SonicWall NSv Series FAQ

04/25/2022 96 People found this article helpful 491,379 Views

Description

This article covers some of the basic FAQ'S related to SonicWall NSv.

Resolution

What is SonicWall NSv Series?
NSv Series is SonicWall’s virtualized version of next-generation firewall appliance to provide DPI security and segmentation in virtual environments. SonicOSv running on NSv series offers the same feature functionality and security features of a physical appliance. NSv is based on SonicOS Virtual which is a fully featured 64-bit SonicOS powered by SonicCore. NSv Series has the same security as physical appliance and comparable physical appliance performance.
What are Platforms currently supported?
NSv is currently supported on following Public and Private Cloud Platforms
Private Cloud:
VMware ESXI 5.5 and above, though 6.5 is highly recommended for production usage
Microsoft Hyper-V is supported on Windows Server 2012 and Windows Server 2016
Public Cloud:
Microsoft Azure
Amazon Web Services
What is the EVC and CPU Compatibility?
SonicWall NSv supports ESXI running on relatively modern chipset Intel Penryn and above (2008). If chipset is, too old the install will halt with following message “This system does not support SSE4_1”. Please refer to following link for additional information. https://kb.vmware.com/s/article/1005764.
What are the VMware Network Adapter Type supported by NSv?
SonicWall NSv supports vmxnet3 Adapter Type.
What are the available NSv Models?
NSv Series models are available in following Limited and Unlimited Nodes.

VMware ESXI and Microsoft Hyper-V
Limited Nodes: NSv10, NSv25, NSv50 and NSv100
Unlimited Nodes: NSv200, NSv300, NSv400, NSv800 and NSv1600

Microsoft Azure and Amazon Web Services
Unlimited Nodes: NSv200, NSv400, NSv800 and NSv1600
Limited Nodes: NSv10, NSv25, NSv50 and NSv100

NOTE: Limited Node Models - NSv300 is not offered in Public Cloud (Azure and AWS) .
How does SonicOS calculate nodes?
The supported node count varies by NSv platform. This is the maximum number of nodes/users that can connect to the NSv at any one time, and is displayed on the System Status page in the MONITOR view.

SonicOS calculates node counts as follows:
- Each unique IP address is counted.
- Only flow to the WAN side is counted. WAN includes IPSec VPN
- GVC and SSL VPN connections terminated to the WAN side are counted.
- Internal zone to zone is not counted.
- Guest users are not counted.
  A log event is generated when the node count exceeds the limit.
  
  NOTE: The node counts per each different IP and not the number of VPN tunnel and/or VPN networks, etc. SonicOS counts the node when the traffic is from/to WAN zone. When the traffic is flowing between VPN zone and LAN zone, there is no node count limitations.
What are the supported SonicOSv features?
The SonicWall NSv Series for VMware ESXI has nearly all the features and functionality of a SonicWall NSA hardware appliance running SonicOS 6.5.0.2 firmware. At this time, the following features are not currently enabled in the NSv Series:

Deployment Modes: Tap Mode and Layer2Bridge Mode
Dynamic IP assignment Protocols: PPPoE, PPTP, L2TP
Link Connectivity: Link Aggregation, Port Redundancy
Networking: Advanced Switching, VLAN translation, 3G/4G Connectivity
VOIP: H.323
Wireless : SonicPoint and SonicWave wireless access point functions
IPV6: IPv6 Management and certain other IPv6 features
What is baseline SonicOS Version for NSv?
At launch, SonicOSv running on NSv is baselined off SonicOS 6.5.0.2.
How do I purchase NSv?
Contact SonicWall distributor to purchase SonicWall NSv. You will receive a fulfillment email with Serial Number and authentication code. Register on MySonicWall with Serial Number to download the OVA and deploy it on your ESXI.
Is there a trail license available?
Yes, You can sign up for NSv 200 1 month trial.
How to deploy/Install NSv?
Please refer to Getting Started Guide for step by step instructions.
Can we add/delete interfaces from NSv?
SonicWall does not recommend adding or deleting interfaces in NSv.
Management Interface is not reachable after changing port to 8443
8443 is NSv reserved port for Safemode interface.
Why is the core file drop down list empty?
If an when core file is created, it will appear in drop down list until it is sent to SonicWall Support Services and when files have been uploaded successfully, they are deleted and drop down list will be empty.
How to configure Virtual Interfaces in NSv for ESXI?
Map the NSv Parent Interface for Virtual Interface to port group with VLAN ID 4095 (Trunk Port). ESXI treats port group with VLAN 4095 as Trunk Port. KB Article: https://www.sonicwall.com/en-us/support/knowledge-base/180406130130215.
What is Safemode in NSv?
Safemode is SonicOSv Management Console. When the NSv appliance is in Safemode, the appliance starts with a very limited set of services and features enabled. This is useful when trying to troubleshoot issues. The NSv appliance can also be configured to boot into Safemode by using the Reboot | Shutdown screen.
NOTE: Safemode UI is accessible only on HTTP.
Why does SonicWall NSv boot into safemode?
The NSv appliance will enter Safemode if SonicOS restarts three times unexpectedly within 200 seconds. Please verify if minimum memory is available and allocated based on NSv model.
What should be the next steps if NSv fails during boot up and instead boots into safemode?
Access the URL mentioned for safemode GUI in management console and download the logs. SonicWall Technical Support will use this to investigate the problem.
What are the GMS Version Supported with NSv Series?
GMS 8.4 and above and Capture Cloud 2.0 will be supported with SonicWall NSv Series.
How do I move my NSv instance from one physical ESXI server to another server?
Here is the steps to move NSv instance from one physical ESXI to another.

