gms 8.7 intro to gms dashboard › techdocs › pdf › global-management... · 2020-05-13 ·...
TRANSCRIPT
SonicWall® Global Management System 8.7 Introduction to GMS - DashboardAdministration
1Contents
Part 1. INTRODUCTION - DASHBOARD
Part 2. Introduction
Introduction to SonicWall GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Overview of GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
What Is GMS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Key Features in GMS 8.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Scaling SonicWall GMS Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Overview of IPv6 in GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Platform Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
NSv Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Microsoft SQL Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Java Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
SonicWall Appliances Supported for GMS Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
GMS Gateway Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Network Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
GMS Internet Access through a Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Logging in to GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Navigating the GMS Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Dashboard View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Appliance Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Understanding GMS Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using the GMS TreeControl Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configuring GMS View Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Group Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Unit Node . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Creating GMS Fields and Dynamic Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Adding SonicWall Appliances and Completing Basic Management Tasks . . . . . . . . . . . . . . . . . . . . . . 31
Preparing SonicWall Appliances for GMS Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Preparing a SonicWall Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Preparing an SMA Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Adding SonicWall Appliances to GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Adding SonicWall Appliances Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Importing SonicWall Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Managing Multiple Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Registering SonicWall Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Modifying Management Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Modifying SonicWall Appliance Management Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Changing Agents or Management Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
SonicWall GMS 8.7
Administration2
Moving SonicWall Appliances Between Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Deleting SonicWall Appliances from GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Executing Basic Appliance Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Part 3. Dashboard
Using the Dashboard View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Using the Dashboard Control Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Using the Universal Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Using the Geographic View Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Filtering with the Search using Keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Determining the Universal Dashboard Geographical Map Location . . . . . . . . . . . . . . . . . . . . . . . . 50
Geographic Map User Interface and Location “Unknown” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Managing Page and Widgets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Adding Widgets on the Universal Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Adding a New Dashboard Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Using the Universal Scheduled Reports Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Using the Manage Templates Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Adding a Scheduled Report Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Managing the Scheduled Reports Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Part 4. Support
SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
SonicWall GMS 8.7
Administration3
SonicWall GMS 8.7Administration
Part 1
4
INTRODUCTION - DASHBOARD
• Introduction
SonicWall GMS 8.7Administration
Part 1
5
Introduction
• Introduction to SonicWall GMS
• Adding SonicWall Appliances and Completing Basic Management Tasks
1
Introduction to SonicWall GMS
This chapter introduces the SonicWall® Global Management System (GMS) User Interface (UI) navigation and management views. GMS can be used in a variety of roles in a wide range of networks. Network administrators can use GMS as a Management Console role in an Enterprise network containing a single SonicWall network security appliance and also as a Remote Management System role for managing multiple unit deployments for Enterprise and Service Provider networks consisting of hundreds and thousands of firewalls, Secure Mobile Access (SMA), and Email Security (ES) appliances.
Topics:
• Overview of GMS on page 6
• Overview of IPv6 in GMS on page 7
• Platform Compatibility on page 8
• Logging in to GMS on page 15
• Navigating the GMS Management Interface on page 16
• Understanding GMS Icons on page 20
• Using the GMS TreeControl Panel on page 21
• Configuring GMS View Options on page 23
• Getting Help on page 30
Overview of GMSTopics:
• What Is GMS? on page 6
• Key Features in GMS 8.7 on page 7
• Scaling SonicWall GMS Deployments on page 7
What Is GMS?SonicWall® Global Management System (GMS) is a Web-based application that can configure and manage thousands of SonicWall firewall appliances and NetMonitor non-SonicWall appliances from a central location.
GMS can be used as a Management Console in an Enterprise network containing a single SonicWall appliance, and it can also be used as a Remote Management System for managing multiple unit deployments for Enterprise and Service Provider networks consisting of hundreds and thousands of firewalls, Email Security appliances, and Secure Mobile Access (SMA) appliances. This dramatically lowers the cost of managing a secure distributed network. GMS does this by enabling administrators to monitor the status of and apply configurations to all managed SonicWall appliances, groups of SonicWall appliances, or individual SonicWall appliances. GMS also
SonicWall GMS 8.7
Administration6
provides centralized management of scheduling and pushing firmware updates to multiple appliances and to apply configuration backups of appliances at regular intervals.
GMS provides monitoring features that enable you to view the current status of SonicWall appliances and non-SonicWall appliances, pending tasks, and log messages. It also provides graphical reporting of firewall, SMA, and Email Security (ES) appliance and network activities for the SonicWall appliances. A wide range of informative real-time and historical reports can be generated to provide insight into usage trends and security events.
Network administrators can also configure multiple site VPNs for SonicWall appliances. From the GMS user interface (UI), you can add VPN licenses to SonicWall appliances, configure VPN settings, and enable or disable remote-client access for each network.
Key Features in GMS 8.7See the SonicWall® Global Management System 8.7 Release Notes for the list of new features available in this release.
Scaling SonicWall GMS DeploymentsGMS is designed to be highly scalable to support service providers and enterprise customers with large numbers of SonicWall appliances.
GMS offers a distributed management architecture, consisting of multiple servers, multiple consoles and several agents, as well as an All-in-One configuration. Each agent server can manage a number of SonicWall appliances. Additional capacity can be added to the management system by adding new agent servers. This distributed architecture also provides redundancy and load balancing, assuring reliable connections to the SonicWall appliances under management.
In the distributed architecture, the console server provides the user a single interface to the management system. Each agent server can manage a number of SonicWall appliances, depending on the GMS gateway that resides between the agent server and the SonicWall appliances and the amount of syslog traffic from the remotely managed appliances.
• The GMS gateway that resides between a GMS agent server and the SonicWall appliances provides secure communications.
• Each SonicWall appliance can have a primary agent server and a standby server. Each agent server can be a primary server for certain SonicWall appliances and a standby server for other SonicWall appliances.
• Configuration of and changes to the GMS and the SonicWall appliances are written to the database.
• The users at the Admin Workstations can access the GMS management interface through a Web browser (HTTP) from any location. The GMS management interface can also be securely accessed using SSL.
• The GMS console server can also be an agent server.
Overview of IPv6 in GMSGMS supports the use of IPv6, allowing the user to Install GMS products in an IPv6 network environment. This means that GMS can now access various Network Elements using IPv6 addresses, such as: Firewalls, SMTP servers, RADIUS/LDAP Authentication Servers, SNMP Managers, WebServices, and so on.
SonicWall GMS 8.7
Administration7
IPv6 Deployment ConsiderationsConsider the following when using IPv6 with GMS:
• In the case of a Virtual Appliance, you can use SonicWall Command Line Interface to specify the IPv6 address of the appliance.
• For GMS to take advantage of the IPv6 network, dual-stack (IPv4, IPv6) configuration on the underlying platforms is required. This means that these appliances/servers will need to have IPv4 addresses assigned no matter what.
• The GMS Scheduler continues to be displayed as an IPv4 address. This does not mean that the GMS Scheduler can access only IPv4 addresses. The IPv4 address in this context is rather used to uniquely identify the GMS Scheduler/Agent instead.
GMS API EnhancementsGMS provides API enhancements in security, performance, and versioning. Four thousand additional API commands include enhancements for:
GMS uses Swagger for API implementation. To display the Swagger API specifications online, go to HTTPS://SONICOS-API.SONICWALL.COM.
Platform CompatibilityThe SonicWall GMS 8.7 release can be hosted in two deployment scenarios as follows:
• Microsoft Windows Server Software
• VMware ESXi Virtual Appliance
Deployment Considerations:
• Before selecting a platform to use for your GMS deployment, use the Capacity Planning Tool at https://www.SonicWall.com/gms-capacity-planning-tool/. This helps you set up the correct GMS system for your deployment.
Before installing GMS 8.7, ensure that your system meets the minimum hardware and software requirements described in the following sections.
Topics:
• Operating System Requirements on page 9
• Microsoft SQL Server Requirements on page 10
• Java Support on page 11
• Browser Requirements on page 11
• SonicWall Appliances Supported for GMS Management on page 11
• IPSec VPN • User / group Objects • Capture • Match Objects
• Action Objects • Bandwidth Objects • Email Objects • CFS Objects
• IPv6 • App Rules • CFS Policies • DPI Policies
• SSL-VPN • DPI-SSL Policies • Wireless • SonicWave
CAUTION: SonicWall recommends that you take steps to minimize abrupt shutdowns of the server hosting GMS, as this can cause corruption of the Reporting database, potentially leading to loss of data for the current month. A possible solution includes using an Uninterrupted Power Supply (UPS).
SonicWall GMS 8.7
Administration8
• GMS Gateway Requirements on page 12
• Network Requirements on page 13
• GMS Internet Access through a Proxy Server on page 14
Operating System RequirementsMicrosoft WindowsSonicWall GMS supports the following Microsoft Windows operating systems:
• Windows Server 2016 Standard (English and Japanese language versions)
• Windows Server 2012 Standard 64-bit
• Windows Server 2012 R2 Standard 64-bit (English and Japanese language versions)
• Windows Server 2012 R2 Datacenter
These Windows systems can either run in physical standalone hardware platforms, or as a virtual machine under Windows Server 2012 Hyper-V or ESXi.
Hardware for Windows ServerTo determine the hardware requirements for your deployment, use the Capacity Planning Tool at https://www.SonicWall.com/gms-capacity-planning-tool/.
Hard Drive HDD SpecificationsThe following hard drive HDD specifications are required when using GMS software on a Windows Server or a GMS Virtual Appliance:
• Spindle Speed: 10,000 RPM or higher
• Cache: 64 MB or higher
• Transfer rate: 600 MBs or higher
• Average Latency: 4 microseconds or lower
SonicWall GMS Virtual ApplianceThe elements of basic VMware structure must be implemented prior to deploying the GMS Virtual Appliance. The GMS Virtual Appliance runs on the following VMware platforms:
• ESXi 6.5, 6.0, and 5.5
TIP: For best performance and scalability, it is recommended to use a 64-bit Windows operating system. Bundled databases run in 64-bit mode on 64-bit Windows operating systems. All listed operating systems are supported in both virtualized and non-virtualized environments. In a Hyper-V virtualized environment, Windows Server is a guest operating system running on Hyper-V. GMS is then installed on the Windows Server virtual machine that is layered over Hyper-V.
NOTE: GMS is not supported on MS-Windows Server virtual machines running in cloud services, such as Microsoft Azure and Amazon Web Services EC2.
NOTE: A Windows 64-bit operating system with at least 16GB of RAM is highly recommended for better performance of reporting modules. For more information, read the “Capacity Planning and Performance Tuning” appendix in the SonicWall GMS Administration Guide.
SonicWall GMS 8.7
Administration9
Virtual Appliance Deployment Requirements• GMS management is not supported on Apple MacOS.
• All modules are 64-bit.
• Using the Flow Server Agent role requires a minimum of:
• Quad core
• 16GB of memory
• 300GB available disk space
To determine the hardware requirements for your deployment, use the Capacity Planning Tool at https://www.SonicWall.com/gms-capacity-planning-tool/.
The performance of GMS Virtual Appliance depends on the underlying hardware. It is highly recommended to dedicate all the resources that are allocated to the Virtual Appliance, especially the hard-disk (datastore). In environments with high volumes of syslogs or AppFlow (IPFIX), you will need to dedicate local datastores to the GMS Virtual Appliance.
Read the “Capacity Planning and Performance Tuning” appendix in the SonicWall GMS Administration (Manage) Guide.
NSv Supported PlatformsThe NSv Series is supported on the following SonicWall virtual firewalls:
SonicWall GMS 8.4 or higher is required for management of SonicWall NSv Series virtual firewalls running SonicOS 6.5.0.2 (or newer) for NSv Series.
