WIXLIB

Installation File / Supported PlatformsRelease VersionSupported Hypervisor VersionsSonicOS 6.5.4 for NSv Series Hyper-VHyper-V 5.0 or higher 11. Windows Sever 2012 and 2016 editions.The SonicWall NSv Series Hyper-V image files are available on MySonicWall. See Obtaining the NSv Image onpage 14 for information.Hardware CompatibilitySonicWall NSv Series is supported on x86-64 platforms supporting Hyper-V 5.0 or higher with sufficientresources. The following section, Product Matrix and Requirements, outlines core, interface, memory, andstorage requirements for different NSv models.Product Matrix and RequirementsThe following tables show the hardware resource requirements for the SonicWall NSv Series virtual appliances.NSv Series Resource RequirementsProduct ModelsNSv 10NSv 25NSv 50NSv 100Maximum Cores12222Minimum Total Cores2222Management Cores1111Maximum Data Plane Cores1111Minimum Data Plane Cores1111Network Interfaces8888Supported IP/Nodes102550100Minimum Memory Required24G4G4G4GMinimum Hard Disk/Storage60GB60GB60GB60GB1. If the actual number of cores allocated exceeds the number of cores defined in the abovetable, extra cores will be used as CPs. Multiple CP support is introduced in 6.5.4.v.2. Memory requirements are higher with Jumbo Frames enabled. See the MemoryRequirements on NSv with Jumbo Frames Enabled vs Disabled table.Product ModelsNSv 200NSv 300NSv 400NSv 800NSv 1600Maximum Cores1234816Minimum Total Cores22222Management Cores11111Maximum Data Plane Cores123715Minimum Data Plane Cores11111Network Interfaces88888NSv Series Hyper-V Getting Started GuideIntroducing NSv Series6

Product ModelsNSv 200NSv 300NSv 400NSv 800NSv 1600Supported tedMinimum Memory Required26G8G8G10G12GMinimum Hard Disk/Storage60G60G60G60G60G1. If the actual number of cores allocated exceeds the number of cores defined in the above table, extracores will be used as CPs. Multiple CP support is introduced in 6.5.4.v2. Memory requirements are higher with Jumbo Frames enabled. See the Memory Requirements on NSvwith Jumbo Frames Enabled vs Disabled table.On NSv Hyper-V deployments with Jumbo Frame support enabled, the Minimum Memory requirements arehigher. This increases TCP performance. See the Memory Requirements on NSv with Jumbo Frames Enabled vsDisabled table below.Memory Requirements on NSv with Jumbo Frames Enabled vs DisabledNSv ModelMinumum Memory –Jumbo Frames EnabledMinimum Memory –Jumbo Frames DisabledNSv 10 / 25 / 50 / 1006G4GNSv 2006G4GNSv 3008G6GNSv 40010G8GNSv 80014G10GNSv 160018G12GNode Counts per NSv PlatformThe supported node count varies by NSv platform. This is the maximum number of nodes/users that canconnect to the NSv at any one time, and is displayed on the System Status page in the MONITOR view. TheMaximum Node Counts Per Platform table shows this information.Maximum Node Counts Per PlatformPlatformMaximum Node CountNSv 1010NSv 2525NSv 5050NSv 100100NSv 200 and higherUnlimitedNode counts are calculated by SonicOS as follows: Each unique IP address is counted. Only flow to the WAN side is counted. GVC (Global VPN Client) and SSL VPN connections terminated to the WAN side are counted. Internal zone to zone is not counted. Guest users are not counted.A log event is generated when the node count exceeds the limit.NSv Series Hyper-V Getting Started GuideIntroducing NSv Series7

