-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Troubleshooting Unit Acquisition in Capture Security Center (CSC)
03/26/2020 
108 People found this article helpful
483,880 Views
Description
Cloud GMS is failing unit acquisition with the error: "Could not access the unit. The unit or the network could be down."
Cause
This happens when the firewall for AMERICAS location attempts to resolve "cloudgms.sonicwall.com". For EUROPE (AMS) colo, its "cloudgmsams.sonicwall.com".
In case or North America colo, "cloudgms.sonicwall.com" resolves to 4.16.47.168 and for EUROPE (AMS) colo, "cloudgmsams.sonicwall.com" resolves to 213.244.188.168; The firewall automatically creates an address object and access rule to allow traffic from the resolved IP address. This is a problem because CGMS 2.0 uses a range of IP addresses for unit management. If CGMS 2.0 attempts to login to the firewall from any IP that doesn't match the resolved address, the login will be blocked:
Resolution
CGMS 2.0 (North America Colo) uses a range of IP address from 4.16.47.160 to 4.16.47.169 for unit management and CGMS 2.0 (Europe AMS Colo) uses a range of IP address from 213.244.188.161 to 213.244.188.170, it can attempt to login from any IP in this range. To allow CGMS 2.0 to login from an address other than the resolved IP for cloudgms.sonicwall.com, we must do the following:
1. Create an address object
Name - *Can be anything of your choosing*
ZONE - WAN
TYPE - Range
Starting IP - 4.16.47.160 ( For Europe AMS Colo: 213.244.188.161)
Ending IP - 4.16.47.169 (For Europe AMS Colo: 213.244.188.170)
2. Create an access rule
Action - Allow
From - WAN
To - WAN
Service - HTTPS Management
Source - *Name of custom address object created in step 1*
Destination - All X1 Management IP
3. After creating the access rule, use the "modify unit" action in CGMS 2.0 to restart unit acquisition.
After some time, unit acquisition should complete successfully.
See also:
Related Articles
- How to create and export On-Demand report from CSC / CGMS
- SonicWall NSM – AppFlow ports
- NSM - Firewall System Events and Filters
YES
NO