Version 3.0.0 On-Premises

April 2025

Important

• Refer to the knowledge base article, How to Upgrade SonicCore and NSM in Closed Network for detailed instructions on upgrading NSM in closed network environment.
• Refer to the knowledge base article, Upgrade NSM on-prem via System Update for detailed instructions on a system upgrade. Prior to update, you need to create a system backup of the NSM on-premises system in case you need to roll back to the prior version. Refer to Backup and Restore an NSM On-Prem System for detailed instructions.

• Refer to knowledge base article, How to Upgrade On-Prem Network Security Manager firmware for detailed instructions on upgrading NSM firmware using SWI files.

Compatibility and Installation Notes

• Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
• A MySonicWall account is required.

• Capacity Requirements: The capacity requirements for an NSM On-Premises deployment have changed:

  Management Only

  Number of Firewalls	CPU (Cores)	RAM (GB)
  100	4	16
  150	4	16
  250	8	16
  500	8	16
  750	8	16
  1000	8	16
  1000+	16	32

  Management, Reporting and Analytics

  Number of Firewalls	CPU (Cores)	RAM (GB)
  100	4	24
  150	4	24
  250	8	24
  500	8	32
  750	8	32
  1000	8	32
  1000+	16	64

  Reporting Disk Space Requirements (Data Storage + Cache)/SSD

  Number of Firewalls	Data Retention 7 days	Data Retention 365 days
  50	600 GB	750 GB
  100	1.2 TB	1.5 TB
  150	1.7 TB	2.3 TB
  250	2.8 TB	4 TB

  Distributed Deployments Sizing Guideline

  Number of Firewalls	NSM Nodes
  ≤ 250	NSM Controller Node / Single Node Deployment
  > 250	Controller Node + 1 Reporting Agent per 250 firewall
  Reporting Agent resource requirements (CPU and RAM ) is the same as the controller node.

• Upgrade Instructions:

   

  • We strongly recommend upgrading from NSM 2.6.0-HF1 to NSM 3.0.0 using a system update following the steps captured in the Upgrade Instructions without Upgrade Package.
  • If you have configured custom web certificates in NSM, please disable them before upgrading NSM and enable them after the NSM upgrade to 3.0.0.
  • Minimum 50% of the free disk space is required to upgrade.

  Current Build	Upgrade Path to 2.6.0 HF1
  NSM 2.5.0 HF1	2.5.0 HF1 > 2.6.0 HF1 > 3.0.0
  NSM 2.6.0	2.6.0 > 2.6.0 HF1 > 3.0.0
  NSM 2.6.0 HF1	2.6.0 HF1 > 3.0.0

What's New

• Native Reporting and Analytics: The NSM On-Premises 3.0.0 release introduces significant enhancements, including native reporting and analytics capability for Gen 7 and Gen 8 firewall models. NSM On-Premises reporting capability includes:

  • Dashboard, summary, detail, productivity, VPN activity, Attack reports at the tenant, group, and firewall level
  • Analytics at the tenant, group, and firewall level
  • System, attack, authentication, and audit (stored in the firewall) logs
  • Alerts and Notifications
  • Pre-defined schedule and custom reports
  • Report Templates
• Deployment Options: NSM On-Premises 3.0 release brings the capability to deploy NSM On-Premises in a standalone or multi-node deployment mode.

• Template Enhancements:

  • Firewall Password Change: Admins can now change admin passwords across multiple firewalls using templates. They can use template variables in the Change password field.
  • Time and Firewall Cloud Backup Configuration: Admins can configure firewall cloud backups and change firewall time within templates.
  • Upload DPI SSL Exclusion List: Users can now upload the DPI SSL exclusion list in templates.

• All Tenant level Commit and Deploy: Admins can now create templates at the All Tenants view. They can perform commits from the All Tenants level. It streamlines updates across all tenants, ensuring consistency, efficiency, and faster deployments.