Microsoft SQL Server RequirementsFor SQL Server deployments in countries in which English is not the default language, set the default language to English in the Login Properties of the GMS database user in the SQL Server configuration.
The following SQL Server versions are supported:
• SQL Server 2014
• SQL Server 2012
• NSv 10 • NSv 100 • NSv 400
• NSv 25 • NSv 200 • NSv 800
• NSv 50 • NSv 300 • NSv 1600
NOTE: For SQL Server deployments in countries in which English is not the default language, set the default language to English in the Login Properties of the GMS database user in the SQL Server configuration.
NOTE: A database user with “DB Creator” privileges must be provided to GMS during the Role Configuration process of any GMS Server.
SonicWall GMS 8.7
Administration10
Java Support
Download and install the latest version of the Java 8 plug-in on any system that accesses the GMS management interface. This can be downloaded from:
• http://www.java.com/
or
• http://www.oracle.com/technetwork/java/javase/downloads/index.html
Browser RequirementsSonicWall GMS uses advanced browser technologies such as HTML5, which are supported in most recent browsers. SonicWall recommends using the latest Chrome, Firefox, or Safari browsers for the administration of GMS.
This release supports the following Web browsers:
• Chrome 42.0 and higher (recommended browser for dashboard real-time graphics display)
• Firefox 37.0 and higher
• Microsoft Edge 41 or higher
• Safari 11 or higher (MAC only)
Mobile device browsers are not recommended for GMS system administration.
SonicWall Appliances Supported for GMS ManagementGMS supports SonicWall firewall App Control policy management and reporting. Refer to the SonicOS documentation for information on which SonicOS firmware versions support these features.
NOTE: Java is required only when you are using Net Monitor.
NOTE: If using Chrome version 42 and newer to access GMS 7.2 and older, you will need to enable NPAPI support in Chrome, which by default has been disabled starting with version 42.
NOTE: GMS 8.7 does not support legacy SonicWall Inc. appliances, including:• Firewall appliances running firmware earlier than SonicOS 5.0• CSM Series• CDP Series
SonicWall GMS 8.7
Administration11
SonicWall GMS supports the following SonicWall appliances and firmware versions:
Notes:
• GMS supports SonicWall firewall App Control policy management and App Control reporting support. Refer to the SonicOS documentation for information on the supported SonicOS firmware versions.
• Appliances running firmware newer than this GMS release can still be managed and reports can still be generated. However, the new features in the firmware will be supported in an upcoming release of GMS.
Non-SonicWall Appliance SupportSonicWall GMS provides monitoring support for non-SonicWall TCP/IP and SNMP-enabled devices and applications.
GMS Gateway RequirementsA SonicWall GMS gateway is a SonicWall firewall appliance that allows for secure communication between the GMS server and the managed appliance(s) using VPN tunnels.
The GMS gateway must meet one of the following requirements:
Component Requirements
SonicWall Platforms SonicWall Firmware Version
Network Security Appliance
SuperMassive 10000 series SonicOS 6.0 or newer
NOTE: Only partial policy management and reporting support is currently available. The following SuperMassive specific features are not supported for centralized policy management in GMS:
• Multi-blade Comprehensive Anti-Spam Service (CASS)• High Availability/Clustering• Support for Management Interface• Flow Reporting Configurations• Multi-blade VPN• Advanced Switching• Restart: SonicOS versus Chassis
Contact your SonicWall Sales representative through https://www.SonicWall.com/en-us/support for more information.
SuperMassive 9000 series SonicOS 6.1 or newer
NSA Series SonicOS 5.0 or newer
TZ Series and TZ Wireless SonicOS 5.0 or newer
SOHO SonicOS 5.9.1.3 or newer 5.9 versions
SOHO Wireless SonicOS 6.2.6 or newer 6x versions
SOHO 250 and 250 Wireless SonicOS 6.5.4.1 or newer
Secure Mobile Access
SMA/SRA/SSL-VPN Series SSL-VPN 2.0 or newer (management)SSL-VPN 2.1 or newer (management and reporting)
SMA 1000 Series SMA 10.7.2 or newer
Email Security/Anti-Spam
Email Security Series Email Security 7.2 or newer (management only)
SonicWall GMS 8.7
Administration12
• SonicWall NSA Series network security appliance with minimum firmware version SonicOS 5.0
• SonicWall PRO Series network security appliance with minimum firmware version SonicOS Enhanced 3.2
• SonicWall VPN-based network security appliance
There are three SonicWall GMS management methods with different GMS gateway requirements. When using SSL as the management method, it is optional to have a GMS gateway between each GMS agent server and the managed SonicWall appliance(s). If you select Existing VPN tunnel, a gateway is optional. If you select Management VPN tunnel, you must have a GMS gateway between the GMS agent server and the managed SonicWall appliance(s) to allow each GMS agent server to securely communicate with its managed appliance(s). The following list provides more detail on GMS management methods and gateway requirements:
• Management VPN tunnel—A SonicWall GMS gateway is required. Each GMS agent server must have a dedicated gateway. The security association (SA) for this type of VPN tunnel must be configured in the managed SonicWall appliance(s). GMS automatically creates the SA in the GMS gateway. For this configuration, the GMS gateway must be a SonicWall VPN-based appliance. The GMS gateway can be configured in NAT-Enabled or transparent mode.The reason for a dedicated gateway with this method is because of the Scheduler's function. When a unit is added into GMS with 'Management tunnel' as the method, the scheduler service logs into the gateway and creates the management tunnel. Also, the scheduler service periodically logs into its gateway and checks for management SAs. If there are SAs created for units that the agent does not manage, the SAs are deleted. If there are two agents sharing a gateway, they will be constantly deleting the other agent’s SAs.
• Existing VPN tunnel—A SonicWall GMS gateway is optional. GMS can use VPN tunnels that already exist in the network to communicate with the managed appliance(s). For this configuration, the GMS gateway can be a SonicWall VPN-based appliance or another VPN device that is interoperable with SonicWall VPN.
• SSL—A SonicWall GMS gateway is optional. GMS can use SSL management instead of a VPN tunnel to communicate with the managed appliance(s). However, the SonicWall EX-Series SMA appliance allows SSL access only to its LAN port(s), and not to its WAN port(s). This means that when GMS is deployed outside of the Aventail LAN subnet(s), management traffic must be routed from GMS to a gateway that allows access into the LAN network, and from there be routed to the LAN port.
Network RequirementsTo complete the SonicWall GMS deployment process, the following network requirements must be met:
• The GMS server must have access to the Internet
• The GMS server must have a static IP address
• The GMS server’s network connection must be able to accommodate 1 KB/s for each device under management. For example, if GMS is monitoring 100 SonicWall appliances, the connection must support at least 100 KB/s.
NOTE: The SonicWall GMS gateway should be at minimum a SonicWall NSA 2400 with minimum firmware SonicOS 5.0.
NOTE: No matter what management method is used, GMS will always login to the firewalls using HTTPS for better security.
NOTE: Depending on the configuration of SonicWall log settings and the amount of traffic handled by each device, the network traffic can vary dramatically. The 1KB/s for each device is a general recommendation. Your installation requirements might be different.
SonicWall GMS 8.7
Administration13
GMS Internet Access through a Proxy ServerIf the SonicWall GMS server cannot access the Internet directly and needs to go through a proxy server, the following proxy entries are required in the sgmsConfig.xml file of the GMS server:
<Parameter name="proxySet" value="1"/>
<Parameter name="proxyHost" value="10.0.30.62"/>
<Parameter name="proxyPort" value="3128"/>
<Parameter name="proxyUser" value="0A57CF01AB39ACF8863C8089321B9287"/>
<Parameter name="proxyPassword" value="EE80851182B4B962FC3E0EDF1F00275A"/>
The proxyUser and proxyPassword parameters are required only if the Proxy Server requires authentication, in which case these are TEAV encrypted. This configuration supports both HTTP and SSL Proxy, as long as the settings are identical for both.
To exempt certain hosts from the proxy configuration and allow them to be connected to directly, add the following tag to sgmsConfig.xml:
<Parameter name="nonProxyHosts" value="*something.com|www.foo*|192.168.0.*"/>
The exact values of all of these parameters should be changed to the appropriate values for your deployment. The asterisk symbol (*) is a wildcard that means any string. The pipe symbol (|) is a delimiter for the hosts in the list.
To edit the sgmsConfig.xml entries, complete the following steps:
1 Login to the UMH system management interface:http://<sgms_ipaddress>:<portnumber>/appliance
2 Navigate to the following URL:http://<sgms_ipaddress>:<portnumber>/appliance/techSupport.html
SonicWall GMS 8.7
Administration14
3 Edit the sgmsConfig.xml file using the Configuration File editor option by clicking Edit.
Logging in to GMSAfter registering your SonicWall GMS product, to log in to the GMS management interface, either double-click on the GMS icon on your desktop, or from a remote system, access the following URL from a web browser:
http://<sgms_ipaddress>:<portnumber>
SonicWall GMS 8.7
Administration15
The GMS login page appears by default in English. To change the language setting, click your language of choice at the bottom of the login page. The available language choices for GMS include English, Japanese, Simplified Chinese, Traditional Chinese, Korean, and Portuguese.
1 Enter the SonicWall user ID (default: admin) and password (default: password). Select Local Domain as the domain (default).
2 Click Login. The GMS management interface displays.
Navigating the GMS Management InterfaceThe following sections describe the six major views of the GMS management interface:
• Dashboard View on page 16
• Appliance Views on page 17
• Monitor View on page 19
• CONSOLE View on page 19
Dashboard ViewThe Dashboard is a view intended to work as a customizable dashboard where you are able to monitor the latest happenings with your SonicWall GMS deployment, your network, the IT and Security World, as well as the rest of the world.
NOTE: For more information on installation, login procedures, and registration of your GMS installation, refer to the appropriate Getting Started Guide, available at: https://www.SonicWall.com/en-us/support/technical-documentation
SonicWall GMS 8.7
Administration16
Upon initial login, you see a default Dashboard view. You are able to further customize this page by configuring and adding preferred components.
Appliance ViewsThe appliance views enable administrators to add, delete, configure, and view the various SonicWall appliance types that are managed by SonicWall GMS.
These views include:
• Firewall view—Provides centralized management and reporting on compatible firewall appliances.
• SMA view—Provides centralized management and reporting on SonicWall SMA appliances.
• ES view—Provides centralized management of SonicWall Email Security appliances.
Within the Firewall view, there are three sub-panels:
• Manage View on page 17
• Reports View on page 18
• Flows View on page 18
Manage ViewIn FIREWALL, the Manage view is used to configure SonicWall appliances. From the screens on this view, you can apply settings to all SonicWall appliances being managed by GMS, all SonicWall appliances within a group, or individual SonicWall appliances.
NOTE: The Secure Mobile Access (SMA) and Email Security (ES) views are not enabled or displayed by default. To enable these views, see Configuring Email Settings on page 1250. This change requires a system restart.
SonicWall GMS 8.7
Administration17
To open the Manage view in FIREWALL, click the appropriate appliance at the top of the SonicWall GMS management interface and then click the Manage view. The appropriate System > Status page appears:
Reports ViewThe Reports view is an essential component of the network security that is used to view and schedule reports about critical network events and activity, such as security threats, inappropriate Web use, and bandwidth levels.
To open the Reports view, click the FIREWALL or SMA views at the top of the SonicWall GMS UI and then click the Reports view.
Flows ViewThe Flows view provides the status of the available appliances licensed for Flow Reporting.
SonicWall GMS 8.7
Administration18
To open the Flows view in FIREWALL, click the appropriate appliance at the top of the SonicWall GMS management interface and then click the Flows view. The appropriate General > Status page appears:
Monitor ViewThe MONITOR view is the administrator’s central tool for monitoring the status of any managed TCP/IP and SNMP capable devices and applications. The MONITOR view provides power and flexibility to help you manage availability of network devices, creating custom threshold-based realtime monitor alerts, and emailing or archiving network status reports based on your specifications.
