Troubleshooting Unit Acquisition in Capture Security Center (CSC)

03/26/2020 106 12555

DESCRIPTION:

Cloud GMS is failing unit acquisition with the error: "Could not access the unit. The unit or the network could be down."

CAUSE:

This happens when the firewall for AMERICAS location attempts to resolve "cloudgms.sonicwall.com". For EUROPE (AMS) colo, its "cloudgmsams.sonicwall.com".

In case or North America colo, "cloudgms.sonicwall.com" resolves to 4.16.47.168 and for EUROPE (AMS) colo, "cloudgmsams.sonicwall.com" resolves to 213.244.188.168; The firewall automatically creates an address object and access rule to allow traffic from the resolved IP address. This is a problem because CGMS 2.0 uses a range of IP addresses for unit management. If CGMS 2.0 attempts to login to the firewall from any IP that doesn't match the resolved address, the login will be blocked:

RESOLUTION:

CGMS 2.0 (North America Colo) uses a range of IP address from 4.16.47.160 to 4.16.47.169 for unit management and CGMS 2.0 (Europe AMS Colo) uses a range of IP address from 213.244.188.161 to 213.244.188.170, it can attempt to login from any IP in this range. To allow CGMS 2.0 to login from an address other than the resolved IP for cloudgms.sonicwall.com, we must do the following:

1. Create an address object

Name - *Can be anything of your choosing*
ZONE - WAN
TYPE - Range
Starting IP - 4.16.47.160 ( For Europe AMS Colo: 213.244.188.161)
Ending IP - 4.16.47.169 (For Europe AMS Colo: 213.244.188.170)

2. Create an access rule

Action - Allow
From  - WAN
To - WAN
Service  - HTTPS Management
Source - *Name of custom address object created in step 1*
Destination - All X1 Management IP

3. After creating the access rule, use the "modify unit" action in CGMS 2.0 to restart unit acquisition.

After some time, unit acquisition should complete successfully.

 See also:

• Getting Started with Capture Security Center