How can I provision and add units in Cloud GMS?
12/20/2019 226 14883
This article provides an overview of adding SonicWall units into Cloud GMS. All SonicWall appliances must be provisioned before adding them to the SonicWall Cloud GMS. Make sure the provisioned SonicWall appliances have a valid Cloud GMS license, one for each SonicWall appliance.
Before you begin:
- Before you begin, you must have a MySonicWall account. Sign up for one at: https://www.MySonicWall.com/user/registration.aspx.
- Your MySonicWall account must be a partner account to register for a Cloud GMS tenant. To become a SonicWall partner, register at https://www.sonicwall.com/partners/.
Adding new SonicWall appliances to Cloud GMS:
- Log in to https://Cloud.SonicWall.com.
- Select the Tenant/Group to which the products are added and Click Management Tile.
- Click the Expand icon on the left panel which will give you the options to add/ modify the units.
- Click Add icon to add a new unit to CSC.
- Enter a name for the firewall unit, serial number of the firewall, IP address to manage the firewall, Admin login credentials and HTTPS management port number and click OK.
NOTE: Once the unit is added to CSC portal, CGMS server will attempt to acquire the unit. It will establish a VPN tunnel between the firewall unit and CGMS server gateways for the flows to be sent to the server.
Provisioning your appliance for managing on Cloud GMS:
To provision a SonicWall firewall appliance to support Cloud GMS, complete the following steps:
- Login to the appliance interface.
- For appliances running 6.2 and earlier navigate to System | Management. For appliances running 6.5 and later navigate to Manage | Appliance | Base Settings and click Enable Management Using. Select GMS in the drop-down.
- In the Management Method section, specify the following entries and click OK:
- GMS Hostname or IPAddress fields: cloudgms.sonicwall.com (For AMERICAS Colo), cloudgmsams.sonicwall.com (for AMS Colo).
- GMS Syslog Server Port (use default): 514.
- Under Miscellaneous, click Send Heartbeat Status Messages Only.
- Management Mode: HTTPS.
Allowing access to your appliance from Cloud GMS:
- By default, enabling GMS management on the SonicWall appliance will create an inbound NAT policy and access rule so that traffic from Cloud GMS can reach the firewall. In some cases there is an upstream stream (north facing) router or firewall above the SonicWall firewall that will have to allow Cloud GMS traffic through. Add a Rule to Allow Inbound HTTPS traffic on your NAT Device to allow access from Cloud GMS to the WAN interface of your SonicWall managed appliance.
NOTE: This is critical to manage the appliance from the Cloud GMS application. Without this, the appliance will not be acquired, it will appear Unprovisioned (yellow icon) and the following error will be displayed in the Status screen of the Cloud GMS UI (at the unit level).
Configuring your appliance for flow-based reporting
- Your appliance is already under management using the steps outlined in the previous sections. Make sure you also:
- Added new SonicWall appliances to Cloud GMS or added existing (registered) SonicWall appliances to Cloud GMS.
- Provisioned your appliance for management on Cloud GMS.
- Allowed access to your appliance from Cloud GMS.
- Your appliance in an acquired state – Firewall status is Up.
- Supported firmware version on firewall for visualization is Gen 6 or higher.
- Appliance is licensed for visualization.
- After the unit has been acquired, flow reporting is configured automatically. During this process, you might need to reboot the firewall.