Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

SonicWall Analytics - FAQ

05/05/2020 378 People found this article helpful 197,759 Views

    Download
    Print
    Translations
    • Japanese
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    • What is SonicWall Analytics?

    SonicWall Analytics is a new product from for IPFIX / Flow/ Syslog (Analytics 2.5 and above) based reporting for its firewalls.

     

    • Is SonicWall Analytics replacement for the current Analyzer?

    SonicWall On-premise Analytics 2.5 is the replacement for Analyzer. However, as this is a separate product, we need to purchase a separate license for Analytics.

     

    • Will the current Analyzer meet end of life, if so when will that be?

    SonicWALL Analyzer 8.5 reached “End of Support” on the 24.April.2020. Please see the SonicWall product lifecycle page: https://www.sonicwall.com/support/product-lifecycle-tables/sonicwall-analyzer/software/.

     

    • Is there a migration path from existing Analyzer to SonicWall Analytics?

    No, there is no migration path from existing Analyzer to SonicWall Analytics as it’s a completely new product. Also, there is no direct upgrade path from Analyzer to Analytics.

    • Does SonicWall Analytics include syslog-based reporting?

    Yes, SonicWall On-premise Analytics 2.5 and above supports syslog-based reporting.

     

    • How is SonicWall Analytics different from existing Analyzer?

    Please refer the below matrix to understand the key differences:

     

    SonicWall Analytics

    Analyzer

    Reporting

    IPFIX/Syslog(Analytics 2.5 and above) based 

    Syslog-based

    Licensing/Pricing

    Usage-based

    Unit-based

    UI/UX

    Same as CSC-Analytics

    Old GMS UI/UX

     

    • How does the licensing and pricing for on-prem Analytics work?

    SonicWall Analytics provides usage-based licensing/pricing. The licenses apply to a product group/tenant on MySonicWall.  The licenses come with variants - 500GB, 1TB, 5TB, 10TB and Unlimited. For each of these licenses, there is a corresponding daily limit on the data analyzed, please refer below:

    SKU

    Daily limit

    02-SSC-1503 SONICWALL ANALYTICS ON-PREM 500GB STORAGE LICENSE

    2GB

    02-SSC-1526 SONICWALL ANALYTICS ON-PREM 1TB STORAGE LICENSE

    5GB

    02-SSC-1530 SONICWALL ANALYTICS ON-PREM 5TB STORAGE LICENSE

    15GB

    02-SSC-1531 SONICWALL ANALYTICS ON-PREM 10TB STORAGE LICENSE

    30GB

    02-SSC-1532 SONICWALL ANALYTICS ON-PREM UNLIMITED STORAGE LICENSE

    100GB

     

    1. What does ‘Daily limit’ mean?

    It define, how much data you can Analyze on system per day. For ex: On a 500GB license, the max daily limit is 2GB. Once daily limit quota is met, the SonicWall Analytics VM will STOP analyzing data for the day. It will continue next day with fresh limit i.e. 2 GB in this example.

     

    1. Will it stop analyzing data when the Total quota limit (per License) has been met?

    No, On-Prem SonicWall Analytics will keep analyzing the data, however it will keep only the latest Analytics data as per the quota & license and old data will be purged

     

    1. Can the SonicWall Analytics licenses be stacked? To increase the storage capacity?

    Stacking licenses in SonicWall Analytics is NOT SUPPORTED. For ex: If had a 500GB license and later want to expand it to 1.5 TB license, you CANNOT apply 1TB license on top of 500 GB.

    Please refer the sizing guide (check question 9) to get the right sizing for your deployment.

     

    • Which products are supported on SonicWall Analytics for reporting?

    Following firewalls are supported on SonicWall Analytics.

    Entry Level Firewalls

    SOHO-W, TZ Series, NSv 10-100

    Mid Range Firewalls

    NSA 2500-6600, NSa 2650-6650, NSv 200-400

    High-End Firewalls

    SuperMassive 9000, 12K Series, NSa 9250-9650, NSv 800-1600

     

    • What are support platform for SonicWall Analytics?

    SonicWall Analytics currently supported only on Vmware EXSi and Hyper-V.(Analytics version2.5.2518 and above).

     

    • How to size SonicWall Analytics?

    Please refer below sizing guide.

    Image

     

     

     

    • Does external hard disk mount supported for SonicWall Analytics VM?

    To utilize allocate storage as per license, use external hard disk (preferably SSDs) for Analytics deployment. Please refer the following KB for instructions to mount external storage.

    https://www.sonicwall.com/support/knowledge-base/?sol_id=190425200209091

     

    • How SonicWall Analytics integrate and work with CSC?