To access the Monitoring features, click MONITOR at the top of the GMS management interface.
CONSOLE ViewThe CONSOLE view is used to configure the GMS settings, view pending tasks, manage licenses, and configure system wide granular event management settings.
SonicWall GMS 8.7
Administration19
To open the CONSOLE view, click CONSOLE at the top of the GMS management interface.
Understanding GMS IconsThis section describes the meaning of icons that appear next to managed appliances listed in the left pane of the SonicWall GMS management interface.
Status Icon Descriptions
Status Icon Description
One blue box indicates that the appliance is live and communicating with GMS. The appliance is accessible from the GMS, and no tasks are pending or scheduled.
Two blue boxes indicate that appliances in a group are live and communicating with GMS. All appliances in the group are accessible from GMS and no tasks are pending or scheduled.
Three blue boxes indicate that all appliances in the global node of this type (Firewall/SMA) are live and communicating with GMS. All appliances of this type are accessible from GMS and no tasks are pending or scheduled.
One blue box with a lightning flash indicates that one or more tasks are pending or running on the appliance.
Two blue boxes with a lightning flash indicate that tasks are currently pending or running on two or more appliances within the group.
Three blue boxes with a lightning flash indicate that tasks are currently pending or running on three or more appliances within the group.
One blue box with a clock indicates that one or more tasks are scheduled on the appliance.
Two blue boxes with a clock indicate that tasks are currently scheduled to execute at a future time on two or more appliances within the group.
Three blue boxes with a clock indicate that tasks are currently scheduled to execute at a future time on three or more appliances within the group.
SonicWall GMS 8.7
Administration20
Using the GMS TreeControl PanelThis section describes the content of the TreeControl Panel within the GMS management interface. The TreeControl Panel view and update permissions can be configured for multiple GMS user types. For more information on configuring GMS user screens, units, or action permissions, refer to Configuring Action Permissions on page 1266.
One yellow box indicates that the appliance has been added to GMS management (provisioned), but not yet acquired.
Two yellow boxes indicate that two or more appliances in the group have been added to GMS management, but not acquired.
Three yellow boxes indicate that one or more of the appliances of this type (Firewall/SMA) have been added to GMS management, but not acquired.
One yellow box with a lightning flash indicates that one or more tasks are pending on the provisioned appliance.
Two yellow boxes with a lightning flash indicates that tasks are pending on two or more provisioned appliances within the group.
Three yellow boxes with a lightning flash indicates that tasks are pending on three or more provisioned appliances within the group.
A green circle with the number 1 in the middle indicates that the unit is in an HA pair and is currently the Primary unit.
A yellow circle with the number 2 in the middle indicates that the unit is in an HA pair and is currently on backup.
One red box indicates that the appliance is no longer sending heartbeats to GMS.
Two red boxes indicate that two or more appliances in the group are no longer sending heartbeats to GMS.
Three red boxes indicate that three or more of the global group of appliances of this type (Firewall/SMA) are no longer sending heartbeats to GMS.
One red box with a lightning flash indicates that the appliance is no longer sending heartbeats to GMS and has one or more tasks pending.
Two red boxes with a lightning flash indicate that two or more appliance in the group are no longer sending heartbeats to GMS and have one or more tasks pending.
Three red boxes with a lightning flash indicates that the appliances are no longer sending heartbeats to GMS and have three or more tasks pending.
A box with a dot in the top-left corner indicates that the appliance is being managed by GMS using a static IP address.
This icon indicates a fail over to a secondary Ethernet port.
This icon indicates the a modem is connected using a dialup.
This icon indicates the wireless is connected using WWAN.
This icon indicates the unit’s Task Pending status is “Immediate.”
This icon indicates the unit’s Task Pending status is “Scheduled.”
Status Icon Descriptions (Continued)
SonicWall GMS 8.7
Administration21
You can control the display of the TreeControl Panel by selecting one of the appliance views at the top. For example, when you click the FIREWALL view, the TreeControl Panel displays all the managed firewall units. You can display any of the following appliance types when GMS is managing them:
• Firewall
• SMA (Secure Mobile Access)
• ES (Email Security)
You can hide the entire TreeControl Panel by clicking the Hide TreeControl Panel tab, and re-display the panel by clicking it again. This is helpful when viewing some reports or other extra-wide screens, especially on the MONITOR or CONSOLE views.
To open a TreeControl Panel menu, right-click the View All icon, a Group icon, or a Unit icon.
The following options are available in the right-click menu (if you have the permissions set as described in Using the GMS TreeControl Panel on page 21 to perform them). See Configuring Action Permissions on page 1266 for more information:
• Expand—Makes subbranches to the root visible.
• Expand All—Makes the entire branch visible.
• Collapse All—Compresses the entire view of all expanded hierarchies so that only the roots of the branches are visible.
• Find—Opens a Find dialog box that allows you to search for groups or units.
SonicWall GMS 8.7
Administration22
• Refresh—Refreshes the GMS user interface display.
• Add Unit—Add a new unit to the GMS management view. Requires unit IP and login information.
• Rename Unit—(unit node only) Renames the selected SonicWall appliance.
• Delete—Delete the selected unit or all units in the selected Group or Global Node, with option to delete interconnected SAs or to delete from NetMonitor.
• Import XML—Import an edited XML file to replace the current TreeControl navigation view.
• Modify Unit—(unit node only) Change basic settings for the selected unit, including unit name, IP and Login information, serial number, management port and encryption/authentication keys.
• Login to Unit—(unit node only) Login to the selected unit using SSL protocols.
• Modify Properties—Displays the properties for the selected SonicWall appliance, or all managed appliances in the selected group or global node.
• Manage Views—Opens a dialog box where you can create, delete, or modify a view.
• Change View—Select pre-set or user created views. Views are created in the Manage View window (see above).
• Re-assign Agents—Opens a dialog box where you can change the IP address of the primary and standby schedulers and the type of management mode used between GMS and the managed SonicWall appliances.
Configuring GMS View OptionsThe GMS management interface is a robust and powerful tool you can use to apply settings to all SonicWall appliances being managed by GMS, all appliances or devices within a group, or individual appliances or devices simply by selecting the Global, Group, or Unit node within the GMS management interface. The GMS management interface supports up to seven levels of hierarchal depths per view.
This section describes each view and what to consider when making changes:
• Group Node on page 23
• Unit Node on page 24
• Creating GMS Fields and Dynamic Views on page 25
Group NodeFrom the Group node of the Manage view, changes you make are applied to all SonicWall appliances within the group. The Global node is the top view that contains all appliances.
NOTE: Views are only available in the Policies and Reports panels. Changing views does not affect the Console or Monitor views.
SonicWall GMS 8.7
Administration23
To open the Group node, click a Firmware icon in the left pane of the GMS management interface. The Status Information for Group Node page appears. The Group Node Status page contains a list of statistics for all SonicWall appliances within the group.
As you move through the GMS management interface with the Group node selected and make changes, those changes are broken down into configuration tasks and applied to each subgroup and each SonicWall appliance within the group.
As GMS processes the tasks, some SonicWall appliances might be down or offline. When this occurs, GMS spools the tasks and reattempts the update later.
Depending on the page that you are configuring, the SonicWall appliance(s) might automatically restart. We recommend scheduling the tasks to run when network activity is low. To determine if a change requires restarting, refer to the configuration instructions for that task.
Making group changes through the GMS management interface enables you to save time by instituting changes that affect all SonicWall appliances within the group through a single operation. Although this is very convenient, some changes can have unintended consequences. Be careful when making changes on a group or global level.
Unit NodeFrom the Unit node of the Policies panel, changes you make are only applied to the selected SonicWall appliance. To open the Unit node, click a SonicWall appliance in the left pane of the GMS management interface. The Status page for the SonicWall appliance appears.
SonicWall GMS 8.7
Administration24
From the Unit node on the Reports panel, you can generate real-time and historical reports for the selected SonicWall appliance.
As you navigate the GMS management interface, you can generate graphical reports and view detailed log data for the selected SonicWall appliance. For more information, refer to Reports View on page 18.
As you navigate the GMS management interface with a single SonicWall appliance selected and make changes, those changes are broken down into configuration tasks and sent to the selected SonicWall appliance.
As GMS processes the tasks, the SonicWall appliance might be down or offline. When this occurs, GMS spools the task and reattempts the update later.
Unit Node Status Information PageThe Unit Node Status Information page contains a list of statistics for the selected SonicWall appliance:
• Firewall Model—specifies the model of the SonicWall appliance. If the unit is not registered, “Not Registered” appears instead of a model number.
• Serial Number—specifies the serial number of the SonicWall appliance.
• Domain—can be private, for internal users, or an externally registered domain name. This domain name is used in conjunction with User Login Settings on the Users > Settings page for user-authentication redirects.
• Registration Code—the registration code is generated when GMS is registered at http://www.MySonicWall.com.
• Firmware Version—specifies the version of the firmware installed on the SonicWall appliance.
• CPU—specifies the CPU used in the SonicWall appliance.
• High Availability—specifies the presence of High Availability Stateful Synchronization of the DNS cache. When the DNS cache is added, deleted, or updated dynamically, it synchronizes to the idle firewall.
• Number of LAN IPs allowed—specifies the number of IP addresses that are allowed on the LAN.
Creating GMS Fields and Dynamic ViewsSonicWall GMS uses an innovative method for organizing SonicWall appliances. SonicWall appliances are not forced into specific, limited, rigid hierarchies. You can simply create a set of fields that define criteria (such as, country, city, and state) that separate SonicWall appliances. Then, create and use dynamic views to display and sort appliances on the fly. For information about organizing SonicWall appliances, see the following sections:
• About Default SonicWall Fields on page 26
• Creating Custom Fields on page 26
• Understanding Dynamic Views on page 28
• Configuring Dynamic Views on page 29
• Changing Views on page 30
NOTE: Depending on the page that you are configuring, the SonicWall appliance might automatically restart. We recommend scheduling the tasks to run when network activity is low. To determine if a change requires restarting, refer to the configuration instructions for that task.
SonicWall GMS 8.7
Administration25
About Default SonicWall FieldsGMS includes standard fields that can be used to sort SonicWall appliances based on their model, their firmware version, and other criteria. Default GMS fields include the following:
• AV Status—places the SonicWall appliances into different groups based on their status.
• CFS Status—places the SonicWall appliances into two groups: appliances that have content filtering service (CFS) subscriptions and appliances that do not.
• Dialup Mode—does grouping based on whether an appliance has switched to dialup mode for Internet access.
• Firmware—creates a group for each Firmware version and places each SonicWall appliance into its corresponding group.
• Management—does grouping based on whether appliances are managed by SSL Management mode, SonicWall GMS Management Tunnel mode, or Existing/LAN mode.
• Model—creates a group for each SonicWall model and places each SonicWall appliance into its corresponding group.
• Nodes—creates a group for each node range and places each SonicWall appliance into its corresponding group.
• Registered—places the SonicWall appliances into two groups: appliances that are registered and appliances that are not.
• Scheduler—creates a group for each scheduler agent and places each SonicWall appliance into its corresponding group.
• UnitStatus—does grouping based on the Up/Down/Provisioned status of appliances.
• Warranty Status—places the SonicWall appliances into two groups: appliances that have current warranties and appliances that do not.
Creating Custom FieldsWhen first configuring GMS, you can create custom fields that you can use to organize managed appliances. GMS supports up to ten custom fields.
