sonicwall® global management system...
TRANSCRIPT
SonicWall® Global Management System 9.1Release Notes
August 2018
These release notes provide information about the SonicWall® Global Management System (GMS) 9.1 release.
Topics:
• About SonicWall GMS 9.1
• System Requirements
• New Features
• Resolved Issues
• Known Issues
• Product Licensing
• SonicWall Support
About SonicWall GMS 9.1SonicWall GMS 9.1 release provides new features and functionality, and fixes a number of known issues from previous releases. See New Features, Resolved Issues, and Known Issues sections.
GMS is a Web‐based application that can configure and manage multiple SonicWall appliances and monitor non‐SonicWall appliances from a central location. GMS can be used in a variety of roles in a wide range of networks. Network administrators can use GMS in a Management Console role in an Enterprise network containing a single SonicWall NSA, TZ, or SuperMassive appliance.
GMS 9.1 is easy to install and configure. You can add appliances to GMS management and then monitor the system using the Intelligent Platform Monitor (IPM) functionality.
GMS can be configured as a single server deployment using a distributed installation. You can upgrade GMS 9.0 to 9.1, but because 9.0 is a single server deployment, when upgrading a 9.0 system to 9.1, the 9.0 system will remain a single server deployment. 9.0 cannot be converted into a distributed deployment. To perform a fresh installation of GMS 9.1, refer to the GMS 9.1 Virtual Appliance Getting Started Guide.
SonicWall GMS 9.1Release Notes
1
System RequirementsFor syslog‐based deployments, you can also use the Capacity Planning Tool at https://www.sonicwall.com/en‐us/products/firewalls/management‐and‐reporting/global‐management‐system to determine the specific hardware requirements for your deployment.
GMS Virtual Appliance Supported PlatformsSonicWall GMS 9.1 can be installed as a virtual appliance. The elements of basic VMware structure must be implemented prior to deploying the SonicWall GMS Virtual Appliance. The GMS Virtual Appliance runs on the following VMware platforms:
• ESXi 6.5
Non‐SonicWall Appliance SupportSonicWall GMS provides monitoring support for non‐SonicWall TCP/IP and SNMP‐enabled devices and applications.
System Requirement Minimum Requirements
SonicWall GMS Virtual Appliance • A CPU greater than quad core level• 16 GB RAM (more is recommended for increased performance)• 250 or 950 GB available disk space (depending on number of devices)• thick provisioning
NOTE: GMS is not supported as a VMware virtual machine running in a cloud service, such as Amazon Web Services EC2.
Hard Drive • Spindle Speed: 10,000 RPM or higher• Cache: 64 MB or higher• Transfer rate: 600 MBs or higher • Average Latency: 4 microseconds or lower
Java • Java 8.0 plug‐in
Browser • Google Chrome 42.0 and higher (recommended browser for dashboard real‐time graphics display)
• Mozilla Firefox 37.0 and higher• Microsoft Edge 41 or higher• Microsoft Internet Explorer 10.0 and higher
NOTE: Internet Explorer version 10.0 in Metro interfaces of Windows 8 is currently not supported.
NOTE: When using Internet Explorer, turn off Compatibility Mode when accessing the GMS management interface.
NOTE: Internet Explorer is not supported for Angular‐based flow reports.
Network • access to the Internet• either:
• an IP address automatically assigned through DHCP• a static IP address
SonicWall Appliance and Firmware • SonicOS 6.2 and higher
SonicWall GMS 9.1Release Notes
2
New FeaturesThis section indicates or describes the new features and changes introduced in the GMS 9.1 release. All the new features in GMS 9.1 promote ease of installation, configuration, and licensing make it easier to add devices, and easier to monitor and manage them.
Topics:
• Easy Licensing
• Centralized Management and Monitoring
• Distributed IPM
• Distributed Installation
Easy LicensingGMS 9.1 is designed for Ease of Use. Manual registration of one or more distributed instances is not necessary when the Primary server is already registered to a specific account.
The application automatically registers all distributed instances using the same serial numbers and MySonicWall accounts that were used to register the primary server during deployment.
Centralized Management and MonitoringTo enhance scalability and availability, GMS systems can now be deployed in a distributed setup. Multiple GMS instances with specific role configurations can be deployed in order to scale accurately. Previously, each GMS instance provided a UMH interface in order to configure or maintain the GMS instances. Centralized Management and Monitoring now improves on that ability.