Backup and Recovery InformationIn certain situations, it might be necessary to contact SonicWall Technical Support, use SafeMode, or deregisterthe NSv appliance: If the splash screen remains displayed, this can indicate that the disk is corrupted. Please contactSonicWall Technical Support for assistance. If the disk is not recoverable, then the NSv appliance needs to be deregistered with MySonicWall. SeeDeregistering Your NSv on page 30 for information. If SonicOS does not boot up, you can go into SafeMode and download the log files, upload a new SonicOSimage, or take other actions. For information about SafeMode, see Using SafeMode on the NSv on page49. If SonicOS fails three times during the boot process, it will boot into SafeMode. Verify that the minimumrequired memory is available and allocated based on the NSv model. If it still cannot boot up, downloadthe logs while in SafeMode and contact SonicWall Technical Support for assistance.High Availability ConfigurationsNSv virtual firewalls deployed on Hyper-V can be configured as high availability Active/Standby pairs toeliminate a single point of failure and provide higher reliability. Two identical NSv instances are configured sothat when the primary fails, the secondary takes over to maintain communications between the Internet andthe protected network. These redundant NSv instances may share the same license when registered onMySonicWall as associated products. For details, refer to SonicOS 6.5.4 NSv Updates.Additional licensing allows configuration of an Active/Standby pair to handle a Stateful fail-over in which theStandby NSv takes over without having to initialize network connections and VPNs. However, dynamic ARPentries and common virtual MACs are not currently supported. For more details, see the High Availabilitysection in SonicOS NSv 6.5.4 System Setup.Exporting and Importing FirewallConfigurationsMoving configuration settings from SonicWall physical appliances to the NSv Series is not supported. However,configuration settings may be moved from one NSv to another. See the SonicOS 6.5 NSv Series Updatesadministration book and the SonicOS 6.5.4 NSv Series Upgrade Guide on the Technical Publications portal formore information about exporting and importing configuration settings.Go to ntation/ and select “NSv Series” as the product.NSv Series Hyper-V Getting Started GuideIntroducing NSv Series8

Upgrading to a Higher Capacity NSv ModelIt is possible to move up to a higher capacity NSv model, but not down to a lower capacity model. Forinstructions refer to the SonicOS 6.5.4 NSv Series Upgrade Guide on the Technical Publications portal. Go mentation/ and select “NSv Series” as the product.For details on the number of processors and memory to allocate to the VM to upgrade, refer to Product Matrixand Requirements on page 6.To update the VM for processor and memory allocations, power-down the VM then right click on the VM andselect "Edit Settings". The processor and memory settings then appear:Creating a MySonicWall AccountA MySonicWall account is required to obtain the image file for initial installation of the NSv Series Hyper-Vvirtual firewall, for product registration to enable full functionality of SonicOS features, and for access tolicensed security services. For a High Availability configuration, MySonicWall provides a way to associate asecondary NSv that can share security service licenses with your primary appliance.NOTE: MySonicWall registration information is not sold or shared with any other company.To create a MySonicWall account:1 In your web browser, navigate to https://www.mysonicwall.com.2 In the login screen, click the SIGN UP link.NSv Series Hyper-V Getting Started GuideIntroducing NSv Series9

3 Complete the account information, including email and password.NOTE: Your password must be at least 8 characters, but no more than 30 characters.4 Enable two-factor authentication if desired.5 If you enabled two-factor authentication, select one of the following authentication methods: Email (one-time passcode) where an email with a one-time passcode is sent each time you loginto your MySonicWall account. Microsoft/Google Authentication App where you use a Microsoft or Google authenticatorapplication to scan the code provided. If you are unable to scan the code, you can click on a linkfor a secret code. Once the code is scanned, you need only click on a button.6 Click on CONTINUE to go the Company page.7 Complete the company information and click CONTINUE.8 On the Your Info page, select whether you want to receive security renewal emails.9 Identify whether you are interested in beta testing new products.10 Click CONTINUE to go to the Extras page.11 Select whether you want to add additional contacts to be notified for contract renewals.12 If you opted for additional contacts, input the information and click ADD CONTACT.13 Click DONE.14 Check your email for a verification code and enter it in the Verification Code* field. If you did not receivea code, contact Customer Support by clicking on the link.15 Click DONE. You are returned to the login window so you can login into MySonicWall with your newaccount.NSv Series Hyper-V Getting Started GuideIntroducing NSv Series10

