On-premise Analytics 2.0 - FAQs
03/26/2020 
97 
5844
DESCRIPTION:
Frequently Asked Questions on On-Premise Analytics
RESOLUTION:
1. How is Analytics 2.0 different from existing Analyzer?
Please refer the below matrix to understand the key differences:
2. Will the current Analyzer meet end of life, if so when will that be?
Yes, the current Analyzer will meet EOL by Q2’ 2019 as per the roadmap (subject to change).
3. Is there a migration path from existing Analyzer to Analytics 2.0?
No, there is no migration path from existing Analyzer 1.0 to Analytics 2.0
- You can cannot migrate license from Analyzer 1.0 to Analytics 2.0
- The reporting data of Analyzer 1.0 cannot be migrated to Analytics 2.0
4. Which version of On-prem Analytics include syslog-based reporting?
The next version of On-prem Analytics (v2.5 – GA in Q2, 2019) will support syslog-based reporting.
5. How does the licensing and pricing for on-prem Analytics work?
Analytics 2.0 supports usage-based licensing/pricing. The licenses apply to a product group/tenant on MySonicWall. The licenses come with variants - 500GB, 1TB, 5TB, 10TB and Unlimited. For each of these licenses, there is a corresponding daily limit on the data analyzed, please refer below:
a. What does daily limit mean?
Say, you have taken a 500GB license, your daily limit is 2GB. Your on-prem Analytics VM will stop analyzing data after the daily limit of 2GB is hit.
b. Say, I have taken 500GB annual license, will the Analytics stop analyzing data when the total data analyzed crosses 500GB?
Your On-prem Analytics will keep analyzing the data, however it will keep only the last 500GB of Analytics data. The same applies to other usage-based licenses.
c. Can I stack licenses, say I have taken 500GB license today, however after some time I realize that I would rather need 1.5 TB license, can I stack a 1TB license on existing 500GB license?
We don’t support stacking of licenses in Analytics 2.0. We suggest you refer the sizing guide (check question 7) to get the right sizing for your deployment.
d. Is there a trial version of On-premise Analytics 2.0?
Analytics 2.0 does not have a trial version. However, you can refer SonicWall Live demo site for a quick look.
6. Which all products that On-premise Analytics support. Apart from firewalls, does it support Email Security (ES), Secure Mobile Access (SMA) as well.
On-prem Analytics supports only firewalls.
7. How do I size On-prem Analytics, for-example, how do I know how much data will be generated by my firewalls and what should be the server configuration of On-premise Analytics to handle the data generated?
Please refer the below sizing guide.
8. What does CSC-Integration with On-premise Analytics 2.0 mean?
On-prem Analytics can be used in conjunction with CSC to perform management functions from CSC and Analytics/Reporting from On-prem Analytics.
Even though the data is stored/analyzed in the On-prem Analytics, you can view or analyze the data from both CSC as well as On-prem Analytics.
NOTE:
1. With the first release of On-prem Analytics, the integration does not allow you to configure/view Rules and Notifications from CSC-Analytics. However, you can always perform both these actions on the On-prem Analytics.
2. For CSC-Integration with On-prem Analytics, Zero Touch deployment is not supported in Analytics 2.0. You can add units only manually.
Depending on how the firewall is added to On-prem Analytics makes the difference between with CSC-Integration and without CSC-Integration implementation
CSC-Integration means you are interested in CSC-Mgmt. and would like to store/analyze data on-prem. When you add a firewall in CSC-Mgmt. and choose the log storage as On-prem, the CSC will add the firewall on On-prem Analytics automatically.
There are some pre-requisites to using CSC-integration with On-prem Analytics for a firewall:
a. Product Group (Tenant) should have the On-prem analytics license enabled and On-prem Analytics VM should be running (You should note down the IP of the VM). Please make sure that Analytics VM is reachable from CSC and Firewalls.
b. Firewall should have a Management. license
a. You can purchase CSC-Mgmt. license for your firewall.
OR
b. Get a trial Mgmt. & Reporting license (validity: 1 month)
c. Firewall should have App Visualization license (if you have CGSS/AGSS package, then it is already included)
Adding a firewall on on-Prem Analytics (with CSC-Integration)
When you add the firewall manually on CSC, you are presented with the below Add Unit Menu.
