NSM acquisition error "Acquisition Failed, Connection to the Firewall failed"

In this article, we explained how to resolve the NSM error "Acquisition Failed, Connection to the Firewall failed" and change the unit status online.

This issue is noticed in NSM while adding few Gen 7 firewalls (Any Gen 7 firewall with Gen 6 firewall settings imported in it).

Reason for the Issue:

The Gen 6 devices don't have SonicOS API, so the settings import from any Gen 6 to Gen 7 devices will disable SonicOS API. This is the cause for the unit acquisition failure with an error as "Acquisition Failed, Connection to the Firewall failed" in NSM.

NOTE: Even though the Gen 7 management UI shows the SonicOS API is enabled, we need to check the actual SonicOS API status in Tech Support Report (TSR).

How to find the SonicOS API is enabled or Disabled?

Download Tech Support Report (TSR) from Gen 7 unit which failed with 403 error. And search for "SonicOS API" and it will show that option is enabled or disabled as below

In this example, it is turned off. This is the reason for the error while acquiring the unit in NSM.

How to enable SonicOS API?

Login to firewall management via CLI using SSH or Console access.

Enable SonicOS API using the below commands

>config terminal
>administration
>sonicos-api
>enable
>commit

Example of the above commands are shown in the below picture

Please verify TSR again to make sure SonicOS API enabled as shown in the below picture

NOTE: Please make sure under SonicOS API, "RFC-7616 HTTP Digest Access authentication" is also enabled as show in the below picture.

Once SonicOS API is successfully enabled, use the "Synchronize Firewall" option in the Action Menu to perform the acquisition again

Now the unit will show online in NSM as below