Download latest configuration file backup from existing NSv instance/MySonicWall Cloud Backup if enabled.
Deploy OVA file on new server.
De-register the NSv instance from System|License on existing server or MySonicWall.
Register NSv instance on new server.Import configuration File Backup.
What is the purpose of de-registration option in SonicOSv?
De‐registration puts the virtual appliance into the unregistered state and deletes the binding between it and its serial number in MySonicWall. Then you can use the serial number to register the same or another NSv instance. You can de‐register your NSv directly from the SonicOS management interface under Manage->Licenses. Note: Only an NSv registered online can be de-registered using SonicOS Management GUI.
Can we register NSv in closed environment?
Yes, registering NSv in closed environment is possible. De-register is not supported in closed environments.
How can I size NSv?
Please refer : DATASHEET LINK
Are NSv model upgrades available?
Yes, NSv model upgrades are available.
How to convert trial license to a production license?
SonicWall NSv instance installed as a 30‐day free trial can be converted easily to a full production licensed NSv instance.
Steps to convert your free trial to a production version:
- Purchase a SonicWall NSv license from a distributor. You will receive a fulfillment email with the new serial number and authentication code.
- Log into SonicOS on your free trial instance.
- Navigate to the Updates | Licenses page in the MANAGE view.
- Under Manage Security Services Online, click the DEREGISTER button.
- Click OK in the confirmation dialog. The virtual firewall returns to the unregistered state.
- Click the Register link in the top banner or on the MONITOR | System > Status page.
- Enter your MySonicWall credentials and then click LOGIN.
- Enter the Serial Number and Authentication Code you received after purchasing your NSv Series instance.
- Click Submit.
- The licensing server acquires the necessary information from the NSv Series appliance and your MySonicWall account. If asked, you can specify a Friendly Name or Product Group for the NSv Series appliance.
- Acknowledge the registration completion notification by clicking Continue. SonicOS automatically restarts and then displays the login page.
- Log into SonicOS.In the MONITOR view, the System > Status page now shows your licensed security services, and the Register link is no longer displayed.
Can I import Settings from Physical appliance to NSv Series?
SonicOSv running on NSv does not support settings import from Physical to Virtual NSv.
Can I use VMware snapshots?
SonicWall recommends that you do not use the VMware snapshots functionality. For more information, refer to the article at https://kb.vmware.com/s/article/1025279.
Does NSv support Capture Client?
At launch, SonicOSv running NSv based off 6.5.0.2 does not support Capture Client. Capture Client support will be available at later date on SonicOSv baselined off 6.5.1.1.
Does NSv support HA Virtual MAC?
At launch, NSv does not support HA Virtual MAC.
What is the default encryption supported in NSv for IPSec Site to Site VPN and why?
NSv uses AES as default encryption in IPSec VPN policies unlike 3DES on Physical appliance. AES encryption is more advanced compared to 3DES.
What are the Platforms and NSv Models supported for BGP?
BGP is enabled by default in all NSv models with latest builds for all supported platforms. VMware: RC481; Hyper-V: RC484; Azure: RC485; AWS: RC489.
Since when Pay-as-you-go option(PAYG) for NSv AWS went Live ?
PAYG for NSv Deployment in AWS went live from 5th July 2019.
How does PAYG works?
Pay-as-you-go platforms, such as Amazon EC2, provide services by allowing users to design compute resources and charges by what is used. Users select the CPU, memory, storage, operating system, security, networking capacity, access controls, and any additional software needed to run their environment.
Do we need to register the NSv AWS in my SonicWall for PAYG option?
Yes. It is recommended to register the serial number of AWS NSv in my SonicWall for the support team to validate the support entitlement and licenses and it doesn't affect the functionality of PAYG option.
Is migration of licenses possible from BYOL to PAYG and vice versa?
No. It is not possible to migrate the licenses since the PAYG deployment comes will the licenses activated.
Is HA supported for NSv AWS?
HA is not supported in NSv deployment in AWS. So, this Section has been removed from the GUI.
Can we have the two different subnets of AWS NSv in different Availability zone?
The subnets associated with the VPC need to be in the same Availability Zone if not they do not show up during configuration.
Does NSv support vMotion?
Yes, NSv does support vMotion. NSv 10/25/50/100/200/300/400/800/1600 instances should be running 6.5.4.4-44v-21-1288 image and above which includes support for vMotion by default. NSv270/470/870 instances need to enable the vMotion option on the diag page. The diag page on NSv270/470/870 can be accessed using URL: https://<MGMT IP of NSv>/sonicui/7/m/mgmt/settings/diag.
For more details, please see https://www.sonicwall.com/support/knowledge-base/how-to-enable-vmotion-support-on-sonicwall-nsv/210923091219500/
Do the Gen6 NSv models run SonicOSX 7.0.0 image?
No. Gen6 models like only run 6.5.4.4-44v based image.
Can I upgrade Gen6 NSv’s to Gen7 NSv models?
With the release SonicOS/X 7.0.1 you upgrade from Gen6 model to Gen7 models using Secure Upgrade program.
Can I operate Gen6 NSv’s on Policy Mode?
No. Gen6 NSv only supports classic mode.
Which models of NSv are available on Gen 7 software?
With the release of 7.0.1-R1282 ,NSv270/470/870 supports SonicOSX in both Classic Mode as well as Policy Mode. Users will get an option initially to select the mode they want to run at the first them the UI is initiated. For subsequent mode changes, there is an option on MysonicWall portal where user can enable the mdoe switching feature and they be able to modify the mode on Firewall UI.
Can I import 6.5 based settings to Gen7 NSv models?
With the release SonicOS/X 7.0.1, NSv supports both Global mode and Policy Mode. Users deploying NSv 270/470/870 in Global/Classic mode can import the Gen6 NSv settings directly. Later then can switch to Policy Mode to carry forward the settings partially. Full settings switchover is not available at the moment between Classic and Policy Mode.
Why is Microsoft Azure marketplace only allowing Gen7 NSv image deployments?
Microsoft Azure only allow the latest image to be displayed and deployed from the marketplace. Follow below KB article to deploy Gen6 image for Azure NSv:

