Cloud GMS is failing unit acquisition with the error: "Could not access the unit. The unit or the network could be down."
This happens when the firewall for AMERICAS location attempts to resolve "cloudgms.sonicwall.com". For EUROPE (AMS) colo, its "cloudgmsams.sonicwall.com".
In case or North America colo, "cloudgms.sonicwall.com" resolves to 18.104.22.168 and for EUROPE (AMS) colo, "cloudgmsams.sonicwall.com" resolves to 22.214.171.124; The firewall automatically creates an address object and access rule to allow traffic from the resolved IP address. This is a problem because CGMS 2.0 uses a range of IP addresses for unit management. If CGMS 2.0 attempts to login to the firewall from any IP that doesn't match the resolved address, the login will be blocked:
CGMS 2.0 (North America Colo) uses a range of IP address from 126.96.36.199 to 188.8.131.52 for unit management and CGMS 2.0 (Europe AMS Colo) uses a range of IP address from 184.108.40.206 to 220.127.116.11, it can attempt to login from any IP in this range. To allow CGMS 2.0 to login from an address other than the resolved IP for cloudgms.sonicwall.com, we must do the following:
1. Create an address object
Name - *Can be anything of your choosing* ZONE - WAN TYPE - Range Starting IP - 18.104.22.168 ( For Europe AMS Colo: 22.214.171.124) Ending IP - 126.96.36.199 (For Europe AMS Colo: 188.8.131.52)
2. Create an access rule
Action - Allow From - WAN To - WAN Service - HTTPS Management Source - *Name of custom address object created in step 1* Destination - All X1 Management IP
3. After creating the access rule, use the "modify unit" action in CGMS 2.0 to restart unit acquisition.
After some time, unit acquisition should complete successfully.