The following are examples of custom fields that you can use:
• Geographic—useful for organizing SonicWall appliances by location. Especially useful when used in combination with other grouping methods. Geographic fields might include:
• Country
• Time Zone
• Region
• City
• Customer-based—useful for organizations that are providing managed security services for multiple customers. Customer-based fields might include:
• Company
• Division
• Department
NOTE: Although GMS supports up to ten custom fields, only seven fields can be used to sort SonicWall appliances in a single view.
SonicWall GMS 8.7
Administration26
• Configuration-based—useful when SonicWall appliances have very different configurations. (such as, Filtering, No Filtering, Pornography Filtering, Violence Filtering, or VPN).
• User-type—different service offerings can be made available to different user types. For example, engineering, sales, and customer service users can have very different configuration requirements. Or, if offered as a service to end users, you can allow or disallow network address translation (NAT) depending on the number of IP addresses that you want to make available.
GMS is pre-configured with four custom fields: Country, Company, Department, and State. These fields can be modified or deleted.
To add new fields, complete the following steps:
1 Click the CONSOLE view, expand Management and click Custom Groups.
2 Right-click Custom Groupings in the right pane.
3 Select Add Category from the pop-up menu.
4 Enter the name of the group in the Category Name field.
5 Enter the default value for the group in the Default Value field.
NOTE: Category names can only contain alpha-numeric characters. Special characters and/or spaces are not accepted.
SonicWall GMS 8.7
Administration27
6 Click Ok. You can create up to ten fields.
To modify or delete fields, right-click any of the existing fields and select Properties or Delete Category, respectively from the pop-up menu.
Understanding Dynamic ViewsAfter creating custom fields and reviewing the GMS fields, administrators can set up views to dynamically filter the SonicWall security appliances that are displayed in the GMS user interface based on those fields.
Some views can include the following:
• Standard Geographic Views—When the number of SonicWall appliances managed by the GMS becomes large, you can divide the appliances geographically among SonicWall administrators.
For example, if one administrator is responsible for each time zone in the United States, you can choose the following grouping methods:
• Administrator 1: Country: USA, Time Zone: Pacific, State, City.
• Administrator 2: Country: USA, Time Zone: Mountain, State, City.
• Administrator 3: Country: USA, Time Zone: Central, State, City.
• Administrator 4: Country: USA, Time Zone: Eastern, State, City.
• Firmware Views—To ensure that all SonicWall appliances are using the current firmware, you can create a view to check and update firmware versions and batch process firmware upgrades when network activity is low.
For example, if you want to update all SonicWall appliances to the latest firmware at 2:00 A.M., you can use the following grouping method:
• Firmware Version, Time Zone
If you want to update SonicWall appliances only for companies that have agreed to the upgrade and you want the upgrades to take place at 2:00 A.M., you can use the following grouping method:
• Company, Firmware Version, Time Zone
• Registration Views—To ensure that all SonicWall appliances are registered, you can create a registration view and check it periodically. To create a registration view, you can use the following grouping method:
• Registration Status, any other grouping fields
• Upgrade Views—You can create views that contain information on which upgrades customers do not have and forward this information to the Sales Department.
For example, you can choose the following grouping methods:
• Content Filter List, Company, Division, Department
• Anti-Virus, Company, Division, Department
• Warranty Status, Company, Division, Department
NOTE: Although the fields appear to be in a hierarchical form, this has no effect on how the fields appears within a view.
NOTE: Each view can filter for a maximum of seven fields.
SonicWall GMS 8.7
Administration28
Configuring Dynamic Views
To create a view, follow these steps:
1 Right-click anywhere in the left pane of the GMS window and select Manage Views from the pop-up menu. The Manage Views page appears.
2 Type a descriptive name for the new view in the View Name field.
3 To make this view available to non-administrators, select Visible to Non-Administrators.
4 To add a view category, click Add Level. View categories are used to filter SonicWall appliances in your view. The Group Categories column contains categories that are a combination of custom fields and GMS fields.
5 To change the Group Category field, select the desired field from the pull-down list. For a list of GMS fields and their meanings, refer to About Default SonicWall Fields on page 26.
6 Choose an Operator to apply to apply to the value for this view:
• equals (default value)
• starts with
• ends with
• contains
• does not equal
• does not contain
7 Type a value for the category in the Value column.
8 You can add up to seven categories or levels.
9 To delete a view category, select the level and click Delete Level(s).
SonicWall GMS 8.7
Administration29
10 When you are finished configuring this view, click Modify View.
11 When you are finished, click Close.
Changing ViewsTo change views from within the GMS management interface, follow these steps:
1 Right-click anywhere in the left pane of the GMS window and select Change View from the pop-up menu. The Change View dialog box appears.
2 Select a view and click OK. The GMS management interface displays only the SonicWall appliances that meet the requirements of the filters defined in the view.
Getting HelpIn addition to this manual, GMS provides on-line help resources.
To get help, complete the following steps:
1 Navigate to the page where you need help.
2 Click Help in the upper right corner of the window. Help for the selected page appears.
SonicWall GMS 8.7
Administration30
2
Adding SonicWall Appliances andCompleting Basic Management Tasks
This chapter describes how to add SonicWall appliances to SonicWall® Global Management System (GMS), register appliances, and modify management properties. It also provides an introduction to basic appliance management tasks that can be executed through GMS. This chapter contains the following sections:
• Preparing SonicWall Appliances for GMS Management on page 31
• Adding SonicWall Appliances to GMS on page 32
• Registering SonicWall Appliances on page 37
• Modifying Management Properties on page 37
• Deleting SonicWall Appliances from GMS on page 39
• Executing Basic Appliance Management on page 40
Preparing SonicWall Appliances for GMS ManagementLocal configuration steps are required on the individual appliance before adding it to GMS. Refer to the desired section for the provisioning procedures:
• Preparing a SonicWall Firewall on page 31
• Preparing an SMA Appliance on page 32
• Adding SonicWall Appliances to GMS on page 32
Preparing a SonicWall FirewallTo prepare a SonicWall firewall appliance for GMS management, complete the following steps:
1 Log in to the firewall appliance. Navigate to the FIREWALL | Manage | Log > Settings page.
2 In Syslog Servers, click Add.
3 Select a Name or IP Address object to start sending syslogs. The GMS service should be activated. Set the log in UTC format and log category.
4 Navigate to the FIREWALL | Manage | System > Time page, and in Set Time, enable Display UTC in logs (instead of local time).
5 Click Update.
SonicWall GMS 8.7
Administration31
Preparing an SMA ApplianceThis section describes the local configuration steps required on the individual SMA appliance before adding it to GMS management. See the following subsections:
• Preparing SMA Appliances on page 32
Preparing SMA AppliancesTo prepare a SonicWall SMA appliance (non-Aventail) for GMS management:
1 Log in to your SonicWall SMA. Navigate to FIREWALL | Manage | System > Management.
2 In Management Method, select Enable Management Using and then select GMS from the drop-down menu.
3 Type the GMS host name or IP Address of the GMS server in the GMS HostName or IPAddress field.
4 Type the GMS Syslog server port in the GMS Syslog Server Port field. The default port is 514.
5 Click Update.
Adding SonicWall Appliances to GMSGMS can communicate with SonicWall appliances through VPN tunnels, SSL, or directly over VPN tunnels that already exist between the SonicWall appliances and the GMS gateway. GMS should connect to the SMA appliance on the LAN port of the appliance. When GMS is deployed outside of the SMA LAN subnet, management traffic must be routed from GMS to a gateway that allows access into the LAN network, and from there be routed to the SMA LAN port.
The following sections describe two methods for adding SonicWall appliances to GMS:
• Adding SonicWall Appliances Manually on page 33
• Importing SonicWall Appliances on page 36
• Managing Multiple Appliances on page 36
• Modifying SonicWall Appliance Management Options on page 38
NOTE: A SonicWall appliance might already be registered to a different MySonicWall account, in this case the “Register to MySonicWall.com” task cannot be executed, and will remain in the scheduled tasks queue. To take full advantage of GMS managed appliances, it is important that either the managed appliance is not registered when it is added into GMS, or it is registered to the same MySonicWall.com account as the GMS system that is managing the appliance. Active/Active clusters of SonicWall appliances can be added to GMS simply by adding the Master cluster node. Each individual cluster node sends syslogs directly to the Master cluster node’s serial number, GMS ends up aggregating the reports.
SonicWall GMS 8.7
Administration32
Adding SonicWall Appliances ManuallyTo manually add a SonicWall appliance using the GMS management interface, follow these steps:
1 Click the appliance view that corresponds to the type of appliance that you want to add: FIREWALL, SMA (Secure Mobile Access), or ES (Email Security).
2 Expand the GMS tree and select the group to which you will add the SonicWall appliance. Then, right-click the group and select Add Unit from the pop-up menu. To not specify a group, right-click an open area in the left pane (TreeControl pane) of the GMS management interface and select Add Unit or click the Add Unit icon in the tool bar. The Add Unit dialog box appears:
SonicWall GMS 8.7
Administration33
3 Enter a descriptive name for the SonicWall appliance in the Unit Name field.Do not enter the single quote character (‘) in the Unit Name field.
4 If applicable, choose a Domain to add this appliance to from the Domain pull-down list.
5 Enter the serial number of the SonicWall appliance in the Serial Number field.
6 For the Managed Address, choose whether to Determine automatically, or Specify manually. Most deployments are able to determine the IP address automatically. If you choose to specify the IP address manually, an option to Make manual address sticky is available. This retains the Manual Mode and the specified IP address is not overwritten.
7 Enter the Administrator login name for the SonicWall appliance in the Login Name field. The Administrator of the appliance can also enter a Local User or a Remote User name (as configured on the firewall) for GMS Management. If using Local User or Remote User names, they must be included in the user list created on the firewall.
8 Enter the password used to access the SonicWall appliance in the Password field.
9 For Management Mode, select from the following:
• If the SonicWall appliance is managed through an existing VPN tunnel or over a private network, select Using Existing Tunnel or LAN.
• If the SonicWall appliance is managed through a dedicated management VPN tunnel, select Using Management Tunnel.
• If the SonicWall appliance is managed using SSL, select Using SSL (default).
10 Enter the IP address of the managed appliance in the Management Port field.
11 For VPN tunnel management, enter a 16-character encryption key in the SA Encryption Key field. The key must be exactly 16 characters long and composed of hexadecimal characters. Valid hexadecimal characters are “0” to “9”, and “a” to “f” (such as 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f). For example, a valid key would be “1234567890abcdef.”
12 For VPN tunnel management, enter a 32-character authentication key in the SA Authentication Key field. The key must be exactly 32 characters long and composed of hexadecimal characters. For example, a valid key would be “1234567890abcdef1234567890abcdef.”
13 Select the IP address of the GMS agent server that manages the SonicWall appliance from the Agent IP Address list box:
• If GMS is configured in a multi-tier distributed environment, you must select the GMS Agent whose IP address matches the IP address that you specified when configuring the SonicWall appliance for GMS management.
• If GMS is in a single-server environment, the IP address of the GMS agent server already appears in the field.
14 If GMS is configured in a multi-tier distributed environment, enter the IP address of the backup GMS server in the Standby Agent IP field. The backup server automatically manages the SonicWall appliance in the event of a primary server failure. Any Agent can be configured as the backup.
15 If a flow server has been configured, select the Flow Server Agent IP address from the list box.
NOTE: Domain selection is only available to the administrator of the LocalDomain. Individual domain administrators are only able to add an appliance to their respective domains.
NOTE: This key must match the encryption key of the SonicWall appliance. You can set the key on the appliance by logging directly into it.
NOTE: This key must match the authentication key of the SonicWall appliance.
NOTE: If GMS is deployed in a single server environment, leave this field blank.