How Do I Deploy An Old Version Of NSv On Azure?
Why is Amazon Web Services(AWS) Azure marketplace only allowing Gen7 NSv image deployments?
AWS Azure only allow the latest image to be displayed on the marketplace. Follow below KB article to deploy Gen6 image for AWS NSv: Deploying Previous Versions Of NSv On AWS.
Does Microsoft Azure support Active/Standby High Availability without using Azure Loadbalancer?
6.5.4.4-44v-21-987 build(and onwards) on Gen6 and 7.0.0-R1036(and onwards) build on Gen7 supports Layer 3 High Availability in Active/Standby Mode.
Does Azure Active/Standby HA solution support settings/configuration synchronizing?
Yes. Azure Active/Standby HA solution supports settings synchronization.
Does Azure Active/Standby HA solution support Stateful synchronization?
The current release does not support stateful synchronization since the failover time is longer in Azure infrastructure.
What are instances and server sizes supported on Azure and AWS Cloud.
Please refer to below KB Supported Public Cloud Servers/Instance Sizes on SonicWall NSv Series Models
Is Availability zone settings supported on NSv Azure cloud deployments?
Yes. It is supported on standalone and HA deployments using ARM templates.
Below is the ARM template link for Standalone Azure NSv deployment
https://github.com/sonicwall-nsv/azure-template/tree/feature/standalone

Below is the ARM template link for High-Availability Azure NSv deployment
https://github.com/sonicwall-nsv/azure-template/tree/feature/HA