Switch from the Policy mode to classic mode on Gen 7 appliances
08/11/2022 19 People found this article helpful 312,095 Views
Description
SonicWall firewalls running SonicOSX and SonicOS allows mode switching feature which lets users to move from classic/Global mode to Policy Mode or vice-versa.
With the release of SonicOS 7.0.1, SonciWall Virtual Firewall models NSv 270, NSv 470 and NSv 870 supports both Classic as well as Policy Mode.
When user deploys the firewall for the first time, they get to select between classic and policy mode while registration itself
To switch to a different firewall mode follow below process:
- Login to MySonicWall account and search for the serial Number, Navigate to Product Details and Enable Firewall Mode Switching - Enable the option as shown in picture below:
NOTE: This option allows user to enable firewall mode switching on the Firewall UI between Global/Classic and Policy Mode. Disabling this option will turn off the mode switching feature from the Firewall UI.
Resolution
Changing From Policy to Classic Mode
This section describes how to change from Policy mode (SonicOSX) to Classic mode (SonicOS) on an existing NSv deployment. After this change, all of the current configuration settings will be lost and the NSv will reboot with factory default settings. A warning to this effect is shown in the popup screen when you click the CLASSIC button.
- Navigate to the NETWORK | Firewall | Advanced page.
- On the Settings screen next to Security Services Enforcements, click the CLASSIC button.
- Read the popup notifications.
Click OK to proceed with the mode change or click Cancel to cancel the mode change.
The NSv reboots and comes up in Classic mode.
Log into the NSv using the default credentials, admin / password.
Configure the network settings to allow your NSv to connect to your local network and to the internet for access to MySonicWall and the SonicWall licensing server. For more information, refer to the NSv Series 7.0 Getting Started Guide for your platform (Azure, AWS, VMware, Hyper-V or KVM). The NSv Getting Started guides are available on the SonicWall technical documentation portal at NSv 7.0 Getting Started Guides.
Register the NSv to enable full functionality. The Register Device button is available on the HOME | Dashboard | System pages.
At this point you can manually reconfigure the NSv or import a configuration settings file previously exported from one of the following:
- An NSv running SonicOS 7 (in Classic mode)
- An NSv running SonicOS 6.5.4.v
In case you are running a high-availability setup, then follow below process for the mode switching:
- Disable HA on primary firewall, this will lead to the secondary NSv to be factory default and unregistered state.
- Enable mode switching option by logging into MysonicWALL account and search for the serial Number, Navigate to Product Details and Enable Firewall Mode Switching.
- Log into the primary firewall , then switch the firewall mode to Classic in Network|Firewall|Advanced page, this will lead to the primary NSv to be factory default and unregistered state, register primary NSv to Classic mode.
- Log into the secondary firewall , then register it and select the Classic mode.
- Login into the primary firewall to enable HA(High-Availability) and reconfigure all settings back.
Changing From Classic to Policy Mode
This section describes how to change from Classic mode (SonicOS) to Policy mode (SonicOSX) on an existing NSv deployment. After this change, some of the current configuration settings might not be available in Policy mode. The list of configuration settings that will not be available in policy mode is shown in the popup screen when you click the POLICY button.
The NSv reboots and comes up in Policy mode. You must manually reconfigure any settings that were removed during the mode change. These can include configuration settings involving:
- Access Rules
- App Rules
- Content Filtering Service (CFS)
- Security Services
- App Control
- DPI-SSL
- DPI-SSH
In case you are running a high-availability setup, then follow below process for the mode switching:
- Disable HA on primary firewall, this will lead to the secondary NSv to be factory default and unregistered state.
- Enable mode switching option by logging into MysonicWALL account and search for the serial Number, Navigate to Product Details and Enable Firewall Mode Switching.
- Log into the primary firewall , then switch the firewall mode to policy mode in Network|Firewall|Advanced page, this will lead to the primary NSv to switch classic mode with some settings being migrated while few not being migrated. See below screenshot
Log into the secondary firewall, then register it and select the Policy mode
Login into the primary firewall to enable HA(High-Availability) and reconfigure the missing settings like Security Policy, Decryption Rules and DoS rules.
Related Articles
Categories