SonicWall GMS 9.1Release Notes
3
To maintain good system health and still achieve system‐wide control, the new Centralized Management and Monitoring feature empowers you to perform system‐wide operations and monitor your system’s health within a single‐user interface.
This high‐level diagram shows how the Centralized Management and Monitoring feature relies on an underlying clustering architecture that interconnects all GMS instances (deployment) to form a GMS cluster. GMS maintains the membership of a cluster, meaning it can detect when a node (a GMS instance) has joined or left the cluster. So indirectly, it detects the up/down state of a GMS instance. Each icon on top of the Console instance represents the new functionality that Centralized Management and Monitoring can provide.
The represents the new Distributed IPM feature as described in the Distributed IPM section that follows.
The represents the operations you can perform on any GMS instance (including the Console itself). For example, the start/stop a service feature, upgrading the GMS firmware, and so on.
The represents your ability to examine system‐level data on any GMS instance. For example, by downloading a log file from a GMS instance.
NOTE: The Centralized Management & Monitoring feature is only available on a SonicLinux‐based GMS virtual machine.
SonicWall GMS 9.1Release Notes
4
Centralized Management Control CenterThe Centralized Management & Monitoring Control Center is accessible by clicking the Gear icon in the top right corner of GMS and selecting Control Center.
Each tile‐based panel represents a separate GMS instance. Identifying information of the GMS instance is clearly listed in the panel. The core functionality is represented in the drop‐down menu when you click the Gear icon. There are four feature functions:
IPM
For more information about the IPM feature, see Distributed IPM as well as the following images:
Threshold Settings
SonicWall GMS 9.1Release Notes
5
Real‐time Monitoring
Historical Data View
SonicWall GMS 9.1Release Notes
6
Service Management
Through the service management user interface, all the installed service(s) of a GMS instance are listed in a tabular format. You can START/STOP service(s) by selecting the checkbox(es) of the service(s) you would like to include and click “Enable/Start,” or “Disable/Stop” to execute the actions.
Log Management
Log Management provides a convenient way for you to download the log files of a GMS instance system. The Log Management user interface allows you to select a single or multiple log files from a predefined directory list. All the log files are zipped into a .ZIP file and can then be downloaded onto your file system.
SonicWall GMS 9.1Release Notes
7
Firmware Upgrade
Firmware Upgrade provides you with capability of upgrading the firmware version of a GMS instance. This functionality is available within a drop‐down menu of a GMS instance.
Distributed IPMDistributed Intelligent Platform Monitoring (DIPM) extends intelligent platform monitoring (IPM) to a clustering environment for improved centralized management.
Centralized ManagementThe following figure provides a high‐level overview of the new feature. DIPM is based on existing clustering framework. The GMS Console and Agents join the same cluster in order to establish the communication channels. The collected clustering information is stored in the SGMS DB database. Each Agent includes an IPM monitor (SAR) that runs in the background to collect and store specific information into a file‐based database (represented by a journal icon in the figure). The GMS Console sends requests to its associated Agents to gain
SonicWall GMS 9.1Release Notes
8
the data used in Settings, Real‐time Monitor, and the Historical View. The Agent, on the other side, pushes the real‐time data back to the Console in order to reflect the LED status.
Distributed LED StateLED status involves two differing communication perspectives (Agent and Console) as shown in the following figures.
Agent Perspective
SonicWall GMS 9.1Release Notes
9
Console Perspective
The functionally of the Agent perspective LEDs (/appliance) has not changed. The local IPM monitor pushes the latest metrics to the IPM Manager on the GMS Agent and, if a client or browser connects to it, the data is used to reflect the LED status.
The highest severity from all the data is shown only in the outer ring of the LED. The LED status changes depending on the average of all the agent's data over a period of 24 hours.
The communication channel between the client or browser and the web server is abi‐directional, making the push from web server to client possible.
Enhanced Informative Tooltip DisplayIn the figure that follows, the top section shows the overall memory utilization (as an average) as well as the threshold settings. The individual Agent instances display current usage in a grid‐based fashion that automatically reflect the latest updated values. An informative tooltip showing the LEDs on the Console has
SonicWall GMS 9.1Release Notes
10
been enhanced to display valuable information in a distributed fashion as well. This figure provides a general impression of how the tooltip might appear.