2Installing NSv Series on Hyper-VTopics: Preparing the Windows Server System on page 11 Creating Virtual Switches in Hyper-V on page 11 Obtaining the NSv Image on page 14 To Install NSv on Hyper-V on page 15 Troubleshooting Installation Configuration on page 22Preparing the Windows Server SystemBefore installing a SonicWall NSv Series virtual firewall on Hyper-V, prepare the Windows Server system: Install Windows Server 2012 or 2016. Install the Hyper-V Role in the Windows Server system. Refer to the instructions perv-role-on-windows-server Connect the Windows Server system to an external switch.For detailed instructions see the following section: Creating Virtual Switches in Hyper-V.Creating Virtual Switches in Hyper-VMicrosoft Hyper-V allows you to create three types of virtual switches (vSwitches): External vSwitch – binds to a physical network adapter and provides the vSwitch access to a physicalnetwork. Internal vSwitch – passes traffic between the virtual machines and the Hyper-V host. This type of vSwitchdoes not provide connectivity to a physical network. Private vSwitch – passes traffic between the virtual machines on the Hyper-V host only.For an NSv Series Hyper-V deployment, an External vSwitch is required to provide connectivity for NSvmanagement access and for routing traffic to and from the network devices that the firewall is securing (e.g.LAN or DMZ side devices).An Internal vSwitch or Private vSwitch is required when the virtual machines that the firewall is securing (e.g.LAN or DMZ side VM) are created in the same Hyper-V server. The difference between an Internal vSwitch and aPrivate vSwitch is whether to allow traffic between the NSv and the Hyper-V host (via Internal vSwitch or,between the NSv and other virtual systems running under Hyper-V (via Private VSwitch).NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V11

To create an External vSwitch:1 Open the Hyper-V Manager tool.2 To bring up the detailed Actions panel, click on the Hyper-V designation in the upper left and thendouble-click on the name that appears under it.3 Select Virtual Switch Manager.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V12

4 Select External for the type of virtual switch and then click the Create Virtual Switch button.5 Under Virtual Switch Properties, type a descriptive name for the switch into the Name field.6 For Connection Type, select External network and select the physical network adapter that connects tothe external vSwitch from the drop-down list.7 If you want to use this same physical adapter to manage the Hyper-V host at the same time, select theAllow management operating system to share this network adapter check box.NOTE: When the Allow management operating system to share this network adapter option isselected, you need to specify the VLAN ID that is used for this management traffic. If the VLAN ID isnot configured, the management traffic will be untagged.Always make sure to isolate the Hyper-V management traffic from the NSv traffic by using adifferent VLAN ID.8 Repeat Step 4 through Step 7 to create more External vSwitches if there are more physical connectionsdeployed between the Windows Server and the external switch and you would like to use them forrouting NSv traffic.If your NSv will protect virtual machines (LAN or DMZ side VM) located in the same Hyper-V server, perform thenext procedure to create an Internal vSwitch or Private vSwitch.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V13

To create an Internal or Private vSwitch:1 On the Action tab of the Hyper-V Manager tool, select Virtual Switch Manager.2 Select Internal or Private for the type of virtual switch and then click the Create Virtual Switch button.3 Under Virtual Switch Properties, type a descriptive name for the switch into the Name field.4 For Connection Type, select Internal network or Private network.Obtaining the NSv ImageAfter purchasing NSv, you will receive an email with a serial number and Authentication Code. Log intomysonicwall.com (refer to Creating a MySonicWall Account on page 9) and go to My Downloads:NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V14

To Install NSv on Hyper-VTo Install NSv on Hyper-V:1 Download the NSv firewall vhd file to a local folder in the Windows Server system.2 In the Hyper-V Manager window, click Action and select Hyper-V Settings.3 Clear the Allow virtual machines to span physical NUMA nodes option.NOTE: After clearing the Allow virtual machines to span physical NUMA nodes option, theHyper-V Virtual Machine Management service must be restarted to apply the change. To restartthe service, select Action Stop Service, then select Action Start Service in the Hyper-VManager.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V15

4 Create a virtual machine by click Action New Virtual Machine.5 Type a descriptive name for the NSv VM into the Name field.6 If you don’t want to use the default location to store VM files, select the Store the virtual machine in adifferent location check box and enter a different location into the Location field.7 In the Specify Generation screen, select Generation 1. This is the default option and the only versionsupported.8 In the Assign Memory screen, assign the memory based on the NSv system requirements of your NSvSeries Hyper-V model. In general, 4096 MB is the minimum required.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V16