    SonicWall Analytics can be used in conjunction with CSC, which will help to manage firewall from CSC and generate reports from SonicWall Analytics while storing data locally.

     

    Even though the data is stored/analyzed locally in SonicWall Analytics, user can view Reports or Analytics data in both CSC as well as On-prem SonicWall Analytics.

     

    Note:

    1. The integration DOES NOT allow to configure/view Rules and Notifications from CSC-Analytics and can only be done On-Prem SonicWall Analytics UI.
    2. Zero Touch deployment is NOT supported in SonicWall Analytics hence the unit/s need to be added manually on SonicWall Analytics. Hence the firewall added to CSC using Zero Touch will not get added automatically to SonicWall Analytics and need to be added manually.

     

    Note: Firewall added to CSC using Zero Touch will NOT get added to SonicWall Analytics system as the above options won’t show up. Hence need to be added manually. Please refere to kb https://www.sonicwall.com/support/knowledge-base/?sol_id=190523123417256 

     

    • Can the firewall with CSC Reporting & Analytics licenses be added to Analytics?

    The firewall can be added to SonicWall Analytics but data will be stored locally. In such case firewall need to delete from CSC and added to Analytics first and then again back on CSC with correct storage. Refer ‘Add firewall’ KB for details.

     

    • How to use Full Management and Reporting & Analytics on CSC while using SonicWall Analytics.?

    This requires full management license for firewall and an On-Prem SonicWall Analytics license applied to same Product Group/Tenant under MySonicWall account.

     

          First setup CSC / MSW account and register the firewall in a Product Group/Tenant

          Now enable Analytics2.0 license on the same Product Group where firewall was registered

          Setup and configure the SonicWall Analytics VM as per Startup guide and note down the IP

          License firewall for CSC (Management) and add it to the CSC. Refer KB to add firewall  

     

    • Where Reporting data is stored when integrated with CSC?

    When firewall is added to CSC for Management and to On-Prem Analytics, the data will always be stored locally in On-Prem Analytics system.

     

    • Can we have more than one SonicWall Analytics system under same Tenant?

    Yes, More than one SonicWall Analytics deployments are supported under same Tenant with separate license for each instance. See example below:

    A MySonicWall account have two product groups – PG1 and PG2. In PG 1, there are 3 instances of SonicWall Analytics enabled with different licenses and has 7 firewalls associated.

    Now firewalls FW1, FW2, FW3 are sending flow data to Analytics 1.1, FW4, FW5 sending flow data to Analytics 1.2 and FW 6 sending flow data to Analytics 1.3 respectively while FW7 is NOT sending flow data to any of On-prem SonicWall Analytics VMs. (below is a sample diagram)

     

    Image

    Analytics 1.1 (and 1.2) have 500GB license which means the VMs will analyze a maximum of last 500GB flows data sent from the FWs and if the firewalls send more than 2 GB data for any given day, the SonicWall Analytics will NOT analyze data beyond 2GB (it will drop those flow-logs).

    For analytics 1.1 VM, if the firewalls send a >= 2GB flow data for 250 days, the Analytics will continue to analyze the data until the usage limit (500GB) is hit, and then will only keep last 500GB of analyzed data.

    The star marked firewalls - FW2 and FW4 – have been added using CSC-Integration (Please refer question 11 for steps). It means for FW2 and FW3, the reporting/analytics data can be viewed on On-prem SonicWall Analytics as well on CSC-Analytics.

     

    • How does On-prem SonicWall Analytics gets information about Applications and Websites visited.

    On-prem Analytics analyses flow data sent by firewalls – these logs contain key information such as application, Websites etc. The firewalls must be configured with appropriate settings for it to be able to send appropriate logs to Analytics.

    Please refer SonicWall Knowledge Base Articles to learn about enabling settings such as CFS, DPI-SSL etc.

    https://www.sonicwall.com/support/knowledge-base/?sol_id=190205194634363

    https://www.sonicwall.com/support/knowledge-base/?sol_id=181015225631727

     

    • How to backup IPFIX / Flow reporting data?

    In SonicWall Analytics, you can backup Only System configuration but NOT the IPFIX data as that is stored on External Mount. In such case, please backup External Mount Drive outside Analytics system.

     

    Related Articles

    • Specific syslog IDs are not seen in Analytics reports
    • Upgrading to Analytics 2.5.0.4
    • How to upgrade firmware for a group of firewalls in NSM

    Categories

    • Management and Reporting > On-Prem Analytics

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top