-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Troubleshooting steps when migrating from Cloud GMS 1.0 to Capture Security Center (2.0)
12/20/2019 
6 People found this article helpful
504,244 Views
Description
Issue Summary: Firewall was Unreachable
As part of the Migration from Cloud 1.0 to CSC, one or more Firewalls did not complete deletions as expected, because the Firewall was Unreachable.
Owner: Tenant Admin or User
Symptom
In the event this error is communicated as part of the migration, please refer to the solution part for potential solutions on the problem.
Workaround
Please refer to "Solution".
Solution
Ensure the Firewall is accessible from Cloud GMS 2.0, where the management request comes from cloudgms.sonicwall. com (COLO: North America) and cloudgmsams.sonicwall.com (COLO: Europe) Verify the IP, Port configured for management is up to date. Verify the Rule to allow management access from GMS to Firewall has been added and enabled. Refer to the reasons described in the message and lookup the solutions below to resolve them. Once the issues have been resolved, perform the following synchronize operation from the Policies | System | Tools screen. "Synchronize with MySonicWall" action. "Synchronize Now" action.
Note: This action could take a few hours to complete.
Issue Summary: Failed to import policy config
Failed to import policy configuration across database tables. Some of the table data may have not been imported properly from the table name specified int the error.
Owner: Tenant Admin or User
Symptom
For the Modules/Screen(s) that correspond the table(s) that reported this error, the data displayed may be incomplete. Rows may be missing, or not data found may be shown for Units within the Tenancy.
Workaround
Please refer to "Solution".
Solution
Perform a "Synchronize Now" action from the Policies | System | Tools screen, for all units under the Tenancy. This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: Firewall migration failed, Unit already exists.
Firewall migration fails when the Unit is already present in Cloud. This typically happens when a unit that was previously in Cloud 1.0, has been manually migrated to CSC under a new Tenancy created for the same account but the unit was not deleted from the Cloud 1.0.
Owner: Tenant Admin or User
Symptom
The unit will not appear under the migrated Tenancy, under the list of Firewalls ported over.
Workaround
Please refer to "Solution".
Solution
Locate the unit under the Cloud 2.0 tenancy registered to the customer. If you decide to move it to the newly migrated tenancy, delete the unit from the current tenancy and add it to the new one, manually.
Issue Summary: Access rule deletion VPN to LAN failed on Firewall
Deletion of the rule on the Firewall has failed. Details of the rule are present in the message. This may occur when multiple users (migration tools) are logging in to perform the action at the same time and not all manage to get the "Config" privilege at the same time.
Owner: Tenant Admin or User
Symptom
Rule that is captured in the error message continue to exist on the Firewall long after the migration has completed. As a result, the Firewall will not complete acquisition for reporting data, even thought the management acquisition has completed.
Workaround
Please refer to "Solution".
Solution
Login to the Firewall and go to Manage | Policies | Rules | Access Rules screen. Select the rule(s) that failed.
Click the Delete button, to perform deletion.
Perform a "Synchronize Now" action from the Policies | System | Tools screen.
This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: Access rule deletion LAN to VPN failed on Firewall
Deletion of the rule on the Firewall has failed. Details of the rule are present in the message. This may occur when multiple users (migration tools) are logging in to perform the action at the same time and not all manage to get the "Config" privilege at the same time.
Owner: Tenant Admin or User
Symptom
Rule that is captured in the error message continue to exist on the Firewall long after the migration has completed. As a result, the Firewall will not complete acquisition for reporting data, even thought the management acquisition has completed.
Workaround
Please refer to "Solution".
Solution
Login to the Firewall and go to Manage | Policies | Rules | Access Rules screen. Select the rule(s) that failed.
LAN to VPN ("GMSFlow-*" to "GMSServer-*")
Hit the Delete button, to perform deletion.
Perform a "Synchronize Now" action from the Policies | System | Tools screen.
This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: VPN Tunnel deletion failed on Firewall
Deletion of the VPN tunnel on the Firewall has failed. Details of the tunnel are present in the message. This may occur when multiple users (migration tools) are logging in to perform the action at the same time and not all manage to get the "Config" privilege at the same time.
Owner: Tenant Admin or User
Symptom
VPN Tunnel that is captured in the error message continue to exist on the Firewall long after the migration has completed. As a result, the Firewall will not complete acquisition for reporting data, even thought the management acquisition has completed.
Workaround
Please refer to "Solution".
Solution
Login to the Firewall and go to Manage | Connectivity | VPN | Base Settings screen. Select the tunnel(s) that failed.
