NSM 3.0 FAQ

Product Lifecycle:

1.  Where can one find the Product Lifecycle info in NSM?
   Answer:
   To check the Product Lifecycle option in NSM, follow these steps:
   1. Log in to NSM.
   2. Navigate to Home > Firewall > Inventory. Check if the Product Lifecycle details are available under the Firewall Expand section.
2. What information is available under Product Lifecycle information?
   Answer:
   The Product Lifecycle tab displays the following details for a firewall:

• Last Order Date
• ARM Begin Date
• LRM Begin Date
• 1-Year LOD (Last Order Date)
• EOS (End of Sale) Date

3.  Where can one enable the alerts for this Product Lifecycle information?
   Answer:To enable alerts for the Product Lifecycle information:
   
   Log in to NSM.
   Navigate to Home > Logs and Alerts > Settings.
   Ensure that the "Product Lifecycle" category is listed under alert settings.

4.  How do these Product Lifecycle alerts work?
   Answer:
   PLC (Product Lifecycle) alerts work by notifying administrators of essential Lifecycle events related to firewalls, such as the End of Sale (EOS) and Last Order Date (LOD). Once enabled, these alerts will notify users when specific Lifecycle events occur or are about to occur, helping administrators manage firewalls' lifecycles more effectively.

Migration Capability

5. What is the NSM Migration Capability?
   Answer:
   The NSM Migration Capability helps administrators migrate firewall configurations between devices, automating the transfer of settings like interfaces, DNS, DHCP, NAT policies, and more between supported firewall models.

6. Which firewalls are supported in the NSM 3.0.0 Migration Capability?
   Answer:
   The following firewall models are supported in the NSM 3.0.0 Migration Capability:
   
   SOHO series (e.g., SOHO250W, SOHO250)
   NSA series (e.g., NSA 2600, NSA 2650)

7. What configurations can be migrated using the NSM 3.0.0 Migration Capability?
   Answer:
   The Migration Capability supports migrating the following configurations:
   
   Interface Settings (VLANs, zones, groups)
   DNS Security Settings
   DHCP Server Settings
   Portshield Settings
   Address Objects (AO/AG)
   Service Objects (SO/SG)
   NAT Policies
   ACL Rules
   Routing Policies
   Site-to-Site VPN Policies

8. What happens if the source firewall has unsupported configurations?
   Answer:
   If unsupported configurations are detected, the Migration Capability will display a summary of the incompatible settings, allowing administrators to review and update them manually after migration.

9. How does the Migration Capability handle the mapping of interfaces between source and target firewalls?
   Answer:
   The Migration Capability offers two options for mapping interfaces:
   
   Auto Mapping: Automatically maps interfaces if the configurations are consistent.
   Manual Mapping: Allows administrators to manually map interfaces for more control over the migration.

10. Does the Migration Capability support multi-tenant environments?
    Answer:
    Yes, the Migration Capability supports multi-tenant environments, allowing commit and deploy operations at the tenant level to ensure migration is applied to the correct tenant.

11. What happens if I try to migrate unsupported or incompatible configurations?
    Answer:
    NSM will display a summary of unsupported configurations, listing settings incompatible with the target firewall so administrators can manually adjust them after migration.

 

 Template Enhancement: Bulk Password change, Time configurations, cloud backup.

12. Is Bulk password change applicable to all the models of devices?
    Answer:
    Yes.

13. Is Bulk password applicable to multiple tenants or all tenants?
    Answer:
    No, Bulk password is only applicable to multiple devices in one tenant.

14. Can we use any other type of variable instead of the cipher type variable to change the password through the template?
    Answer:
    No, we must only use the cipher variable to change the password.

15. Can we configure Time for multiple devices in the same time zone?
    Answer:
    We can configure the same time zone for multiple devices using templates.

16. Can we reapply the same template by changing the variable values in the resolve template variable?
    Answer:
    Yes, we can reapply the template and change the variable values.

17. Can we also use the same template we used for changing the passwords in different features?
    Answer:
    Yes, we can use the same template for different features, although we must delete the previously applied templates from the template details.

18. Does Template Enhancement support NTP server capability on the Firewall?
    Answer:
    Yes, it does support an NTP server.

19. Does the template support scheduled backup?
    Answer:
    Yes, you can find it under Device > Settings> Firmware and Settings.

