How to configure GMS On-Prem Zero Touch using built-in ZT service?

This article explains about, steps in detail to configure the On-Prem GMS using Zero Touch with GMS AIOP / Console built-in ZT service.

The steps involved are,

• Configuring the GMS Console / AIOP with ZT's public IP address
• MySonicWall association between GMS serial number and Firewall serial number
  
• Enabling ZT on the Firewall
  
• Verify the Acquisition process in the GMS Console / AIOP

Configuring the GMS Console / AIOP with ZT's public IP address:

1. Using a web browser, log into the SGMS or Application interface (https://GMSIPAddress/sgms/auth) of GMS. 

2. In the GUI, navigate to CONSOLE | ZeroTouch | Settings.

3. Specify the domain name pointing to the public IP address of the GMS server (or) the public IP address of the ZT in the GMS Server Public IP field and click on Update.

MySonicWall association between GMS serial number and Firewall serial number:

4. Using a browser, login to the MySonicWall account (www.mysonicwall.com). 

5. Navigate to My Products | Product Management, SonicWall products registered with this account are listed. 

6. Click on the GMS product serial number to visit Service Management page.

7. In the Service Management page, navigate to the bottom of the webpage to see the section Associated Products and click on Managed Nodes. 

8. In the Associated Products page, choose the firewall product (which should be ZT acquired) from the Serial Number dropdown list.

9. Click on Associate to link the firewall serial with the GMS serial. 

10. Navigate to My Products | Product Management, and click on the firewall product serial number that is linked with GMS.

11. In the Service Management page, enable the check box Enable Zero Touch.

12. Enabling the zero touch for the firewall's serial number takes few seconds to complete the process.

13. Once the Zero Touch is enabled, the On-Premise GMS Server Configuration will automatically show up the on-prem GMS AIO / Console server's domain name or public IP. 

Enabling ZT on the Firewall:

14. Login to the SonicWall firewall and navigate to the diag page. (The diag page can be reached by typing in the LAN IP of the SonicWall firewall in the browser, with a /diag.html at the end.
EXAMPLE: https://192.168.168.168/diag.html)

15. Click on INTERNAL SETTINGS.

16. Navigate to ZeroTouch Settings section and enable the checkbox Enable ZeroTouch.

Note: DO NOT Remove or Modify the ZeroTouch Server Address field.    

17. Click on Accept.

Verify the Acquisition process in the GMS Console / AIOP:

18. Login to the SGMS or Application interface of GMS and navigate to Firewall tab and expand the GlobalView (LocalDomain) option to see the automatically added firewall product. 

19. Click on the Firewall and navigate to Manage | System | Status page.

20. After a couple of minutes, the GMS will start synchronizing with the firewall to complete the acquisition process.

Note: The acquisition time usually takes couple of minutes and sometimes even more depending upon the communication between the firewall and GMS) 

21. Once the GMS completes the firewall acquisition, all details about the firewall can be seen in the Manage tab.