SonicWall GMS 8.7
Administration34
16 To add the appliance to Net Monitor, select Add this unit to Net Monitor.
17 Click Properties. The Unit Properties dialog box appears.
18 This dialog box displays the category fields to which the SonicWall appliance belongs. To change any of the values, select a new value from the pull-down list. When you are finished, click OK. You are returned to the Add Unit dialog box.
19 To classify your unit as part of Sandwich deployment, which is the ability to cluster your nodes and represent them based on individual firewalls while showing them as a group of nodes, set the GMS Flow Server settings and select the server from the Sandwich drop-down menu.
20 Click OK. The Assign Privileges dialog box displays.
21 Select the user group or individual users to which read-write privileges should be assigned. Keep in mind that admins always maintain read-write privileges, regardless of your selection here.
22 Click OK. The new SonicWall appliance appears in the GMS management interface. It has a yellow icon that indicates it has not yet been successfully acquired. GMS then attempts to establish a management VPN tunnel, set up an SSL connection, or use the existing site-to-site VPN tunnel to access the appliance. GMS then reads the appliance configuration and acquires the SonicWall appliance for management. This might take a few minutes.
NOTE: After the SonicWall appliance is successfully acquired, its icon turns blue, its configuration settings are displayed at the unit level, and its settings are saved to the database. A text version of this configuration file is also saved in the file: <gms_directory>/etc/Prefs. In a multi-tier distributed environment, both the primary and secondary GMS Agents must be configured to use the same management method.
SonicWall GMS 8.7
Administration35
Importing SonicWall AppliancesTo reduce the amount of information that you have to manually enter when adding SonicWall appliances, GMS enables you to import the saved prefs file of a SonicWall appliance.
To add a SonicWall appliance to the GMS management interface using the import option, follow these steps:
1 Right-click in the left pane of the GMS interface and select Add Unit from the pop-up menu. The Add Unit dialog box appears.
2 Enter a descriptive name for the SonicWall appliance in the Unit Name field. Do not enter the single quote character (') in the SonicWall Name field.
3 Enter the password to access the SonicWall appliance in the Password field.
4 Click Properties. The Unit Properties dialog box appears.
5 This dialog box displays fields to which the SonicWall appliance belongs. To change any of the values, enter a new value. When you are finished, click OK.
6 After you are returned to the Add Unit dialog box, click OK again.
7 Select the user group or individual users to which read-write privileges should be assigned. Keep in mind that admins always maintain read-write privileges, regardless of your selection here.
8 The new SonicWall appliance populates in the left pane. It has a yellow icon that indicates it has not yet been successfully acquired.
GMS then attempts to establish a management VPN tunnel to the appliance, read its configuration, and acquire it for management. This takes a few minutes.
After the SonicWall appliance is successfully acquired, its icon turns blue, its configuration settings are displayed at the unit level, and its settings are saved to the database. A text version of this configuration file is also saved in:<gms_directory>/etc/Prefs.
Managing Multiple AppliancesGMS can handle multiple appliances depending on you much SYSLOG traffic your firewalls are generating. That data determines how busy each firewall would become. Other considerations would be the number of SYSLOG categories enabled and how much reporting you might want to generate.
If the firewalls sent only heartbeats, with no additional SYSLOG reporting required, you could probably operate a single all-in-one instance of GMS and still manage up to 200 appliances. However, that scenario is not usually the case. So, a good starting place should offer some redundancy and scalability without immediately needing to add more components. That starting point might be:
• 1 database
• 3 agents
• 1 dedicated console
Run all of these components as Windows servers, not virtual machines. You should be sure the agents are running on servers with very fast disk IO. However, a fast disk IO is not necessary for the dedicated console and database. For the RAM and CPU, it is best to have 16GB and quad Xeon available. It is the agents that need the power and focus.
SonicWall GMS 8.7
Administration36
GMS can be expanded with no other cost than the hardware to run it on. So when the agents appear loaded, but reports are taking a long time to mail out, additional components can be added.
Registering SonicWall AppliancesAfter successfully adding one or more SonicWall appliances to GMS, the next step is to register them. Registration is required for firmware upgrades, technical support, and more.
To register one or more SonicWall appliances, follow these steps:
1 Select GlobalView, a group, or a SonicWall appliance.
2 Expand the FIREWALL | Manage | Register/Upgrades tree and click Register SonicWalls. The Register SonicWalls page appears.
3 Click Register. The Modify Task Description and Schedule page displays. GMS creates a task for each SonicWall appliance registration. The Modify Task Description and Schedule page allows you to customize the task description and set the task execution time. During the task execution, GMS registers each selected SonicWall appliance using the information that you used to register with the SonicWall registration site. After registration is complete, the task is removed from the Scheduled Tasks page and the status of the task execution is logged. To view these logs, click the Console view. Then, expand the Log tree and click View Log.
4 If the appliance is already registered, the “Register SonicWalls” page states This appliance is registered.
Modifying Management PropertiesThe following sections describe how to modify management properties:
• Modifying SonicWall Appliance Management Options on page 38
• Changing Agents or Management Methods on page 38
• Moving SonicWall Appliances Between Groups on page 39
SonicWall GMS 8.7
Administration37
Modifying SonicWall Appliance Management OptionsIf you make a mistake or need to change the settings of an added SonicWall appliance, you can manually modify its settings or how it is managed.
To modify a SonicWall appliance, complete the following steps:
1 Right-click in the left pane of the GMS management interface and select Modify Unit from the pop-up menu. The Modify Unit dialog box appears.
2 The Modify Unit dialog box contains the same options as the Add Unit dialog box. For descriptions of the fields, refer to Adding SonicWall Appliances to GMS on page 32.
3 When you have finished modifying options, click OK. The SonicWall appliance settings are modified.
Changing Agents or Management MethodsTo provide increased flexibility when managing SonicWall appliances, GMS enables you to change the Agents that manage SonicWall appliances, as well as their management methods.
To change how a SonicWall appliance is managed, follow these steps:
1 Right-click on the group or appliance that you want to re-assign and select Re-assign Agents from the pop-up menu.
2 If the appliances to be re-assigned are managed using existing tunnels or the LAN, a warning message is displayed. Click OK.
3 The Re-assign Agents dialog box appears.
4 Select the IP address of the GMS agent server that manages the SonicWall appliance from the Scheduler IP Address list box.
NOTE: If a unit has not been acquired (yellow icon), you can change its management mode using this procedure. After it has been acquired (red or blue icon), you cannot change its management mode using this procedure and must reassign it. For more information, refer to Changing Agents or Management Methods on page 38
CAUTION: Make sure that the appliances are able to successfully connect to the reassigned GMS to avoid losing connection to the appliances.
SonicWall GMS 8.7
Administration38
5 If GMS is configured in a multi-tier distributed environment, enter the IP address of the backup GMS server in the Standby Scheduler IP list box. The backup server automatically manages the SonicWall appliance in the event of a primary failure. Any Agent can be configured as a backup.
6 Select from the following management modes:
• If the SonicWall appliance is managed through an existing VPN tunnel or over a private network, select Using Existing Tunnel or LAN.
• If the SonicWall appliance is managed through a dedicated management VPN tunnel, select Using Management Tunnel.
• If the SonicWall appliance is managed using SSL, select Using SSL (default).
7 Enter the port used to administer the SonicWall appliance in the Management Port list box (HTTPS: 443).
8 If a flow server has been configured, select the Flow Server Agent IP address from the list box.
9 When you are finished, click OK. A task is created for each selected SonicWall appliance.
Moving SonicWall Appliances Between GroupsTo move SonicWall appliances between groups, simply change the properties of their custom fields.
To change these properties, follow these steps.
1 Right-click on a SonicWall appliance or group in the left pane of the GMS Management interface and select Modify Properties from the pop-up menu. The Properties dialog box appears.
2 Make any changes to the categories to which the SonicWall appliance or group of appliances belongs. For information on creating categories, refer to Creating GMS Fields and Dynamic Views on page 25.
3 Click OK. The SonicWall appliance(s) are moved to the new group.
Deleting SonicWall Appliances from GMSTo delete a SonicWall appliance or a group of appliances from SonicWall GMS, complete the following steps:
1 Right-click on a SonicWall appliance or group in the left pane and select Delete from the pop-up menu.
2 In the warning message that displays, click Yes. The SonicWall appliance or group is deleted from SonicWall GMS.
NOTE: If GMS is in a single server environment, leave this field blank.
NOTE: SSL management requires additional configuration on the appliance itself.
NOTE: If you are completing this procedure at the group or global level, all parameters are changed for all selected SonicWall appliances. For example, if you were attempting to only change the Country attribute, all other parameters would be changed as well.
NOTE: After the deleting the SonicWall appliance from SonicWall GMS, unprovision the unit as a best practice. To unprovision the unit, log in to the SonicWall appliance and disable SonicWall GMS management to avoid sending unnecessary syslogs to the SonicWall GMS host.
SonicWall GMS 8.7
Administration39
Executing Basic Appliance ManagementThis section provides links to locations in this guide that describe the most common appliance management tasks.
Common Appliance Management Tasks
Management Task Location
Inheriting Group Settings Inheritance Filters on page 1279
Upgrading Firmware Upgrading Firmware on page 1194
Managing Subscription Services Configuring Security Services Settings on page 1035
Managing Certificates Configuring Certificates on page 83
Generating a Certificate Signing Request on page 89
Backing up the Prefs File Configuring System Settings on page 112
Understanding Heartbeat Messages Configuring System Settings on page 112
Configuring Mail Server Settings on page 1174
SonicWall GMS 8.7
Administration40
SonicWall GMS 8.7Administration
Part 2
41
Dashboard
• Using the Dashboard View
3
Using the Dashboard View
The Dashboard view is a customizable executive summary of your SonicWall® Global Management System (GMS) deployment. The Dashboard view provides powerful network visualization reporting, monitoring, and search filtering tools consolidated into one area of the management user interface. The Dashboard view consists of the following components:
• Using the Dashboard Control Bar on page 42
• Using the Universal Dashboard on page 43
• Managing Page and Widgets on page 53
• Using the Universal Scheduled Reports Application on page 55
The Dashboard view provides administrators with an executive summary through a Universal Dashboard geographic map. As depicted in the screen that follows, the Geographic View provides a scalable map that displays your SonicWall GMS-managed units and GMS servers using graphical icons--these icons provide system state information with a mouse over. The Geographic View also provides global to regional map displays of VPN Monitor Views. The administrator can also use the search option to quickly find keywords within their GMS deployment, and each GMS administrator can create multiple-customized views of the Universal Dashboard unique to their administrator login.
Upon initial login, you see a default Dashboard view. You are able to further customize this page by configuring and adding preferred components.
The Dashboard view also provides you with a centralized location to create Universal Scheduled Reports for Firewall, SMA (Secure Mobile Access), and ES (Email Security) reporting solutions.
Using the Dashboard Control BarThe Dashboard control bar provides top-of-the page menu items for customizing the settings of this page. When the Dashboard loads after SonicWall GMS login, the control bar is displayed and then becomes hidden until you place your mouse cursor at the top of the page as shown in the figure that follows. You can lock the control bar by clicking on the “pin the control bar” icon.
The Dashboard control bar provides the following components:
• Universal Dashboard—Includes Geographic View and associated widgets.
• Universal Scheduled Reports—Includes Universal Scheduled Reports Wizard to create report templates.
• My Default Page—Includes a default settings widgets page.
• Manage Page and Widget Settings—The cog wheel icon launches the Manage Page and Widget Settings configuration tool. This tool allows you to edit, delete, or add new widgets for your Universal Dashboard page, My Default Page, or a new user page. You can also create widgets for a specific set of SonicWall devices.
SonicWall GMS 8.7
Administration42
• Save Layout—The floppy disk icon allows you to “Save Layout.” This allows you to save the Geographic View and the order of your list of widgets.
