• Network Security Manager On-Premises
• Overview
  • About NSM
  • Related Documents
  • Conventions
    • UI Conventions
    • Guide Conventions
• Before Starting
  • Installation Quick Start
  • Prerequisites
  • Supported Firewalls
  • System Requirements
    • Capacity Requirements
    • Scaling Up
    • Licensing Model
  • Creating an MSW Account
  • Obtaining the Image
    • Obtaining a New Licensed Image
    • Obtaining a Trial Version
    • Downloading NSM for an Existing Instance
• Installing NSM on ESXi Server
  • Installing on ESXi Server
  • Connecting to the Console from ESXI
• Installing NSM on Hyper-V
  • Preparing the Windows Server System
  • Installing NSM On-Premises on Hyper-V
  • Connecting to the Console from Hyper-V
• Installing NSM on KVM
  • Deploying NSM on KVM via Virtual Machine Manager
• Installing NSM on Azure
• NSM Settings and Registration
  • Configuring NSM Network Settings
  • Registering NSM
  • Associating Firewalls on MSW
  • Unregistering NSM
• Console Operations
  • Management Console Operations
  • NSM Management Console Menu
  • Using SafeMode on the Management Console
    • Enabling SafeMode
    • Disabling SafeMode
    • Configuring Network Interfaces in SafeMode
      • Configuring Interface Settings
      • Disabling an Interface
    • Installing a Software Upgrade in SafeMode
    • Downloading Logs in SafeMode
• Using NSM
  • Interface Overview
  • Dashboard
  • Creating a Tenant
  • Creating a New User
  • Adding a Device
• Integrate On-Prem Analytics with NSM
• Upgrade Instructions
  • Upgrade Using Management Console
  • Upgrading SonicOS Firmware
• SonicWall Support
  • About This Document

Deploying NSM on KVM via Virtual Machine Manager

This section describes how to create a virtual machine via Virtual Machine Manager. This application can be opened by either running the virt manager command, $ virt-manager, or by opening it through your system.

virt-manager uses libvirt virtualization API, which provides a common interface for managing virtual machines for KVM. It can manage both local and remote virtual machines, allowing users to administer VMs hosted on different physical servers. This guide assumes the VM is being set up on a local server. The process for setting up on remote server is identical to that of setting it up on a local server, the only difference being the QEMU/KVM connection is managing the remote server instead of the local server. If there is a remote connection ready to use, switch to it before proceeding with the guide.

Nested Virtualization is not supported for NSM on-Prem.

Deploying the OVA image of SonicWALL NSM on Prem in a KVM environment using image conversion is not supported.

To add a new connection to the remote server

1. To open the virtual machine manager, navigate to File and select Add Connection.

   

2. In the Add Connection window, select QEMU/KVM and enter the Username and Hostname. Check the boxes for Connect to remote host over SSH and Autoconnect.

   

3. Once the connection is established, you should be able to see the virtual machines running (if any) on the remote machine in the virt-manager interface.

   

   virt-manager shows a “QEMU/KVM - Not Connected” banner if it does not find any QEMU/KVM connection.

   

   Ensure the QEMU/KVM connection (local or remote) is working before proceeding.

To create a new NSM On-Premises VM

1. Click on the create new virtual machine icon.

   

2. Select QEMU/KVM as Connection from the drop-down, select Manual Install radio button, and x86_64 as the Architecture.

   

3. Select OS type as Generic Linux 2022.

   If Generic Linux 2022 is not available, you can use Generic Linux 2020 or Generic Linux, but they are known to cause performance degradations.

   

4. Set Memory and CPU.

   Memory of 24576 or 24 GiB, and 4 CPU cores are minimum recommended configurations.

   

5. Select the Enable storage for this Virtual Machine, and select Select or create custom storage.

   A copy of the SonicWALL_NSM-on-Prem-2.4.0-930.img must exist in /var/lib/libvirt/images before proceeding.

   

6. Click Manage.

7. Use the copy of the qcow2 image file as the VM disk volume. Click on Choose Volume to select the image volume.

   /var/lib/libvirt/images is the default location used by libvirt. To use a different location, create an additional storage pool (Using '+' button in the bottom left) and set the preferred location.

   

8. Enter a VM name. Check the box for Customize configuration before install.

9. Set the Network Selection to Bridge device.

   Bridge interface is recommended for NSM On-Premises VMs for their simplicity and performance. Using NAT or Macvtap may cause issues with reachability, or network performance.

10. Click Finish.

    

11. Navigate to CPU tab, select the host-passthrough. Uncheck the Topology section.

    Do not use any CPU emulation for best performance and compatibility.

    

12. Navigate to Memory tab, make sure that Enable Shared Memory is unchecked. This may introduce side channels that could potentially be used to leak information across multiple guests.

    

13. Navigate to VirtIO Disk 1 tab, set the Disk bus to SCSI from the dropdown menu.

    

14. Click Apply.

15. Navigate to Tablet tab, remove unnecessary devices, if they are attached.

    

16. Navigate to Sound ich9, remove unnecessary devices, if they are attached.

    

17. Click Begin Installation in the top-left corner.

    

18. The NSM on-Prem VM boots up, initialises and starts the management console. The first boot of the VM can take up to 15 minutes, depending on the underlying hardware.

    

    

19. Once the Management Console is active, use the arrow keys to navigate to the “Network Interfaces” pane → DHCP → Press Enter on Disabled → Enable the DHCP by selecting “Yes”. Save the setting.

    

20. This will assign the NSM on-Prem VM an IP address if the network interface is attached to a network with a DHCP server. If not, then proceed with setting a static IP for the VM. The NSM on-Prem Getting Started Guide goes into more detail about Network Management with Management Console.

    

21. Once the “Status:” of the system is “Startup is complete, Web UI is now accessible.” in System Info pane Head to the IP address on a browser to access the web UI.

    

    

To open NSM in browser, provide the network information in the management console. When the installation and reboot is complete, go to NSM Settings and Registration to configure the network settings and register NSM.