unit will retrieve the information and the license number. It is a good idea to give a friendly name for the Analyzer. Fig. 4. Analyzer registration.
Initial configuration for the analyzer involves the Role deployment (Fig. 5), where one has to set a MySQLroot password (Step 2 in Fig 5) and designate a database configuration user (Step1 in Fig 5).
NOTE: Analyzer uses the default Syslog port UDP 514 and TCP 3306 for MySQL. During Deployment the Syslog port can be edited but the MySQL port cannot. Fig. 5. Analyzer Role Deployment.
Analyzer uses two types of user accounts- (Step1) and (Step 2) in Fig. 5. Please carefully store passwords after you have updated here. Also notice that the root password setup option is only available during the role deployment
A note about Analyzer GUI views
Analyzer presents two views (Fig. 6) - System Interface View ( 1) and Application Interface View ( 2). They can be accessed by the Switch button on the top right control button area. After the initial setup,most of the user interaction happens in the Application Interface.
Fig. 6. Analyzer GUI views.
Add a SonicWall Network Security Appliance
Please navigate to Firewall tab and click the button with green arrow on the top left ( EXAMPLE: Step1 in Fig. 7). This will bring 5 more controls (Step 2) as listed in the insert of Fig. 7. The first from the left allows one to add a unit.
The Analyzer communicates with the SonicWall Network Security Appliance using HTTPs. Please provide a friendly Unit Name to identify the appliance, its Serial Number, IP address and the admin access information- admin login name, password, and the Management port ( EXAMPLE:443).
Fig. 7. Adding a SonicWall Firewall to the Analyzer.
Provision the SonicWall Network Security Appliance
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
On the firewall, please navigate to Log | Analyzer, (1) select Enable Analyzer Settings and (2) click Save. Next (3) click Add to add the Analyzer information such as the IP address of the Analyzer. Rest of the information may be selected as the default. However, if you have used a different Syslog port, please update it here. Fig. 8. Provisioning a SonicWall Network Security Appliance to send logs to an Analyzer.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Navigate to Manage | Log Settings | Syslog , set the Syslog format to Default.
Under Syslog Servers, click Add.
Now that we have established a communication between the Analyzer and the SonicWall Network Security Appliance, its (Network Security Appliance) syslog will forward the logs to the Analyzer. Please refer to the KB that summarizes the ports used.
Summarize the logs
If you navigate to the Data Usage | Timeline in Firewall tab of the Analyzer there will not be any reports. (Fig. 9). The reasons for this is that although the Analyzer has the logs it has not been Summarized. Please navigate to Console | Reports | Summarizer | Summarizer now.
Fig. 9. A view of the Data Usage | Timeline before Summarization
Enable Syslog Forwarding
Navigate to Firewall | Global View | Real time Viewer | Syslog | Settings and click Enablesyslog forwarding and then Update and Start (Fig. 10). Fig. 10. Enable Syslog Forwarding.
Click on the Syslog again and you will see the logs (Fig. 11).