VPN used for NSM reporting is not created on GEN7 units

Description

As of NSM 2.3.4-R7, newly acquired GEN7 firewalls running SonicOS 7.0.1 5080 or newer will not have a VPN created during acquisition.  Reporting will continue to work as usual for NSM Advanced, however, the flows will be transported through an encrypted pathway. 

To verify that reporting is configured correctly for your GEN7 firewall, please verify the following:

 

     - Firmware version is synchronized to NSM successfully and shows as 7.0.1-5080 or newer

Image

     - Verify the Commits for configuration of the encrypted pathway are successful.

Image

*3       - If settings need to be verified on the Firewall, this can be done within the TSR of the firewall as this configuration is not displayed in the UI:

Image

 

Once the Commit is successful and the configuration is succesfully applied to the firewall, reporting information will be displayed under the Monitor tab of the Firewall View.

You will also notice that the Flow Log Transport Mechanism is set to Type "Encrypted" and not "VPN" as seen with firewalls on firmware older than 7.0.1-5080. 

This is seen by expanding the device details on the Inventory page and navigating to the Analytics & Reporting Status page.

Image

Related Articles

  • Analytics On-Prem vs NSM Feature Matrix
    Read More
  • Analytics On-Prem End of Life and NSM Transition FAQ
    Read More
  • NSM On-Prem: Backups over SCP to Windows OpenSSH Server
    Read More

Categories

Management and Reporting
Network Security Manager
not finding your answers?
Ask the Community