NSM 4.0 - Configuration Auditor

Description

While firewalls serve as the primary line of defense, their presence alone does not guarantee security. Effectiveness is entirely dependent on precise configuration and the consistent application of security hardening.

Relying solely on manual oversight is increasingly high-risk; in large-scale environments, the complexity of managing multiple firewalls significantly escalates the probability of human-induced misconfigurations.

NSM 4.0 comes with a new “Configuration Auditor” feature, among other features and enhancements in this major release.

Configuration Auditor” is a feature which allow NSM administrators to run a firewall configuration health assessment report for a single or group of firewalls

The “Configuration Auditor” report is generated through creating and applying a read-only configuration auditor template to a single or group of firewalls and get a structured on-demand or scheduled report with scorecard.

With “Configuration Auditor” feature, the NSM evaluates the SonicWall firewall configuration against SonicWall’s Cysurance-aligned best practice standards, this provides visibility into misconfigurations, risk areas, and immediate security posture.

Feature Availability:
Following table represents the feature availability details for SonicWall firewalls

Criteria

Availability

NSM release

NSM SaaS 4.0 & NSM On-Prem 4.0

Supported SonicWall Firewalls Generations

Gen7, Gen8

(NSv in policy mode and NSSP15700 are not supported)

SonicOS Versions

All

Supported firewall subscriptions

APSS

The “Configuration Auditor” is available for the APSS licensed firewalls, allowing organizations for a self-service check to compare the firewalls configurations settings against the recommended best practices.

For organizations requiring managed security services, the MPSS subscription unlocks managed configuration health checks conducted by the SonicWall Managed Security Services (MSS) team. The MSS-generated report provides a more comprehensive set of security checks than the self-service Configuration Auditor report.

Report Grading:
The generated Configuration Auditor report provides for four scoring levels based on the passed configuration checks percentage against the configuration checks list.

Configuration Check Pass %

Firewall Security Posture

100%

Protected (Green)

50%–99%

Partially Protected (Amber)

1%–49%

Limited Protection (Orange)

0%

Needs Immediate Attention (Red)

 

Resolution

Steps for Generating a Configuration Auditor Report:

  1. Start by accessing SonicWall Unified Platform “https://platform.sonicwall.com” and login using your credentials
  2. Select the tenant from the tenant’s scope selector and access NSM through clicking on the firewalls management icon
  3. Navigate to templates, create a new template with configuration auditor option selected

    Note:  The configuration auditor template is a read-only template with pre-defined settings, used for the configuration auditor report configuration checks
  4. Navigate to Reports | Rules, create a new report, select the Configuration Auditor Report option and click on next
  5. Assign the report a name, select the created Configuration Auditor Template, and select the Configuration Auditor Reports checkbox then click on next
  6. Select the target firewalls from the list and click on next
  7. Select Scheduled or On-Demand option and click on next
    1. The scheduled option allows for reports auto generation for a single or group of firewalls based on the selected schedule cadence
    2. The on-demand option is for manual report generation for a single or group of firewalls
      The schedule option was selected here, the report will be auto generated for the selected target firewall/firewalls in the allocated schedule times
  8. For the manual report generation, there are two options
    Option-1: Select the “on demand” option in the report wizard, locate the new created report in the list, click on actions menu, and select “Generate Report Now”


    Option-2: Navigate to previously created configuration auditor template, click on actions menu, and select Perform Configuration Auditor.
    Note: With this option there is no need to create a configuration auditor report, as the report is immediately generated through selecting the “Perform Configuration Auditor”

    Select the target firewalls from the list and click on Apply

    The reports are generated now, click on the Get Reports for downloading the generated reports
  9. For accessing the reports generated through the report rules (scheduled or on-demand), navigate to Reports à Saved Reports, locate the generated report file, and click on the actions menu to download the report file

  10.  The report will show an executive summary and detailed analysis of the failed and passed checks




                     

                     

                     

                    Related Articles

                    • NSM On-Prem Reporting Server configuration
                      Read More
                    • NSM On-Prem: How to collect System Logs
                      Read More
                    • How to Set On-Prem NSM to Safemode - for version 3.2.0 and later
                      Read More

                    Categories

                    Management and Reporting
                    Network Security Manager
                    not finding your answers?
                    Ask the Community
                    Chat