Distributed InstallationGMS 9.0 emphasized the Ease of Installation, wherein the product could only be installed as a standalone (All‐In‐One) installation. 9.1 takes that emphasis a step further and supports Ease of Installation in a distributed setup. GMS simplifies the installation process even when multiple servers (instances) are required for a larger deployment. The changes include minimizing the sometimes complicated and unnecessary steps required from previous releases.
Installation ModeThe Installation Mode wizard allows you to select between a Single Server vs Distributed installation.
You must decide the type of deployment your application is going to be before the installation procedure begins. You should know whether this deployment is going to be for a single server (All‐In‐One) or a multi‐server (with Consoles and Agents) installation. The steps that follow show the Wizard sequence and where each screen leads.
SonicWall GMS 9.1Release Notes
11
Install Mode Selection Tool Introduction
Install Mode Selection
Decide which of the two installation options best match your requirements.
SonicWall GMS 9.1Release Notes
12
Single Server Deployment
Is this going to be an All‐In‐One (AIO) installation (single server deployment)?
SonicWall GMS 9.1Release Notes
13
Distributed Installation
Is this going to be part of a Distributed Deployment installation (Console and many Agents with it)?
Installation roles (in the configuration files) also vary for these installation modes. These apply to the Primary server in the deployment.
Distributed Mode Selection
This selection screen is applicable to Distributed Mode only. After you have chosen a distributed installation during the previous step, this page appears.
Console Installation
The Primary server's installation is as a Console. The database should also be configured here. Either the embedded MySQL can be used locally, or a remote SQL Server can also be connected. The database configuration page appears in the next step, which is available only for this selected mode.
SonicWall GMS 9.1Release Notes
14
Agent Installation
Use this option for other servers in the deployment, such as a redundant Console, Agents, Flow Agents, and so on.
SonicWall GMS 9.1Release Notes
15
When installing an Agent, pointing to the primary Console is all that is necessary. The Agent installation queries the web services module to gather all the information needed to complete this server's installation without requiring any further input from you.
The wizard requests you enter the Host IP/Name of the server that is already setup as the primary server. The host being installed then contacts the primary server at the specified address to capture additional information
SonicWall GMS 9.1Release Notes
16
to complete the setup. You do not have to re‐enter these settings. GMS automatically figures out the details by contacting the primary server. See the Web Services interface for additional details.
The DB configuration, reporting mode configuration, and the licensing information are collected from the primary server and used during the next steps of the installation. The collection of this information from the primary server happens after the Next button is clicked in the “Install mode” step of the wizard.
A valid hostname or IP address must be specified. In the event of a failure, an error message displays.
SonicWall GMS 9.1Release Notes
17
Database Configuration
This screen is applicable to distributed modes only. After you have chosen the distributed installation in the previous step, using Console only. A database configuration is necessary for both embedded MySQL and remote SQL servers in order to continue with the installation.
MySQL Database
Role Configuration
This screen only applies to distributed modes. After you have chosen the distributed installation in the previous step selecting Agent only. List the roles that are applicable for a distributed setup. The roles available appear in the screen shot that follows.
NOTE: The All‐In‐One option does not appear as a role in this step.
SonicWall GMS 9.1Release Notes
18
For Flow‐based deployments the following roles are available.
Reporting Type Selection
Every deployment must be configured with a pre‐selected reporting type because the services installed vary based on the type of reporting selected. This selection appears only when choosing All‐In‐One (Default) or Console (Custom ‐ Multi) installations.
SonicWall GMS 9.1Release Notes
19
There are three options from which to select:
• Flow‐based reporting ‐ IPFix is used to generate the reports for all managed units.
• Syslog‐based reporting ‐ Syslog is used to generate the report for all managed units.
• None ‐ No reporting is selected. You can use only the Management capabilities of the application.
SonicWall GMS 9.1Release Notes
20
Summary
This screen summarizes your selections and then applies them when you select Apply. You also have the option of going back anytime to make changes to your selection and completing the configuration in the final summary screen by selecting Apply.
SonicWall GMS 9.1Release Notes
21
SonicWall GMS 9.1Release Notes
22
Configure RoleAs a final step in your Installation, GMS works in the background using the settings configured through the wizard (described previously). The status from this operation is updated dynamically in the Summary screen, including reasons for the failure when the entire operation fails.