• Search using Keywords—The Search bar allows you to filter the information displayed on the geographical map.
• Keywords available for various search areas—The abc icon displays the Keyword help that includes a list of available keywords, usage description, and a filter example.
• Switch to Full Screen—The four arrows in four corners icon enables the page into full-screen mode.
• Pin Control Bar—The pin icon allows you to keep the Dashboard control bar always on.
Using the Universal DashboardThe Dashboard default view displays the Universal Dashboard. The Universal Dashboard provides you—upon initial login with factory defaults—a geographical map displaying GMS deployment information.
The Geographical View displays the following SonicWall GMS elements graphically:
• GMS-managed units—such as Firewall, SMA (Secure Mobile Access), and ES (Email Security) appliances
• GMS-host servers—such as UMH hosts in server, console agent, or database role configurations
• Auto-discovered units behind the SonicWall GMS remotely-managed units—such as configured network address objects like public servers
Depending on the administrative access privileges that a logged in user has, the right subset of objects in the previous image are displayed on the geographical map. For example, the “SonicWall GMS Servers” is available for display in the map only for the Administrators group users of LocalDomain.
This section contains the following subsections:
• Using the Geographic View Map on page 44
• Filtering with the Search using Keywords on page 49
SonicWall GMS 8.7
Administration43
• Determining the Universal Dashboard Geographical Map Location on page 50
• Geographic Map User Interface and Location “Unknown” on page 51
Using the Geographic View MapThe Dashboard Geographic View map provides easy-to-use viewing controls. These controls allow the administrator to use their mouse to hover over elements, configure elements using the mouse right-click menus, and to scale the map to predefined size called “fit to scale.” More information on using these viewing controls are described in the following table:
This section contains the following subsections:
• Using the Geographic View Zoom Bar on page 45
• Displaying All Objects on the Geographic Map on page 46
• Using the Deployment View on page 46
Geographic View Map Controls
Map View Control
Location Description
Zoom Click the focus bar plus symbol (+) and minus symbol (-) focus bar to expand and contract the viewing area.
Using menus and mouse gestures, zoom in and zoom out of regional areas of the Geographic map.
Fit to Scale Fit-to-Scale button, a mouse-over message displays “Show all the objects on the Map.”
The “Fit to Scale” button provides an instant-zoom panning view where the entire SonicWall GMS deployment and managed-devices are displayed all at once on the Map.
Clear Selection An “X” button clears your selection on the Map. This button is below the Fit-to-Scale button.
The clear selection button refreshes the Map and removes previously a selected item or set.
Pin Icon Hover over with the mouse pointer or right-click and select Details.
Displays system information depending on the SonicWall appliance selected, below is for a SonicWall firewall:
• Name: Displays SonicWall appliance friendly name.
• Serial: Displays SonicWall appliance serial number.• Domain: Displays SonicWall GMS domain group.• Firmware: Displays firmware version.• Type: Displays appliance type from Firewall, SMA
(Secure Mobile Access), and ES (Email Security) to network object.
• Management Mode: Displays SSL management enabled or disabled.
• Management IP: Displays management IP address.• LAN IP: Displays LAN IP address.• Status: Displays node status from up, down,
provisioned, or unknown.
Blob or Group of Pin Icons
Hover over with mouse pointer.
Displays the number of units and appliance friendly name for a specific group type.
Unknown Click the slider to open a small window on the right side of the map.
Displays units and instances that cannot be placed on the Map because their Geo Locations are not known. You can drag and drop units from this list to the Map.
SonicWall GMS 8.7
Administration44
• Using the VPN Monitor View on page 47
• Dashboard Geographical Map Icons on page 48
• Using the Context-Sensitive Universal Dashboard Widgets on page 48
Using the Geographic View Zoom BarThe zoom bar for the Geographic Map allows the network administrator to scale the view to a larger holistic view of the entire world or zoom down to a smaller local region. The zoom bar is easy to use, and the page refreshes quickly. Click on the zoom bar minus (-) button to zoom out to view a full map of the world.
Alternatively, click on the zoom bar plus (+) button to zoom in to view a specific area or region of the Map. Another method to zooming into a target area of the map is by double-clicking a spot on the Map. Each double-click zooms into the map one increment closer. You can also use the scroll-button on a mouse to zoom.
SonicWall GMS 8.7
Administration45
Displaying All Objects on the Geographic MapBecause many SonicWall GMS deployments contain dispersed devices in many different cities and countries around the world, you can view all the objects at once by clicking Show all the objects on the Map. This button is located below the minus (-) button on the zoom bar.
In this example, the entire SonicWall GMS deployment of SonicWall GMS hosts and managed devices are located in the continental United States map. Therefore, clicking Show all objects on the Map displays all the nodes for this deployment in the continental United States map. To save this Geographic View, click the floppy disc icon on the Dashboard control view.
Using the Deployment ViewTo change the Dashboard Geographic View default view to the “Deployment View,” point your mouse cursor on the Map. Right-click the Map, and select Deployment View. The Deployment View provides the location of your SonicWall GMS hosts with graphical color lines to each SonicWall GMS-managed device as shown below.
The Dashboard Geographic View provides the ability to display your SonicWall GMS deployment for an all-in-one role configuration or a distributed deployment of multiple SonicWall GMS hosts in server, console or database role configurations. SonicWall GMS currently provides support for only a single management host location. This single management host location allows you to view all your SonicWall GMS-managed devices that contain a defined geographic location. SonicWall GMS-managed devices that do not have a defined geographic location are listed on the right-margin of the Map in the a slider window: location not known.
SonicWall GMS 8.7
Administration46
The Deployment View connecting lines from the SonicWall GMS host to the SonicWall GMS-managed device are graphical color lines representing the status of the management tunnel as follows:
• SSL management up line: a blue solid line
• SSL management down line: a red solid line
• Management tunnel up line: a blue dashdot line
• Management tunnel down line: a red dashdot line
• Management tunnel provisioned line: a yellow dashdot line
Using the VPN Monitor ViewTo change the Dashboard Geographic View default view to the VPN Monitor View, point your mouse cursor on the Map. Right-click the Map, and select VPN Monitor View.
The Dashboard Geographic View provides the ability to display the status of VPN service security associations (SAs) for your SonicWall GMS-managed firewalls that contain a defined geographic location. The VPN Monitor View provides a graphical line segment between the SonicWall GMS-managed firewall and the VPN tunnel endpoint. The VPN tunnel endpoint can be a remote site or an IPsec client computer. The VPN Monitor View displays connected and non-connected SAs.
The VPN Monitor View provides the location of your SonicWall firewall with graphical color lines to each VPN tunnel endpoint as shown in the following image. Navigate your mouse to the top-right corner of the VPN Monitor View to filter the VPN Tunnel view from the following:
• VPN Tunnel Up—Displays only up VPN SAs.
• VPN Tunnel Down—Displays only down VPN SAs.
• VPN Tunnel Disabled—Displays only disabled VPN SAs.
• VPN Tunnel Unknown—Displays only VPN SAs whose location is unknown.
• VPN Tunnel All—Displays all VPN SAs.
The VPN Monitor View connecting lines from the SonicWall GMS-managed firewall to the VPN Tunnel endpoint are graphical color lines representing the status of the VPN tunnel as follows:
• VPN tunnel up line: a blue solid line
• VPN tunnel down line: a red dash line
• VPN tunnel disabled line: a gray dot line
• VPN tunnel unknown line: a yellow dashdot line
For more information on configuring your SonicWall GMS-managed firewall VPN settings, refer to the FIREWALL | Manage | VPN > Settings page.
SonicWall GMS 8.7
Administration47
Dashboard Geographical Map IconsThis section provides a description of each icon displayed on the Map. The following table provides a description reference for each unique graphical. Note when an icon pin is selected on the Map, the icon changes color to a lighter highlight from dark gray to light blue indicating the node is selected.
Using the Context-Sensitive Universal Dashboard WidgetsThe Geographic View provides context-sensitive widgets. Widgets are display windows underneath the default Geographic Map. By default, widgets display a group-level data and statistics of your entire SonicWall GMS deployment. When you view widgets for the Universal Dashboard, the data and statistics are representing group-level data and statistics.
For context-sensitive Widget data and statistics, you must select a node or group of nodes on the Geographical Map. When a node on the Geographical Map is selected, the graphical Pin Node icon changes color from black (deselected) to light blue (selected), and subsequently the widget data and statistics become context-sensitive to the selected node or group of nodes.
Dashboard Geographic Map Icons
Graphical Icon Description
A dark gray encapsulated pin icon displays an “deselected” SonicWall GMS-managed unit or group. While a light blue encapsulated pin icon displays a “selected” SonicWall GMS-managed unit or group.
Displays an “up/down status” SonicWall GMS-host deployed in the all-in-one role configuration.
Displays an “up/down status” SonicWall GMS-host deployed in server role configuration.
Displays an “up/down status” SonicWall GMS-host deployed in console agent role configuration.
Displays an “up/down status” SonicWall GMS-host deployed in database role configuration.
Displays an “up status” for a single unit or a group of SonicWall GMS-managed devices.
Displays a “down status” for a single unit or a group of SonicWall GMS-managed devices.
Displays a “provisioned status” for a single unit or a group of SonicWall GMS-managed devices.
Displays an “unknown status” for a single unit or a group of SonicWall GMS-managed devices.
VPN Monitor View
Displays an “up status” for a single or group of VPN tunnel endpoints.
Displays a “down status” for a single or group of VPN tunnel endpoints.
Displays a “disabled status” for a single or group of VPN tunnel endpoints.
Displays an “unknown status” for a single or group of VPN tunnel endpoints.
SonicWall GMS 8.7
Administration48
Selecting a group of nodes on the Geographic Map can be completed by holding Ctrl while clicking the nodes one at a time. Alternatively, you can select a group of nodes on the Geographic Map by holding the shift key and dragging your mouse cursor around the map region as illustrated in the following image.
The following widgets are displayed for the Universal Dashboard:
• Logs—Displays the log event message, the friendly name of the SonicWall device, and the date timestamp.
• Sites—Displays site IP, browse time, hits, and the amount of data transferred.
• Alerts—Displays the alert message and the last reported time.
• Applications—Displays application category, events, and the amount of data transferred.
• Scheduled Tasks—Displays the description of each scheduled task, the friendly name of the SonicWall device, and the local time of the schedule.
• Threat Category—Displays Top Intrusion/Anti-Spyware/GAV Categories and Top Attacks including respective action and event messages.
• Data Usage—Displays a Timeline graph and a list of Top Protocols including protocol service name, number of connections, and the amount of data transferred.
For more information, refer to Adding Widgets on the Universal Dashboard on page 53.
Filtering with the Search using KeywordsThe Search bar at the top of the Dashboard view enables the administrator to filter the information displayed on the geographical map. Based on the search criteria, a blob can become an icon, or icon can become a blob. The administrator can use the Search bar to fine-tune the display on the geographic map the following SonicWall GMS deployment information:
• SonicWall firmware version
• Network object name
• User name
• Object type including managed Firewall, SMA (Secure Mobile Access), or ES (Email Security) device, NetMonitored device, or SonicWall GMS servers
The Search bar uses both text and expression matching to allow the administrator to create filter criteria with combination strings. For text criteria, the following search operators are supported:
NOTE: Select a node or group of nodes for context-sensitive widget data and statistics. The widgets display context-sensitive data specific to the network traffic on the selected node.
SonicWall GMS 8.7
Administration49
• equals
• contains
• starts with
• ends with
For expression type criteria, the following search operators are supported:
• =
• <
• >
• !=
The ABC icon next to the Search bar allows you to filter by selecting from a list in the Keyword Help as shown in the following image. The Keyword Help dialog provides a Description and Usage example for each keyword. Verify the purpose and usage of the keyword before using the selected keyword in a filter.