20. . Do templates support Cloud Backup?
    Answer:
    Yes, we can find it under Device > Settings> Firmware and Settings> Cloud Backup.

 

Change Logs and Change Reports

21. What do change logs mean in NSM?
    Answer:
    Change logs contain configuration changes made locally by the firewall or NSM.

22. Will all the configuration changes be listed in the change logs?
    Answer:
    Supported settings specify configuration changes that can be listed in change logs. These settings will be available as an informational dialog in the change logs screen as an informational dialog

23. Will change logs be supported for all firewalls added in NSM?
    Answer:
    It is supported only for Gen7 and Gen8, but not for Gen6

24. What license type supports change logs?
    Answer:
    Change logs are supported by an Advanced reporting and analytics license.

25. Is a failed configuration change also listed in the change logs?
    Answer:
    Yes, both the successful/failed configuration changes are listed in the log view of the change logs.

26. Do change logs include configuration changes made by other users (say, for ex., local users) other than the admin?
    Answer:
    Yes, Change logs include this data.

27. Can we export the change logs?
    Answer:
    Yes, change logs are exported from both list and log views in CSV format.

28. What are the file formats for data exported from change logs?
    Answer:
    Change logs support the export of data in CSV format.

29. How do we get notified about the changes made to the firewall locally or from NSM?
    Answer:
    NSM has scheduled report support for change logs, where we can schedule reports for daily, weekly, monthly, and custom (say 15 mins to 12 hrs)

30. Can we get the report specific only to change logs made for the firewall locally or from NSM
    Answer:
    Yes, in the report configuration, we can choose to change source as NSM modified changes/locally modified changes/both 

 

Report Template

31. What is a Report Template?
    Answer:
    The Report template lets you create templates for various types of reports, including management, Reporting, Analytics, and Uptime Reports. It can also be used to create scheduled reports.

32. What does the Report Template do?
    Answer:
    The Report template lets you choose from various reports and combine them into a single master report. One can create, edit, and delete report templates. 

33. Can we support approval groups at the all-tenant level?
    Answer:
    The Approval Group feature is only available at the tenant level.
34. Is the all-tenant rule creation available for TSR/EXP backups?
    Answer:
    The “Backups” feature is only available at the tenant level.
35. Can I perform a bulk password change for local users?
    Answer:
    The bulk Password feature is only supported for the “admin” username. It is not supported for local user accounts.
36. Can I make bulk password changes across all tenants?
    Answer:
    Yes, NSM allows the change of passwords for the admin username across all tenants. The template must be created at the “All Tenants” level.
37. Can we generate product life cycle information as a report?
    Answer:
    No
38.  Can I view historical reporting and analytics data after new Gen 7 licenses?
    Answer:
    Historical reporting and analytics license data will not be available after applying for new Gen 7 licenses. Reporting and Analytics will start collecting data when the new license is applied to the firewall.

 

NSM 3.0 On-Prem

39. How can I get to NSM on-prem 3.0?
    • For customers with an existing deployment of NSM on-prem, please upgrade to NSM on-prem 3.0 from NSM 2.6.0 HF1, preferably using a system update. If NSM on-prem is deployed in a closed network environment, please use the upgrade file to get to NSM on-prem 3.0. If you are setting up a new instance of NSM on-prem in your environment, please install it fresh.

 

40. What capabilities does NSM on-prem multi-node deployment have?
    • NSM multi-node deployment provides flexibility in deploying multiple NSM instances and configuring them as a controller and reporting agent role. In a multi-node deployment, firewall configuration is managed from the controller node, and the controller node provides a primary user interface for NSM administration. Additionally, controller nodes can be enabled for reporting and analytics. Reporting agents will collect and process reporting and analytics data from NSM On-prem. The reporting agents' node has a user interface for NSM configurations and troubleshooting. Multi-node deployment is supported for both NSM-deployed open and closed networks.
41. What capabilities does NSM On-prem reporting and analytics provide?
    • NSM on-prem reporting and analytics provide comprehensive network traffic visibility and advanced firewall management capabilities. It also has monitoring, reporting, and analytics capabilities, such as aggregated tenant reports and analytics, productivity reports, advanced custom reports, schedule reports, and real-time monitoring.
42. What do I need to enable reporting and analytics on NSM on-prem?
    1. Before enabling reporting and analytics on NSM on-prem, please ensure the following.
       1. The external disk is attached to the NSM node, collecting reporting data.
       2. Required licenses are provisioned for reporting and analytics
43. Which firewall models are supported for reporting and analytics on NSM on-prem?
    • NSM supports reporting and analytics functionality for all Gen 7 and Gen 8 firewall models. Reporting and analytics are not supported for Gen 6 firewall models.
44. Can I have NSM HA in a multi-node deployment?
    • NSM HA can be deployed in a multi-node mode. HA is formed only between controller nodes, and reporting agents do not have HA functionality. In a multi-node setup of NSM HA, the controller node cannot be enabled for reporting and analytics functionality.
45. Can I enable reporting and analytics functionality when NSM is deployed in HA mode?
    1. To use reporting and analytics on NSM HA, please ensure the following conditions are fulfilled before starting the formation of NSM HA.
       1. NSM is deployed in a multi-node
       2. NSM controller is not enabled for reporting and analytics
46. How can I move from the currently deployed NSM HA to NSM HA with reporting and analytics