Resolved IssuesThe following is a list of issues addressed in this release.
AppFlow Server
Resolved Issue Issue ID
GMS cannot acquire an NSA 5600. 207243
The GMS user interface does not list any options under the View column. 200457
Appliance
Resolved Issue Issue ID
GMS agents require the gear icon to “Switch” to /SGMS and then to be able to login to the /SGMS interface for an Agent.
200468
Backend Communication
Resolved Issue Issue ID
Adding a secondary server (Agent) to an existing Distributed setup on the role configuration screen updates the wrong IP address for the database host.
207097
Console Panel
Resolved Issue Issue ID
Tiles do not appear correctly on the system status screen for distributed setup with 9112 and MSSQL.
207109
The drop‐down to select between “Firewall,” “SMA”, and “ES” appliances is not available even after the SMA and ES checkboxes are enabled in Management > Settings.
207094
Firewall Configuration
Resolved Issue Issue ID
GMS is reporting an unknown model code. 203582
Policies Panel
Resolved Issue Issue ID
The Event Alert mail (Unit Status) contains the smtptest .ZIP file. 197481
Reports Panel
Resolved Issue Issue ID
The sort feature is not functioning as expected in the Browse Time column of REPORTS | Web Activity > Initiators.
204905
SonicWall GMS 9.1Release Notes
23
Known IssuesThe following is a list of issues known to exist at the time of the GMS 9.1 release.
Schedulers
Resolved Issue Issue ID
Some GMS tasks do not execute as expected. 202029
Summarizer
Resolved Issue Issue ID
Syslogs not being properly summarized and are instead appearing as filenames. 169856
Analytics Panel
Known Issue Issue ID
Viruses do not list correctly on the Analytics > Threats screen. 208112
Botnet data does not appear correctly on the Analytics > Threats screen. 208056
AppFlow Server
Known Issue Issue ID
The manual/auto feature of the Flow Server configuration does not appear as expected in the Add Unit window.
208066
GMS Flow Server support for SOHO units should not be available, but incorrectly shows that it is. 196578
A “Flow Server is DOWN” error message incorrectly appears in Flow Agent > Devices. 195526
Appliance
Known Issue Issue ID
The SQL script .ZIP file downloaded from the Install Mode wizard appears empty (0 bytes). 208644
In the GMS /appliance, a “Database: Start Action Failed” message appears when the Services > Start/Restart feature is scheduled using MSSQL.
208441
Units are not being acquired at the operating system level after changing the static IP at techSupport.html.
208348
On new GMS installations, restoring a configuration from a complete backup does not function correctly.
198223
AppFlow does not function correctly after restoring a configuration from a complete backup. 198222
Console Panel
Known Issue Issue ID
Workflow is not functioning as expected. 208504
Adding a Change Order or Audit Report template does not function correctly on the Add Template| Policies screen.
208363
Clicking Find Next and Find Previous on the Users > User List screen does not navigate as expected.
208284
SonicWall GMS 9.1Release Notes
24
An incorrect value for “Number of Flow Agents up” appears when using the Flow Agent. 208253
The Console Web Services does not show any content or links. 207102
The System Status tiles do not appear correctly for the Role in Agent_Instance. 206845
Web services do not show any Service URL details in the Console > Web Services screens. 201530
Web Services does not show any Service URL details on the Console > Web Services screen. 201530
URLs on the Webservices screen still point to old IP addresses though the AGent IP addresses have already been changed by DHCP.
199111
Dashboard Panel
Known Issue Issue ID
The Botnet value on the Dashboard screen is not correct. 208431
GMS Configuration
Known Issue Issue ID
Unit does not support Flow Reporting and is not being added into the Flow database. 207888
Heterogenous Management
Known Issue Issue ID
Filtering users by Access Methods and then paginating to the next page returns a “No Matching Records Found” message.
197924
Filtering users by the number of WAF Threats Prevented returns a “No Matching Records Found” message.
197919
Installation/Upgrade
Known Issue Issue ID
The Product Registration screen appears in error after the Easy Licensing process has completed. 207093
After completing a Role Configuration and then switching to the /SGMS page, GMS fails and then does not correctly load the user interface.
207086
The /SGMS page required a password change twice within 20 minutes of a new installation. 204209
After a successfully reregistering GMS, the screen redirects back to registration page and requires a new registration.