Select a keyword to be used for search or filter. The keywords listed on the left side provide filter options for your Geographic View. You can only select one keyword at a time. After selecting a keyword, click Use to add this search criteria.
Determining the Universal Dashboard Geographical Map LocationAn administrator now has multiple ways to determine the location of an object in the geographic map. The following list is numbered chronologically to show location-configuration precedence order:
1 The public WAN IP of the network address object is used to determine the location of the object in the geographic map. This excludes all objects with private addresses, for example, 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 networks. A mapping service is used to map the WAN IP to longitude and latitude, which is then translated into a location in the Geographic View.
2 When a unit is added into SonicWall GMS, the administrator can specify the location of the unit, either explicitly in a standard address format, or interactively through a map to determine the longitude and
NOTE: Not all keywords apply to all Widgets. For a few keywords there are Widgets with applicability, and there are Widgets where the keyword is not interpreted based on context.
SonicWall GMS 8.7
Administration50
latitude of the unit’s position. Information provided using this approach overrides the information retrieved using WAN IP as described in step 1.
3 In the Geographic View, you can drag a unit and position it anywhere in the map. This updates the location information (longitude and latitude) of the network address object and overrides information in step 1 and step 2.
4 For network address objects whose location is unknown (either because its IP is not known or the IP is in the private IP space, or the administrator has not provided longitude and latitude information), these will be displayed in a special “unknown” area of the geographic map—from where these can be dragged and placed anywhere in the map
5 The SonicWall GMS Servers’ public WAN IPs are determined by SonicWall GMS using Web services, and the IPs are used for the initial positioning of the SonicWall GMS servers.
Geographic Map User Interface and Location “Unknown”An administrator trying to determine what section of the world map to display views the smallest geographic denomination that holds all network objects, in the order as follows:
• World map—When network objects belong to different continents, the world map is displayed.
• Continent map—When network objects belong to different countries within a continent, the continent map is displayed.
• Country map—When network objects are contained in a single country, the country map is displayed.
• State map—When network objects are contained in North American states within Canada and the United States, the state map is displayed.
• City map—When network objects are contained within a single city’s area limits, the city map is displayed.
• Local region/county map—When network objects are zoomed in to the smallest geographic map area, the local region or county map is displayed.
The network objects displayed in the Geographic Map are either an individual network object or an intuitive blob that represents a collection of network objects.
The “Unknown” section of the map is a place holder for all the network address objects whose location is unspecified. Select a node in the Geographic Location Unknown list. Drag the node to a location on the map, and a message displays, “Are you sure you want to move the node?”
SonicWall GMS 8.7
Administration51
Click Yes to accept this geographic location. The geographic location for the selected node is updated with the new geographical longitude and latitude coordinates. To view or update the location, right click the selected node.
Updating the Location Address and GeocodeThe Geographic View allows you to update the location information for a single node or a group of nodes. There are many GMS deployments where a network administrator sets up and configures multiple SonicWall devices in one location and then deploys these devices in dispersed areas around the world. This is made easy for GMS administrators by right-clicking on the Geographic Map group node icon, and then entering the new location information. The following page displays when you right-click on a node on the Geographic Map.
The location information requires the geographical map address if available, which includes the following information:
• Street
• City
• State
• Zip code
• Country
Alternatively, the location information also requires geo location, which includes the following information:
• Latitude
• Longitude
SonicWall GMS 8.7
Administration52
Enter either the location address or geo location to save the location setting. You can use Locate Geocode or Locate Address to locate based on an Address or a Geo Location, and then complete the other fields based on the location search results. For the best results, enter the location address for SonicWall appliances residing in North America or Europe, and then click Locate Geocode to identify the latitude and longitude coordinates, and for the best results for SonicWall appliances residing outside of North America or Europe, enter the Geo Location for these devices. Locate Address does not provide the best results for devices residing outside North America and Europe because the locate address Web service does not always provide detailed coverage for all areas.
You also can enter the location information for each SonicWall device on the respective FIREWALL | Manage | System > Info page. When the location information is updated on these pages, the Geographic Map is updated instantaneously.
Managing Page and WidgetsSonicWall GMS provides you with the ability to fully customize your Universal Dashboard and your My Default Page by adding Widgets. To edit or add Widgets, click the “cog wheel” icon and the Manage Page and Widgets configuration page displays as shown in the following image.
This section contains the following subsections:
• Adding Widgets on the Universal Dashboard on page 53
• Adding a New Dashboard Page on page 54
Adding Widgets on the Universal DashboardThis section provides information on how to use the Manage Page and Widgets configuration page for the Universal Dashboard. To add a new Widget, select from the pull-down menu the following choices:
• Alerts Widget
• Applications Widget
• Data Usage Widget
• Logs
• Scheduled Tasks
SonicWall GMS 8.7
Administration53
• Sites Widget
• Threat Categories Widget
A maximum of 25 Widgets can be added to the Universal Dashboard or the My Default Page.
Adding a New Dashboard PageThe Universal Dashboard page provides context-sensitive Widgets based on your node selection in the Geographic Map, and the My Default Page provides customizable Widgets that are not context-sensitive to the Geographic Map—because the Geographic Map Widget is not available on the My Default Page or a New Dashboard Page. New Dashboard pages are convenient for network administrators to create customizable Dashboard Widgets for GMS users belonging to a particular GMS domain group. This allows for different Dashboard pages for each user.
To add a new Dashboard page, launch the Manage Page and Widgets settings page by clicking the plus (+) icon in the top-right corner. The following window displays.
Enter a new name for your new Dashboard page. Most commonly, network administrators create new Dashboard pages for managed-security providers servicing customers around the world. You can also create Dashboard pages for your company’s different departments in Engineering and IT Operations for customized Dashboard views.
Managing Your WidgetsEach Widget contains control options at the top tab that include the following options:
• Widget Settings—Click the cog wheel icon to edit, delete, or copy the Widget to another page.
• Refresh Widget—Click the ying yang icon to refresh the data and statistics for the widget. Widgets automatically refresh every 60 seconds.
• Minimize—Click the minimize window icon to hide your Widget in the bottom-right corner.
• Restore/Maximize—Click the four arrows in four corners icon to display the widget in window in maximized view. Click the icon again to restore the Widget back to its original window size.
Widgets can be resized by holding the bottom corners to the desired window size.
NOTE: No Widget containing the same content can be added more than once to the Universal Dashboard or My Default Page.
SonicWall GMS 8.7
Administration54
Widgets can also be reordered by dragging and dropping the selection. Selecting a Widget and dragging it over another Widget changes the top panel to a darker color—this represents a Widget that is overlapping another Widget and the following message displays.
The drop position of the Widget allows you to reorder the position of your widget before the selected widget. For example in this case, The Scheduled Tasks Widget is placed in the drop position before the Applications Widget. The Dashboard page refreshes and now the widgets are reordered as follows:
1 Sites Widget
2 Scheduled Tasks Widget
3 Applications Widget
4 Logs Widget
You can also re-order the position of Widgets by using the Manage Page and Widgets Settings configuration page. In the Manage Page and Widgets Settings configuration page, drag the Widget you want to re-order to your preferred drop location. The two Widgets swap locations.
Using the Universal Scheduled Reports ApplicationScheduled Reporting has been an essential reporting component since the initial release of the GMS product. It provides management interfaces to let the user setup schedules and configure reports to be exported in a periodic fashion and in various report formats. A typical scheduled report configuration is broken down by functionality (Firewall, SMA (Secure Mobile Access), ES (Email Security), and Monitor) and by nodes (Group and Unit). You need to navigate to separate views to configure scheduled reports for different nodes. The Universal Scheduled Reporting application streamlines the configuration processes to unify and enhance the existing functionality to the system-wide usage patterns. This allows you to collect report data from multiple appliances and create a single global report.
SonicWall GMS 8.7
Administration55
To configure the Universal Scheduled Reports application, refer to the following sections:
• Using the Manage Templates Component on page 56
• Adding a Scheduled Report Component on page 61
• Managing the Scheduled Reports Component on page 71
Using the Manage Templates ComponentManage Templates are used to create a template that makes up the list of reports at group level or unit level. The list of available reports for each of the product types (Firewall, SMA (Secure Mobile Access), ES (Email Security)) are abstract, so all the available reports in the system are presented here. The report list contains the appliance firmware and shows all the available reports in GMS for the appliance. This decision on which report is applicable to a particular firmware version (for example, Application Intelligence is for SonicOS 5.8 and above) is made at run time when the scheduled report engine is ready to create the report. The schedule report creation and the template usage is detailed in this section.
Adding a Template
To add a template using the Template Manager, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Templates page.
2 Choose the view for the appliance to which you wish to add a template.
3 Select the option for either a for unit or for group template.
SonicWall GMS 8.7
Administration56
4 Click Add Template.
The Add Template window displays.
5 Enter a Name for your template.
6 Visible To Non-Administrators is disabled by default, select the check box to enable this option. This allows the end-users to view a list of all the report templates at a read-only level.
7 Select the check boxes next to the Reports you wish to use for this template.
8 Select the check boxes next to the Policies you wish to use for this template.
9 Click Add. The configured template is now populated in the Template Manager list.
Editing an Existing TemplateThis section details the configuration procedures for editing an existing template. The DASHBOARD | Universal Scheduled Reports > Manage Templates allows you to filter the template list by Name, Level, Owner, and Last Update.
Searching for an Existing Template
To use the Search option to find and edit an existing template, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Templates page.
2 Click the search text field, then enter your search criteria.
A pull-down appears under the search text field.
NOTE: Visible to Non-Administrators is available for SonicWall GMS only.
SonicWall GMS 8.7
Administration57
3 Select a filter for your search criteria by clicking Name, Level, Owner, or Last Update from the search pull-down list. In this example, we are entering “unit” for the search criteria and filtering the search results by level.
The Template Manager window displays the latest search results. Notice the template list now only shows report templates for level: unit.
Editing an Existing TemplateNow that you found an existing template using the search filter, it is time to use the edit option.
NOTE: To clear your search results and return the reports template list back to default, click Clear.
CAUTION: Editing an existing template also changes the associated scheduled reports (if applicable).
SonicWall GMS 8.7
Administration58
1 Click the Edit icon for the report you wish to modify.
The Edit Template window displays.
2 Edit the Name for your template.
3 Visible To Non-Administrators is disabled by default, select the check box to enable this option. This allows the end users to view list of all the report templates at a read-only level.
4 Select the check boxes next to the Reports you wish to use for this template.
5 Select the check boxes next to the Polices you wish to use for this template.
6 Click Update. The configured template is now populated in the Template Manager list.
Deleting a TemplateThe Template Manager offers three different ways to delete a template: deleting a single template, deleting multiple templates, or deleting all templates. Use the section Searching for an Existing Template on page 57 to search for templates to delete.
NOTE: Visible to Non-Administrators is available for SonicWall GMS only.
SonicWall GMS 8.7
Administration59
To delete Universal Scheduled Report Template(s), complete the following steps:
Deleting a Single Template1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Templates page.
2 Click the Trash icon for the template you wish to delete from the Template Manager list.
Deleting Multiple Templates1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Templates page.
2 Click the check boxes for the templates you wish to delete.
3 Click Delete Selected. This button is grayed out by default until a check box is selected.
Deleting All Templates1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Templates page.
2 Select Name, this selects all templates in the list (default templates excluded).
WARNING: Deleting a template(s) creates a cascading task to remove it from the Scheduled Reports that are using this template.