1. After upgrading to the NSM 3.0 release, both NSM HA nodes will have the default controller role. Users can log in to NSM HA using the HA virtual IP to enable distributed deployment, reporting, and analytics.
2. Deploy reporting agents and associate them with the controller node using the virtual IP address of the HA.

47. How can existing deployments of NSM on-prem running version 3.0 or above be enabled for reporting and analytics without a distributed deployment?

1. Reporting and analytics data are stored on an external disk, so please associate the external disk with the NSM.
2. Provision required firewall licenses for NSM on-prem reporting and analytics, and then enable reporting and analytics from NSM Administration settings (System -> Settings- > Administration -> Role Configuration)
3. To receive the required firewall logs for reporting and analytics, please go to NSM inventory, edit device settings, and enable reporting. Choose either to auto-assign the reporting agent or the controller as the reporting agent.

48. How can existing on-prem deployments of NSM running version 3.0 or above be enabled for reporting and analytics with a distributed deployment?

1. Enable distributed deployment from System->Settings->Administration -> Role Configuration. Please note that you should not enable reporting and analytics on the NSM controller node if you do not want to process and store reporting and analytics data on it.
2. Provision and license reporting agents, associate external disk with reporting agents, and associate reporting agents with the existing NSM node.
3. Provision required a firewall license for reporting and analytics functionality.
4. To receive the required logs for reporting and analytics from the firewall, please go to the NSM controller firewall inventory page, edit device settings, and enable reporting. You can choose to auto-assign the reporting agent or select the desired agent.

49. Do I need new licenses for NSM on-prem reporting and analytics?

• To view reporting and analytics data from a firewall, you will need a firewall model-specific reporting and analytics license provisioned.

50. Can I continue to use NSM on-prem analytics integration in the 3.0 release?

• Yes, you can continue to use NSM on-prem with analytics integration in the NSM 3.0 release. However, at a time, the firewall can be managed in Analytics or NSM on-prem for reporting and analytics.

51. How many reporting agents can be associated with a single controller?

• We do not have a system-enforced limit on the number of reporting agents associated with a single controller.

52. Can I use the multi-node deployment of NSM just for firewall configuration management?

• Multi-node deployment of NSM on-prem provides flexibility in deploying multiple reporting agents to collect and process log data from firewalls. Firewall configuration is managed from the NSM controller node only, so deploying NSM on-prem in distributed mode for firewall management will not provide additional benefits.

53. Can I store logs in both the controller and reporting agent nodes?

• Reporting data can be stored on both the controller and the reporting agent nodes.

54. Can I use NSM on-prem reporting and analytics functionality in closed network mode?

• Yes, reporting and analytics are supported in closed network environments.

55. Does NSM on-prem support the backup of reporting data?

• NSM on-prem does not support report data backup. However, as report data is stored on an externally mounted disk, we recommend that the user make a provision to back up the external disk using tools available for the hypervisor.

56. I have configured the firewall to send reporting data to the controller. Can I modify the NSM configuration to send reporting data to the reporting agent?

•  It is possible to update the NSM configuration to send reporting data to another NSM node. Updating this configuration will not cause data loss.

