HTTPS/SSL Management - required configuration and troubleshooting
03/26/2020 14 16419
This article describes how to send syslogs to a GMS Server over the WAN (HTTPS/SSL management method).
Sending Syslogs to a GMS Server on the WAN.
For this article, we’ll be using the following IP addresses as examples to demonstrate the NAT policy, Access Rule and GMS configuration. You can use these examples to configure the GMS, substituting your IP addresses for the examples shown here:
WAN (X1): 220.127.116.11
GMS Server IP Address: 192.168.20.2
WAN (X1) : 18.104.22.168
In this scenario we will add a remote SonicWall (NSA 240) located on the WAN to a GMS server located behind a SonicWall NSA 2400.
Before beginning the configuration, ensure the following are in place:
- That a valid GMS license is available for the NSA 240.
- That GMS has been installed successfully on a server behind the NSA 2400.
Once the above requirements have been met, follow the configuration process as under:
NSA 2400 Configuration
In this section we illustrate the configuration required in the NSA 2400
Creating Address Objects.
- Login to the SonicWall Management GUI.
- Navigate to the Network | Address Objects page.
- Create the following two Address Objects as per the screenshots (replace IP's and zones as needed).
Create the following Access Rule to allow Syslog traffic from the NSA 240 and NAT Policy to forward it to the GMS Server.
- Access Rule to be created under Firewall | Access Rules| WAN to LAN
- NAT Policy to be created under Network | NAT Policies
NSA 240 Configuration
In this section we illustrate the configuration required in the NSA 240.
- Navigate to the System | Administration page
- Check the box Enable management using GMS under Advanced Management.
- Click on Configure and enter the following information
- Under GMS host Name or IP Address, enter the private IP address of the GMS server.
- Under GMS Syslog Server Port enter 514.
- Enable the check box under GMS behind NAT Device
- Under NAT Device IP Address, enter the public ip address of the NSA 2400
- Select HTTPS under Management Mode.
- Navigate to the Log|Categories page (Log|Settings in 5.9/6.2 firmware).
- Set Logging Level to Informational
- Check the required categories under the Syslog column (5.9/6.2 firmware can import the Default logging template).
- Click on Apply to save.
Login to the GMS server and add the NSA 240 as under:
Do a packet capture on the NSA 240 with the destination IP address as the WAN IP of the NSA 2400 and the destination port as 514. If able to see outgoing traffic, then the settings in the NSA 240 are configured properly.
If unable to see outgoing Syslog traffic, check the following:
- In the System | Administration page of the NSA 240, check whether Enable management using GMS is enabled and GMS host Name or IP Address and NAT Device IP Address are correct. Make sure Server port is 514.
- In the the Log | Categories page (Log | Settings in 5.9/6.2 firmware), make sure the Logging Level is set to Informational.
- Make sure all necessary Syslogs categories are checked (5.9/6.2 firmware can import the Default logging template).
- Make sure there are no Access Rules or Security Services blocking UDP port 514.
If able to see outgoing Syslog traffic in the NSA 240 but the GMS server is not able to synchronize with the units or create reports, check the following:
- Do a packet capture on the NSA 2400 with the source as the WAN ip of the NSA 240.
- Check whether the NSA 2400 is forwarding traffic to the GMS Server.
- Make sure the unit added under GMS has the correct Serial Number, IP Address, Login Name, Password and HTTPS Port number.
- Disable (or add appropriate exception in) Windows Firewall or any other security application which could possibly block Syslog traffic.