VPN Tunnel "SGMS-*"
Click the Delete button, to perform deletion.
Perform a "Synchronize Now" action from the Policies | System | Tools screen.
This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: Service Group GMSFlows deletion failed on Firewall
Deletion of the Service Group "GMSFlows" on the Firewall has failed. This may occur when multiple users (migration tools) are logging in to perform the action at the same time and not all manage to get the "Config" privilege at the same time.
Owner: Tenant Admin or User
Symptom
Service Group "GMSFlows" continue to exist on the Firewall long after the migration has completed. As a result, the Firewall will not complete acquisition for reporting data, even thought the management acquisition has completed.
Workaround
Please refer to "Solution".
Solution
Login to the Firewall and go to Manage | Policies | Objects | Service Objects screen. Select the service group that failed.
Click the Delete button, to perform deletion.
Perform a "Synchronize Now" action from the Policies | System | Tools screen.
This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: Service GMSFlow-9060 (2055) deletion failed on Firewall
Deletion of the Service Object "GMSFlow-9060" or "GMSFlow-2055" on the Firewall has failed. This may occur when multiple users (migration tools) are logging in to perform the action at the same time and not all manage to get the "Config" privilege at the same time.
Owner: Tenant Admin or User
Symptom
Service Object "GMSFlow-9060" or "GMSFlow-2055" continue to exist on the Firewall long after the migration has completed. As a result, the Firewall will not complete acquisition for reporting data, even thought the management acquisition has completed.
Workaround
Please refer to "Solution".
Solution
Login to the Firewall and go to Manage | Policies | Objects | Service Objects screen. Select the service that failed.
Click the Delete button, to perform deletion.
Perform a "Synchronize Now" action from the Policies | System | Tools screen.
This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: Firewall has been Rebooted (or Restarted)
During the migration process, as part of provisioning the Firewall with Flow configuration, the Firewall will be rebooted.
Customers have been notified of this as part of the Migration communication, through Email, Message of the Day (MOTD) and others.
Owner: Tenant Admin or User
Symptom
Firewall rebooted, may have been down briefly to handle the flow configuration.
Workaround
Not Applicable.
Solution
This is a mandatory step, and cannot be avoided as part of the migration. This information has already been communicated to Users, so please advice accordingly.
Migration will take place from Cloud 1.0 to 2.0 on the set dates, there is no way to choose a different date/time to avoid a reboot from affecting schedule during the migration weekend.
Issue Summary: Firewall provisioning to CSC failed
As part of provisioning the Firewall for communication with CSC, there are specific parameters that have to be configured on the unit. The values to be edited are captured below in the "Solution".
Owner: Tenant Admin or User
Symptom
The Firewall continues to point to the Cloud 1.0 setup even after the migration has completed.
Workaround
Please refer to "Solution".
Solution
Login to the Firewall and go to Manage | System Setup | Appliance | Base Settings screen. Scroll down to Advanced Management section
Ensure the "Enable management using GMS" checkbox is checked. Click on the "Configure" button to open the configuration dialog.
Edit the following fields and Apply the mentioned values:
GMS Host Name or IP Address: cloudgms.sonicwall.com (COLO: North America) and cloudgmsams.sonicwall.com (COLO: Europe)
GMS Syslog Server Port: 514
Select the "Send Heartbeat Status Messages Only" checkbox Uncheck the "GMS behind NAT Device" checkbox Management Mode: HTTPS
Perform a "Synchronize Now" action from the Policies | System | Tools screen.
This will ensure that the configurations are up-to-date in the new cloud environment.
Note: This action could take a few hours to complete.
Issue Summary: Tenancy has not been migrated
Tenancy has not been migrated because there were No Firewalls under management under this tenancy. Please license a Firewall for CSC services to automatically get added to the CSC portal. The Cloud 1.0 Tenancy will be deleted and will no longer show up in your MSW Account.
Owner: Tenant Admin or User
Symptom
Tenancy has not been migrated because there were No Firewalls under management under this tenancy.
Workaround
Please refer to "Solution".
Solution
Tenancy has not been migrated because there were No Firewalls under management under this tenancy. Please license a Firewall for CSC services to automatically get added to the CSC portal. The Cloud 1.0 Tenancy will be deleted and will no longer show up in your MSW Account.
Related Articles
- How to create and export On-Demand report from CSC / CGMS
- SonicWall NSM – AppFlow ports
- NSM - Firewall System Events and Filters
YES
NO