57. How can I move from GMS to NSM on-prem 3.0?

• Transitioning from GMS to NSM on-prem can be achieved using a simple workflow in the GMS 9.5 release and NSM on-prem 3.0. This workflow supports the transition of firewalls, users, tenants, and schedule reports from GMS to NSM. Also, NSM on-prem will support the ability to view

58. How does the NSM on-prem 3.0 release compare with the features and functionality of GMS?

• NSM on-prem has an advanced microservice architecture and offers advanced firewall management capabilities that align with modern security practices. NSM offers all capabilities available in GMS. Please get in touch with your sales representative to gain a comprehensive understanding of this topic.

59. How do NSM on-prem capabilities compare with NSM SaaS?

• NSM on-prem offers all features and functionality in NSM SaaS for firewall management, monitoring, reporting, and analytics.

Licensing

60. How is add-on reporting co-termed, and how is the new end date calculated?

• When additional licenses or services are purchased as add-ons, they are co-termed with the primary license. The new expiration date is calculated based on a prorated adjustment of the add-on's duration, aligning with the existing license term to ensure a seamless renewal process.

61. Can MPSS (Managed Protection Subscription Service) be used with NSM On-Prem?

• No, MPSS is designed exclusively for NSM (Network Security Manager) SaaS use.
  Here’s how the scenarios work:

• NSM On-Prem:
  • If you are using an on-premises NSM deployment, the MPSS SKU cannot be applied.
  • To use MPSS, you must transition to NSM SaaS. Once on SaaS, you can implement MPSS and make any necessary adjustments to your configuration.
• NSM SaaS:
  • It fully supports MPSS integration, allowing you to maximize the benefits of the service.

62. What are the changes to GEN7 Licenses for NSM SaaS?
    
    1. NSM SaaS will offer four new tiers of Advanced Reporting and Analytics Licenses. They are 7 days, 30 days, 90 days, and 365 days of NSM Advanced Reporting and Analytics.
    2. Device Management is included with NSM Advanced Licenses for all tiers
    3. NSM Essential as an à la carte license will no longer be available for purchase.  Included with the Firewall EPSS bundle.

63. What changes are coming to Firewall bundles? Which Firewall bundles will include NSM SaaS?

The following table outlines the changes to the firewall bundles. You must purchase the new firewall bundle SKUs for management, reporting, and analytics.

64.  What are the Add-On options for NSM SaaS?

The following table outlines the add-on options:

 

65. Can I see a comparison between the old and the new NSM licenses?

 

66. How will existing Gen 7 customers transition to the new licensing?
    Activating or renewing with any new firewall license key will transition the customer’s Gen 7 firewall to the new 3.0 licensing model. The associated services will be renewed according to the new key, and any remaining service time from the previous license will be carried over and added to the new term—just as it currently works when a customer renews their firewall bundle or service.
    The table below captures high-level expected behavior.
    

    Current Service	New license post transition
    Firewall with a security bundle  (e.g. TPSS, EPSS, APSS)	TPSS, EPSS Firewalls - SonicWall is gradually rolling out NSM Management licensing (excluding reporting) to these firewalls. This rollout process may take up to 60 days from May 1st.   Action required: Customers will have to manually switch the firewall management to 'Cloud' to start using this NSM Management. Learn how to here.  APSS Firewalls – These firewalls already have NSM Management and Reporting included and are not part of the gradual roll out.   Note: Any firewall using the old licensing model will automatically transition to the new licensing if a renewal key is applied prior to the gradual rollout mentioned above.
    Firewall with a security bundle + NSM Essential or Advanced	When a renewal key is applied, the firewall will transition to the new security bundle with services included in the bundle and the remaining value of old NSM added under reporting.  e.g. Old EPSS will convert to new EPSS with NSM Management and 7 days of  Basic Reporting (NSM SaaS only). Old APSS will convert to new APSS with NSM Management and 7 days of Advanced Reporting. NSM Advanced will co-term and upgrade the reporting to 365 days of Advanced Reporting.
    Firewall with NSM only and no security bundle	When a renewal key is applied, it will transition to the new licensing with NSM Management and remaining value of old NSM added under reporting.   - e.g. NSM Advanced will convert to 365 days of Advanced Reporting.
    Firewall with Active Support only (No other security bundle or NSM)	SonicWall is gradually rolling out NSM Management licensing (excluding reporting) to these firewalls. The rollout process may take up to 60 days from May 1st.   Action required: Customers will have to manually switch the firewall management to 'Cloud' to start using this service. Learn how to here.
    Firewall with no service or support	No change will occur until a new key is applied to the firewall.