NOTE: Do not select the Use Dynamic Memory for this virtual machine option; this function is notsupported by the NSv Series Hyper-V.9 In the Configure Networking screen, since this is the first network interface to be mapped to X0 in theNSv, do one of the following: Select your Private vSwitch if your LAN (X0) side network devices are virtual machines located inthe same Hyper-V host. Select your External vSwitch if your LAN (X0) side network devices are located external to theHyper-V host.10 In the Connect Virtual Hard Disk screen, select the Use an existing virtual hard disk option and set theLocation field to the folder where you downloaded the NSv vhd file in Step 1.11 Review the summary and click Finish.12 Check the created NSv VM in the Hyper-V Manager tool. The VM is Off by default.13 Right-click the NSv VM and select Settings to open the Edit Settings page.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V17

14 Configure the Number of virtual processors field based on the NSv system requirements of your NSvSeries Hyper-V model. This is the CPU core number. In general, 2 cores are the minimum required.15 Configure the network adapter. The first network adapter is mapped to X0 in the NSv. Configure thevSwitch and VLAN ID which match the network settings in your LAN (X0) side network devices, asconfigured in Step 9.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V18

16 Configure the advanced settings of the network adapter. In the Hardware Acceleration screen, select theEnable virtual machine queue option (enabled by default). This option can improve the NSv firewallperformance.17 To add more network adapters for the NSv, click Add Hardware and select Network Adapter, then clickAdd.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V19

18 Map your second network adapter to X1 (default WAN), which should use an External vSwitch. For theVLAN ID, select Enable virtual LAN identification and enter the VLAN ID of the VLAN that connects to theinternet via the external switch.19 Add more network adapters with a mapping sequence from X2-X7 for a maximum of 8 (X0-X7).NOTE: It is not required to have all eight adapters. SonicOS will run with a minimum of two networkadapters configured.20 Click OK when finished adding network adapters.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V20

21 In the Hyper-V Manager tool, right-click your NSv and select Connect to open the NSv console window.22 Click the Power On button to boot up SonicCore and SonicOS.You are now ready to register your NSv and proceed with SonicOS management.Next steps and related topics: Registering the NSv Appliance from SonicOS on page 25 Registering an NSv Manually in a Closed Network on page 29 Managing SonicOS on the NSv Series on page 33 Using System Diagnostics in SonicOS on page 36 Using the Virtual Console and SafeMode on page 38NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V21

Troubleshooting Installation ConfigurationIf the NSv fails to come up, follow the instruction in Using the NSv Management Console on page 41 to go to theNSv Management Console window or the SonicOS CLI window. Check the boot messages:NOTE: The error messages shown below indicate that the virtual firewall cannot boot.Insufficient Memory AssignmentThe following messages will appear if the virtual machine has insufficient memory. This may occur when doingan NSv installation or a NSv product upgrade.SonicOS boot message:Insufficient memory 4 GB, minimum memory required 10 GB for NSv model: “NSv 800 Beta”Power off the Network Security virtual appliance and assign 10 GB to this virtual appliance.This message can also appear in the Management Console logs as shown in the two following screen shots.NOTE: For details on navigating the NSv Management Console to troubleshoot the installation, seeNavigating the NSv Management Console on page 40.NSv Series Hyper-V Getting Started GuideInstalling NSv Series on Hyper-V22

Memory may be insufficient without a insufficient memory log entry:Incompatible CPUIf the CPU does not support AES instructions the following message will appear:CPU Model Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz is not supported by SonicWall NetworkSecurity VirtualCPU Model Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz

SonicOS 6.5.4 for NSv Series Hyper-V Hyper-V 5.0 or higher 1 1. Windows Sever 2012 and 2016 editions. NSv Series Resource Requirements Product Models NSv 10 NSv 25 NSv 50 NSv 100 Maximum Cores1 1. If the actual number of cores allocated exceeds the number of cores defined in the above table, extra cores will be used as CPs.