• Synchronize Multiple Out-of-Sync Firewalls: This feature allows Admins to synchronize all out-of-sync firewalls across tenants with one click.

• Product Lifecycle information in NSM Inventory​: Admins can view the Last Order, ARM Begin, LRM Begin, LOD, and End of Support dates for firewall models on the NSM Inventory page. They can also track key lifecycle dates within NSM, helping them with better inventory management and timely upgrades.​
• Ability to see firewall configuration when it is offline:​ Admins can view the firewall configuration pages that have a static configuration in NSM even when the firewall is offline. ​ It allows continuous access to firewall configurations for troubleshooting and management.
• Migration: Admins can migrate configurations from old firewalls to new firewalls using this functionality. NSM 3.0 supports migrations from SOHO to TZ80.​
• Firmware Upgrade Improvements:​ Admins can view out-of-date firmware information on the NSM inventory page. ​They can also group by firmware version to view firewall versions running on their firewalls in Inventory.

• New Licensing options: NSM Licensing model has changed. There are now new tiers of licensing which provides more flexibility. This new licensing is only applicable to Gen 7 and Gen 8 firewalls. Here are the new tiers:

  • Device management only license: Comes with all the firewalls with active support.
  • 7-day advanced reporting and analytics: Included in the Firewall APSS bundle.
  • Add-Ons/Al-a-carte: 7, 30, 90, and 365 days or Advanced Reporting and Analytics.
• Firewall Monitoring Tools: NSM now support firewall monitoring tools packet monitor, connections, core 0 processes, and packet replay.

• SonicOS 7.2 Support: NSM 3.0 will support SonicOS 7.2. This will enable NSM users to configure new SonicOS 7.2 features:

  • SAML Single Sign-On for User identification, Firewall administration, and Remote Access VPN (SSLVPN)
  • SonicOS NTP Server
  • WPA2/WPA3 Enterprise Support on TZWs Station Mode
• User Experience Improvements: Retain column customization in NSM Inventory: Column customization in NSM Inventory page is now retained for users even after logging out.

• GMS Transition: NSM On-Premises supports GMS transition feature and GSM snapshot file from GMS 9.5.0 release can be imported in NSM On-Premises 3.0.

Resolved Issues

Issue ID	Description
NSM-27245	Unable to add further units to NSM due to incorrect node count.
NSM-27556	GEN6 - VLAN interfaces have Enable option displayed in NSM Firewall View.
NSM-28546	Commit failed but the change was actually pushed to firewall.
NSM-28595	Manually added firewall still shows online after being taken offline.
NSM-28992	Users > Two Factor Auth gets disabled when Beta Features is enabled.
NSM-29017	Web UI is not accessible following upgrade to NSM 2.6.0 HF1.
NSM-29258	Acquisition errors are seen in logs, even though the unit is successfully acquired/managed.

Known Issues

Issue ID	Description
NSM-27040	Monitor > Details : Export saved reports PDF status shows loading until manually refreshed.
NSM-28345	NSM login by digital certificate is not working.
NSM-28989	CATP Scanning History shows No Data, Local Firewall UI shows a History.
NSM-29503	Login to the browser shows Checking Additional Requirements and the spinning wheel spins for ever. Workaround: NSM On-Premises requires a processor supporting the AVX instruction set. This feature is generally available in processors based on Intel's Sandy Bridge microarchitecture (released 2011) or newer, and AMD's Bulldozer microarchitecture (released 2011) or newer.
NSM-29792	Alert & notifications > History: Alert notifications for web categories get removed from UI after refresh.
NSM-29862	Once closed network file is imported successfully in UI, the screen goes blank. Workaround: Refresh the page if you see this error.
NSM-29817	Not able to export device inventory data to a csv file. Workaround: Download firewall Inventory list in CSV format under More Options in Firewalls Inventory.

Additional References

NSM-29387, NSM-29384, NSM-29172, NSM-28752, NSM-28400, NSM-27962, NSM-27515, NSM-25937