In the Reporting, Analytics and Visualization section, you choose the entity which will store the flow logs sent by the firewall.
1) Cloud Infrastructure: It means you want the flow data to be stored on CSC and you are not looking to store logs on the On-prem analytics instance.
2) SonicWall Analytics OnPrem: It means you want the flow data to be stored on the On-prem. This is the option that you will need to choose for CSC-Integration with On-prem Analytics.
Once you are finished with filling the Add Unit form, CSC will automatically add the unit on your On-Prem analytics VM, you can login to it and verify.
3) None: It means you are not interested in Reporting/Analytics. Customers that opt for only CSC-Mgmt. will use this option.
9. I want to try full management from CSC and reporting & analytics using Analytics 2.0. How can I do that?
You will need to purchase full management license for your firewall and have an on-prem analytics license applied to a product group/tenant in your MysonicWall account.
While registering the firewall, you will need to add the firewall in the product group/tenant that has on-prem Analytics license enabled.
You can have multiple On-prem Analytics licenses within a product group - Let’s understand this with the help of example diagram (see below, diagram is only for illustration purposes):
A MySonicWall account can have multiple product groups, in this case there are product groups – Pg1, Pg2, etc. In the product group 1, we have three instances of on-prem analytics with different licenses (corresponds to three different installed VMs of On-prem Analytics).
The same product group also has 7 firewalls associated with it such that firewalls FW1, FW2, FW3 are sending flow logs to Analytics 1.1, FW4, FW5 to Analytics 1.2 and FW 6 to Analytics 1.3, while FW7 is not sending flow logs to any of On-prem Analytics VMs.
Analytics 1.1 (and 1.2) have 500GB license which means the VMs will analyze a maximum of last 500GB flows logs sent from the Firewalls. On any day, if the firewalls send more than 2 GB, the Analytics will not analyze any data sent beyond 2GB (it will drop those flow-logs).
Say, for analytics 1.1 the firewalls send a total 2GB flow logs for 250 days such that the usage limit (500GB) is hit, the Analytics will continue to analyze the data, however it will only keep last 500GB of analyzed data.
The star marked firewalls - FW2 and FW4 – have been added using CSC-Integration (Please refer question 8 for steps). It means for FW2 and FW3, the reporting/analytics data can be viewed from On-prem Analytics as well CSC-Analytics.
10. How can I mount external hard disk to On-prem Analytics
On installing On-prem Analytics, the virtual machine would keep about 20GB for OS and about 40GB for analyzed data within the VM itself. For trial purposes, you can choose to use just the VM without having to deploy an external storage mount.
For production deployment, you will need to attach an external storage mount preferably SSDs. The 40GB space in VM will not be utilized to store analyzed data – it will be used cache analyzed data instead.
Given below are the steps to adding an external storage mount to your Analytics deployment (for VMware ESXi)
A. After OVF template is deployed (power off the VM in case its power on), right click the VM and select Edit settings
B. In the Edit Settings screen, click on “ADD NEW DEVICE” and select Hard Disk from the drop-down list
C. Add a 500 GB (as an example) Hard Disk for Logs Storage and click OK
D. Power on the VM and launch the Console. Management Console (Orange interface) will be opened.
a. Select Add storage
b. Select Yes for encryption of the entire disk
c. Enter a key and select Confirm (IMPORTANT: Make sure to note down the key for any future need)
d. Started disk encryption. Once done click Enter.
E. To finish the mount, click Enter to start the reboot. Enter the key.
F. The system will be rebooted. Once rebooted external mount is available for usage.
11. How does On-prem Analytics get information about Applications and Websites visited.
On-prem Analytics analysis flow logs sent by firewalls – these logs contain key information such as application, websites etc. The firewalls must be configured with appropriate settings for it to be able to send appropriate logs to Analytics. Please refer SonicWall Knowledge Base Articles to learn about enabling settings such as CFS, DPI-SSL etc. required to view application names, websites, spyware, botnets, virus, intrusions on Analytics dashboard.
12. What other platforms does On-prem Analytics 2.0 support.
First release of Analytics 2.0 will support VMware ESXi, however the subsequent releases will support other platforms such as Hyper-V etc.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