203601
After configuring the default AppFlow‐based role time settings, they cannot be updated through a Firefox browser.
195819
Configuring the Flow Server role in the Role Configuration Tool Wizard incorrectly displays the Flow Agent Paired IP configuration.
194960
IPM
Known Issue Issue ID
IPM displays multiple threshold warnings. 202241
Console Panel (Continued)
Known Issue Issue ID
SonicWall GMS 9.1Release Notes
25
Licensing
Known Issue Issue ID
GMS is unable to register 12‐digit serial numbers from accounts with older 8‐digit serial numbers.
203326
Net Monitor
Known Issue Issue ID
Net Monitor does not display the Agent/Flow server instance services correctly on the Console > Monitor screen.
208054
Policies Panel
Known Issue Issue ID
An “HTTP Status 500 ‐ InjectionAttempt” error appears when configuring a Network Interface and selecting a Network Zone that includes special characters.
208566
Clicking the last Log entry on the UTM > Status screen does not redirect users as expected to that location on the Console > Log screen.
208230
The daily automatic Settings Backup & Restore option does not function as expected. 208152
There are no predefined alerts for unit WAN status found in Policies > E vents > Alert Settings. 205183
Adding new partitions resets options previously chosen on the Users > Settings page. 197434
The Reverse Inheritance feature for some MAC IP anti‐spoof entries does not function correctly for TZ300 units.
195992
Reports Panel
Known Issue Issue ID
Status information does not appear as expected on the Reports and Analytics screens. 208542
The Reports > Status and Home > Status screens are showing an “HTTP Status 500 Error” on the “All in One ‐ Flow Server” setup instead of the correct status.
195685
The ability to exclude certain hours in a custom user activity report is missing. 177684
Tree Control
Known Issue Issue ID
Selecting a Flow Agent at the Group level while reassigning agents does not update as expected. Units under the Flow Agent are also not being updated.
208562
The Reassign Agent window shows a blank Flow Server agent IP window even though a Flow Server is assigned and Flow is functioning correctly.
200526
The Flow Server Assignment for a unit does not happen automatically for AIO‐FS setup, 200459
Universal Scheduled Reports
Known Issue Issue ID
Adding a new template to existing Access Points causes Rouge Access Points to display twice. 208366
Change Audit Report appears twice in the User .PDF report. 208365
Flow Report categories do not appear as expected on the Add Template screen. 208239
SonicWall GMS 9.1Release Notes
26
Product LicensingThe SonicWall GMS Virtual Appliance comes with a base license to manage either 5, 10, or 25 nodes. You can purchase additional licenses on MySonicWall. For more information on licensing additional nodes, visit: https://www.sonicwall.com/en‐us/support/contact‐support/licensing‐assistance.
SonicWall network security appliances must be registered on MySonicWall to enable full functionality and the benefits of SonicWall security services, firmware updates, and technical support. Log in or register for a MySonicWall account at https://mysonicwall.com.
The On‐Demand PDF report shows the report generation period incorrectly. 208183
Templates created for Flow Reports do not appear as expected in the User > Configuration Manager.
200048
User Interface
Known Issue Issue ID
The Reporting screen changes to Syslog‐based reporting after switching from the firewall to SSLVPN.
208160
Multiple screens such as Dashboard, Reports, Real Time/Live Monitor do not load as expected in the Microsoft Edge browser.
208073
In the Flow Dashboard, the shortcut for Graphs should be removed as the screen is not available in the Analytics view.
197794
Workflow
Known Issue Issue ID
The Audit/Compliance .PDF report incorrectly shows “Task has not been created” and “Execution time: NA”
208426
Universal Scheduled Reports (Continued)
Known Issue Issue ID
SonicWall GMS 9.1Release Notes
27
SonicWall SupportTechnical support is available to customers who have purchased SonicWall products with a valid maintenance contract and to customers who have trial versions.
The Support Portal provides self‐help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact‐support.
SonicWall GMS 9.1Release Notes
28
Copyright © 2018 SonicWall Inc. All rights reserved.
This product is protected by U.S. and international copyright and intellectual property laws. SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners.
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates' products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON‐INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserve the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/eupa. Select the language based on your geographic location to see the EUPA that applies to your region.
Last updated: 8/13/18
232‐004258‐00 Rev A
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
SonicWall GMS 9.1Release Notes
29