    
    
    

 

67. I have a Firewall with an NSM Essential License that will expire in one year.  Can I upgrade my firewall to the new NSM Advanced license tiers?
    You can apply the new NSM Advanced License SKU to an existing firewall with an NSM Essential License.

68. What happens to the remaining term of the NSM Essential license?

• A multiplier calculates the remaining value of the existing NSM Essential license, which is then applied to the new NSM Advanced license.

69. I have a Firewall with an NSM Advanced License. Can I downgrade the NSM Advanced license to a lower tier?
    You can downgrade to a lower tier of the NSM Advanced license.

70. What happens if my NSM Essential or Advanced subscription expires? Can I still upgrade NSM features?
    If your NSM Essential or Advanced subscription expires, you must either purchase Coterm or renew your EPSS or APSS (even if it's already licensed) to regain access to upgrade NSM features. This is the only way to enable feature upgrades once the subscription has lapsed.
71. How is the new licensing different from the old licensing bundles?

• The new licensing bundles are modular and tailored, offering enhanced flexibility and scalability. Unlike the old licensing, customers can choose specific features and services using the system's more rigid bundles.

72. Are SaaS and On-Prem reporting SKUs the same?

• No, SaaS and On-Prem reporting SKUs are different. Customers must purchase the correct SKU based on their deployment model.

73. What happens if reporting is active on On-Prem FW and the customer moves to SaaS?

• The reporting duration will not automatically be transferred from On-Prem to SaaS. Customers must request this adjustment via a Customer Support (CS) case.

74. What happens if the customer transitions to the new licensing and tries to apply an old key?

• Once transitioned to the new licensing, customers cannot renew or apply old keys.

75. Does activating a new add-on, Advanced Reporting and Analytics SKU, convert the license to the new licensing model?
    No, activating an add-on SKU alone does not convert to the new licensing. Customers must first purchase a base security bundle or support bundle, along with any add-on Advanced Reporting and Analytics, to get the new licensing.

 

NSM On-Prem Licensing

76. I am a new Partner. I want NSM On-Prem with management, reporting, and analytics. What do I need to purchase?

• Purchase the NSM 5-node Base license.
• Purchase the NSM On-Prem Advanced reporting and analytics license for each firewall model.
• For each firewall model, you will enable a reporting and analytics license; one node license is given at no additional cost.

77. What are the changes to GEN7 Licenses for NSM On-Prem?

• NSM On-Prem will offer two new tiers of Reporting and Analytics Licenses. There are 7 days and 365 days of NSM Reporting and Analytics.
• Device Management is included with Reporting and Analytics licenses for all tiers.
• There is no basic reporting for NSM On-Prem.
• The Reporting and Analytics license for NSM On-Prem is applied per the FW model level.

78. I am a current NSM On-prem customer with firewall management only. Can I upgrade my NSM installation with Management, Reporting, and Analytics?

• Yes. You must purchase each firewall's NSM Reporting and Analytics SKUs using their model.
• You will receive one node license for each firewall model at no additional cost, enabling reporting and analytics.

79. What changes are coming to Firewall bundles? Which Firewall bundles will include NSM On-Prem?

The following table outlines the changes to the firewall bundles. You must purchase the new firewall bundle SKUs for management, reporting, and analytics.

80.  What are the Add-On options for NSM On-Prem?

The following table outlines the add-on options:

81. I want to deploy NSM On-Prem in a distributed architecture. Do I need to purchase a license for each agent I deploy?

• No. Purchase the NSM 5-node Base license.
• Purchase the NSM On-Prem Advanced reporting and analytics license for each firewall model.
• You only need to purchase an NSM On-Prem license for the firewall model under NSM management.
• The management license is given for each firewall model at no additional cost.

82. I already have NSM On-Prem deployed. I want to enable it for reporting and analytics.

• Purchase the NSM On-Prem Advanced reporting and analytics license for each firewall model.

83. Are SaaS and On-Prem reporting SKUs the same?
    • No, SaaS and On-Prem reporting SKUs are different. You must purchase the correct SKU based on your deployment model.
84. Can I get analytics from next-generation firewall devices in on-prem analytics, including TZ80, NSa 2800, and NSa 3800? 

• Yes

85. I have purchased a firewall bundle (EPSS or APSS) and haven’t registered the firewall in MySonicWall yet. Will I get new NSM licensing when I register?

• Yes, new NSM licensing will be applied to firewalls with the EPSS or APSS bundle.