SonicWall NSM FQDN And IP List

08/17/2020 6 2171

DESCRIPTION:

When a firewall is added manually to NSM (Network Security Manager) the firewall acquisition fails on NSM with ‘Network down or Unit cannot be reached’ error as WAN IP used by  NSM back-end is not the same as the resolved NSM fully qualified domain name (FQDN).

CAUSE:

There is a WAN > WAN rule created on the firewall which allows HTTPS management access to the firewall from NSM. In many cases customer may lock down the access rule to NSM IP only which may prevent firewall acquisition on NSM.

RESOLUTION:

Allow access to following NSM FQDN / IPs based on the CSC location to resolve the firewall acquisition issue.

For Oregon AWS Colo:

• FQDN: nsm-uswest.sonicwall.com (Use it in GMS settings under Administration Page)
• Zero Touch FQDN: nsm-uswest-zt.sonicwall.com (Use it in ZeroTouch Settings under Diag page)
• Added below IPs in WAN Management access from WAN>WAN access rule

                13.227.130.81

13.227.130.63

13.227.130.69

13.227.130.12               

52.39.29.75

44.233.105.101

   44.227.248.206

For AWS-FRA Colo:

• FQDN: nsm-eucentral.sonicwall.com (Use it in GMS settings under Administration Page)
• Zero Touch FQDN: nsm-eucentral-zt.sonicwall.com (Use it in ZeroTouch Settings under Diag page)
• Added below IPs in WAN Management access from WAN>WAN access rule

                13.227.130.70

                13.227.130.69

                13.227.130.15

                13.227.130.92

                18.156.16.24

                18.157.240.148

 3.127.176.56