SonicWall GMS 8.7
Administration60
3 Click Delete Selected. This button is grayed out by default until a check box is selected.
Adding a Scheduled Report ComponentUsing Universal Scheduled Reports gives you the ability to schedule reporting for multiple appliances at the same time, combined into a single report. The Scheduled Reporting is a wizard based tool that guides you through the steps for creating a scheduled report by manually selecting reports from the report listing or picking a template created in the section Using the Manage Templates Component on page 56, selecting a theme (cover logos, font colors, title, subtitle), reporting properties (output format, language), scheduling a type (weekly, monthly), and choosing a destination (up to five email addresses can be added for a single report). This section contains the following subsections:
• Searching for a Group or Device on page 61
• Creating a Universal Scheduled Report on page 64
Searching for a Group or DeviceThe Search option allows you to filter the Group/Device list by manually entering a device in the search text field and selecting it from the search pull-down list. You can further filter the Group/Device list by clicking the View pull-down and selecting a view type. The following example guides you through the Device List search process, detailing the versatility of the DASHBOARD | Universal Scheduled Reports > Add a Scheduled Report search options.
SonicWall GMS 8.7
Administration61
ExampleIn this example we are using the Configuration Manager search options to find a SonicWall TZ 210 wireless-N device in the Device List.
1 Select the Firewall view, located at the top of the Configuration Manager window.
2 Click the View drop-down, and select a view type from the list. In this example, we are selecting ModelView (GlobalView is selected by default), because we are searching for an exact appliance model. You can also filter the Device List by FirmwareView.
NOTE: Navigate to DASHBOARD | Universal Scheduled Reports > Add A Scheduled Report. The Monitor view is only available for SonicWall GMS.
SonicWall GMS 8.7
Administration62
The Device List displays all the appliance models.
3 Select the Model: TZ 210 wireless-N.
A list of devices for that appliance model displays.
NOTE: Notice that the search history bar populates each time you filter the list. You can use this to navigate back to previous search results.
SonicWall GMS 8.7
Administration63
You can also click the Search text-box (if you know the exact name of the device), then manually enter the device name or select the device from the pull-down list.
4 Click the Arrow icon to schedule a report for that appliance. Refer to Creating a Universal Scheduled Report on page 64 for configuration procedures.
Creating a Universal Scheduled ReportThe DASHBOARD | Universal Scheduled Reports > Add a Scheduled Report allows you to create a single report for multiple appliance models/devices at a group and unit level. The following example guides you through the report configuration process, including: selecting reports, general information, theme Information, and permissions management, detailing the versatility of Universal Scheduled Reporting.
In this example we are using the Configuration Manager to schedule a single report for a Firewall appliance model (group level) and SMA devices (unit level).
SonicWall GMS 8.7
Administration64
Selecting Reports1 Navigate to DASHBOARD | Universal Scheduled Reports > Add a Scheduled Report.
2 Select the Firewall view, located at the top of the Configuration Manager window.
3 Search for the TZ 400 model group. Refer to steps 1-3 in Searching for a Group or Device on page 61.
4 Click the Arrow icon for the Model: TZ 400.
The Reports view displays in the Reports List.
5 Click the Reports view, then select the check boxes for reports you wish to include or click the Use Templates link to choose a default template or one you created.
6 Click the Policies view, then select the check boxes for the policies you wish to include or click the Use Templates link to choose a default template or one you created.
NOTE: The MONITOR view is only available for SonicWall GMS.
NOTE: When you select reports in the Reports and Policies views, they populate in the list of Selected Reports located on the right side of the Configuration Manager page. The Selected Reports panel allows you to organize the list by dragging and dropping reports/devices, collapse the reports lists for each device (clicking the arrow next to the device name), and add a note to a report/device.
SonicWall GMS 8.7
Administration65
7 Click the Flows view, then select the check boxes for the flows you wish to include.
8 Click the SWARM view, then select the check box to include a SWARM flow summary.
The reports for the Firewall model group are now selected, next is choosing reports for the SMA device.
9 Select the SMA view.
The SMA models display in the Device List.
10 Click the desired model.
The Device List displays all the SMA devices.
11 Click the Arrow icon for the desired SMA.
The Reports window displays in the Reports List.
12 Select the check boxes for the reports you wish to include or click the Use Templates link to choose a created template.
13 Click the Policies view, then select the check boxes for the policies you wish to include or click the Use Templates link to choose a default template or one you created.
14 Click the Flows view, then select the check boxes for the flows you wish to include.
15 Click the SWARM view, then select the check box to include a SWARM flow summary.
16 Click Next (lower right corner).
The General Information page displays.
NOTE: The settings entered in the Task Info, Format/Settings, and Email/Archive Info sections, populate in the Configurations panel located on the right side of the General Information page.
SonicWall GMS 8.7
Administration66
17 Enter the following in the Task Info panel:
• Task Name: Example Report 1
• Task Description: This is an example for configuring a Universal Scheduled Report
18 Select the following in the Format/Settings panel:
• Report Type: Daily, Weekly, or Monthly
• Report Format: PDF or XML If XML is selected, the following changes to the management interface occur:
• The One Report Per XML file check box displays. If you click the box, one XML file per report is generated. In this scenario, the number of XML files created is equal to the number of reports chosen.
[
• The ZIP Password Protection option is grayed out.
• Report Language: English, Japanese, Chinese (Simplified), Chinese (Traditional), Korean, Spanish, or Portuguese.
• Report Rows Display: 5, 10, 20, 50, 100, 250
• Disable the Report: Yes or No
• Zip the Report: Yes or No
• PDF Password Protect: Yes or No (If Yes is selected, a pop-up window appears and prompts you to enter the Password)
19 Click Archive to save a PDF/XML report to a folder.
20 Complete the following in the Email / Archive Info panel:
• Click E-mail to send a PDF report to an email account or alias.The Email configuration options display.
• Click the E-Mail Destination pull-down, then select an Administrator, Appliance User, or enter multiple Adhoc Users (separated by semicolons).
SonicWall GMS 8.7
Administration67
• Click Add after each selected destination. The E-Mail Destination populates in the list.
• Enter the E-mail Subject: Weekly Firewall and SMA Report
• Enter the E-Mail Body: This Universal Scheduled Report contains the SonicWall TZ 210 wireless-N group and SMA 2000 unit
• Click Archive to save a PDF/XML report to a folder.
• Archive Folder path: C:\GMSVP\ArchiveReports
21 Click Next (lower right corner).
NOTE: Multiple destinations can be sent in a single E-mail.
SonicWall GMS 8.7
Administration68
Theme Information
The Theme Information page displays. If XML is selected from the General Information page, the Theme Information page is not displayed.
22 Select / Enter the following in the Cover Page panel:
• Cover Logo: Select a logo (click the pull-down and select a cover logo image) or Upload a logo (click Browse and Preview to upload a logo)
• Cover Title: Enter a name (Weekly Data Usage Report) for your Universal Scheduled Report, then select or enter the foreground and background colors
• Cover Subtitle: Enter a subtitle (U.S Engineering Department) for your Universal Scheduled Report, then select or enter the foreground and background colors
23 Select or enter the following in the Report Page panel:
• Report Title: Foreground and Background colors
• Report Description: Foreground and Background colors
NOTE: The settings entered in the Cover Page and Report Page panels automatically update in the image located on the right side of the Theme Information page. To preview the cover / report pages, select the Cover Page or Report Page views.
SonicWall GMS 8.7
Administration69
24 Click the Cover Page and Report Page tabs to preview your Universal Scheduled Report.
25 Click Next to manage permissions. Continue to the next step.
OR
Click Finish to complete the report. The report is now scheduled and can be found in the Dashboard | Universal Scheduled Reports > Manage Scheduled Reports page.
26 In the Users panel, select users that you want to give permission to resend or manage this scheduled report. The selected users populate in the Selected Users panel.
NOTE: When the Universal Scheduled Report PDF is exported, a table of contents is created. This allows you to quickly browse through your scheduled reports.
NOTE: —Only the Schedule Report Creator can assign permission resend and manage privileges to other users.—If the Scheduled Report contains reports for multiple units and multiple reports, then the grantee should have permissions to the units and reports which are included for the scheduled report.—Users under the Administrators group have access to all the schedule reports.
SonicWall GMS 8.7
Administration70
27 In the Action Permissions for Schedule Report panel, click the check box for the type of permissions to give the selected user:
• Resend—users with permissions to resend can only run the report.
• Manage—users with manage permissions can run and edit (manage) the report.
28 Click Finish to complete the report. The report is now scheduled and can be found in the DASHBOARD | Universal Scheduled Reports > Manage Scheduled Reports page.
Managing the Scheduled Reports ComponentManaging Scheduled Reports is used to manage the scheduled report task inventory by resending, Emailing / archiving now, editing, and deleting scheduled reports.
SonicWall GMS 8.7
Administration71
Resending a Scheduled Report
To resend a scheduled report, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Scheduled Reports page.
2 Use the filter options to search for a report in the Scheduled Report Management list, select the check box of the report you wish to resend.
3 Click Resend for Data Range.
The Select Data Range pop-up window displays.
4 Enter the Start / End dates by clicking the Calender icon and selecting the dates.
5 Click Re-send.
The Info pop-up window displays, confirming the schedule resend is complete.
6 Click OK.
SonicWall GMS 8.7
Administration72
Emailing/Archiving Now
To Email/Archive a Universal Scheduled Report before its scheduled sending date, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Scheduled Reports page.
2 Use the filter options to search for a report to Email /Archive in the Scheduled Report Management list.
3 Select the check box next to the report name.
4 Click Email/Archive Now.
The Info pop-up window displays, confirming the immediate processing of Email / Archive.
5 Click OK.
Your Scheduled report is now Emailed and Archived.
Editing a Scheduled Report
To edit an existing scheduled report, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Reports > Manage Scheduled Reports page.
SonicWall GMS 8.7
Administration73
2 Use the filter options to search for a report in the Scheduled Report Management list, click the Edit icon for that Report.
3 To edit the Scheduled Report, use the same configuration procedure shown in the section Creating a Universal Scheduled Report on page 64.
Disabling a Scheduled Report
To disable a scheduled report, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Report > Manage Scheduled Reports page.
2 Click on the Edit icon for the report you wish to disable.
The Universal Scheduled Reports - Configuration Manager window displays.
3 Click Next.
The General Information Page displays.
SonicWall GMS 8.7
Administration74
4 In the Format / Settings panel, navigate to the Disable the Report option and click Yes.
Deleting a Scheduled Report
To delete an existing Universal Scheduled Report, complete the following steps:
1 Navigate to the DASHBOARD | Universal Scheduled Report > Manage Scheduled Reports page.
2 Use the filter options to search for a report in the Scheduled Report Management list, select the check boxes for the reports you want to delete.
3 Click Delete Selected.
The selected reports are now deleted.
NOTE: To enable the scheduled report, repeat steps 1-3, then click No.
NOTE: You can also use the Trash icon to delete a specific Scheduled Report.
SonicWall GMS 8.7
Administration75
SonicWall GMS 8.7Administration
Part 3
76
Support
• SonicWall Support
4
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.SonicWall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.SonicWall.com/support/contact-support.
SonicWall GMS 8.7
Administration77
About This Document
GMS AdministrationUpdated - May 2019Software Version - 8.7232-004596-01 Rev A
Copyright © 2019 SonicWall Inc. All rights reserved.
SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update the information contained in this document.
For more information, visit https://www.SonicWall.com/legal.
End User Product Agreement
To view the SonicWall End User Product Agreement, go to: https://www.SonicWall.com/en-us/legal/license-agreements. Select the language based on your geographic location to see the EUPA that applies to your region.
Open Source Code
SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code RequestSonicWall Inc. Attn: Jennifer Anderson1033 McCarthy BlvdMilpitas, CA 95035
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
SonicWall GMS 8.7
Administration78