Transcription
SONICWALL GLOBALMANAGEMENT SYSTEMComprehensive security management, monitoring, reporting and analyticsA winning security management strategydemands deep understanding of thesecurity environment to promote betterpolicy coordination and decisions. Nothaving an enterprise-wide view of the fullsecurity construct often leavesorganizations at risk to preventablecyber-attacks and compliance violations.Using numerous tools running ondifferent platforms and reporting data indifferent formats make security analyticsand reporting operationally inefficient.This further impairs the organization’sability to quickly recognize and respondto security risks. Organizations mustestablish a systematic approach togoverning the network securityenvironment to overcomethese challenges.SonicWall Global Management System(GMS) solves these challenges. GMSintegrates management and monitoring,analytics, forensics and audit reporting.This forms the foundation of a securitygovernance, compliance and riskmanagement strategy. The feature-richGMS platform gives distributedenterprises, service providers and otherorganizations a fluid, holistic approachto unifying all operational aspects oftheir security environment. With GMS,security teams can easily manageSonicWall firewall, wireless accesspoint, email security and secure mobileaccess solutions, as well as third-partynetwork switch solutions. This is alldone via a controlled and auditablework-stream process to keep networkssharp, safe and compliant. GMSincludes centralized policy managementand enforcement, real-time eventmonitoring, granular data analytics andreporting, audit trails, and more, undera unified management platform.Benefits: Establishes a unified securitygovernance, compliance and riskmanagement security program Adopts a coherent and auditableapproach to security orchestration,forensics, analytics and reporting Reduces risk and provide a fastresponse to security events Provides an enterprise-wide view ofthe security ecosystem Automates workflows and assuressecurity operation compliance Operationalize firewalls at remote andbranch offices in four easy steps withZero-Touch Deployment Provisions, manages and monitors SDWAN deployment, connectivity andperformance centrally Reports on HIPAA, SOX, and PCI forinternal and external auditors Deploys fast and easy with software,virtual appliance or cloud deploymentoptions — all at a low costGOVERNS CENTRALLYCOMPLIANCERISK MANAGEMENT Establish an easy path to comprehensivesecurity management, analytic reportingand compliance to unify your networksecurity defense program Helps make regulatory bodies andauditors happy with automatic PCI,HIPAA and SOX security reports Move fast and drive collaboration,communication and knowledge acrossthe shared security framework Customize any combination of securityauditable data to help you move towardsspecific compliance regulations Make informed security policy decisionsbased on time-critical and consolidatedthreat information for higher level ofsecurity efficiency Automate and correlate workflowsto form a fully coordinated securitygovernance, compliance and riskmanagement strategyGMS provides a holistic approach to security governance, compliance and risk management
Workflow AutomationEmploying native workflow automation,GMS helps security operations conformto firewall policy change managementand auditing requirements of variousregulatory laws such as PCI, HIPPA andGDPR. It enables policy changes byapplying a series of rigorous proceduresfor configuring, comparing, validating,1. CONFIGUREAND COMPAREGMS configurespolicy changeorders and colorcodes differencesfor clearcomparisonsreviewing and approving firewall policiesprior to deployment. The approval groupsare flexible to comply with varyingauthorization and audit procedures fromdifferent types of organizations.Workflow automation programmaticallydeploys sanctioned security policies toimprove operational efficiency, mitigaterisks and eliminate errors.2. VALIDATEGMS performs anintegrity validationof the policy’s logic3. REVIEW &APPROVEGMS emailsreviewers and logsa (dis)approvalaudit trail of thepolicyGMS provides a holisticapproach to securitygovernance, complianceand risk management.4. DEPLOY5. AUDITGMS deploys thepolicy changesimmediately or ona scheduleThe change logsenable accuratepolicy auditing andprecise compliancedataGMS Workflow Automation: Five steps to error-free policy managementPartner Enabled ServicesNeed help to plan, deployor optimize your SonicWallsolution? SonicWallAdvanced ServicesPartners are trainedto provide you withworld class professionalservices. Learn more atwww.sonicwall.com/PES.2
Zero-Touch DeploymentIntegrated into GMS is the Zero-TouchDeployment service, which simplifies andspeeds the provisioning process forSonicWall firewalls at remote and branchoffice locations. The process requiresminimal user intervention and is fullyautomated to operationalize firewalls atscale in four easy deployment steps. Thissignificantly reduces the time, cost andcomplexity associated with installationand configuration, while security andconnectivity occur instantly andautomatically.STEP 1REGISTER THE FIREWALLRegisters the new firewall in MySonicWall using its assigned serialnumber and authentication code.STEP 2CONNECT THE FIREWALLConnects the firewall to the network using the ethernet cable that camewith the unit.STEP 3POWER UP THE FIREWALLPower up the firewall after connecting the power cable and pluggingit into a standard wall outlet. Units are automatically assigned a WANIP using DHCP server. Once connectivity is established, the unitis automatically discovered, authenticated, and added to CaptureSecurity Center with all licensed and configurations synchronized withMySonicWall and License Manager.STEP 4MANAGE THE FIREWALLThe unit is now operational and managed via the Capture Security Centercloud-based central management console such as firmware upgrades,security patching, and group level configuration changes.Zero-Touch Deployment: Operationalize firewall in four easy steps3
ReportingGMS offers over 140 pre-defined reportsas well as the flexibility to create customreports using any combination of auditabledata to acquire various use case outcomes.These outcomes include big-picture anddetailed awareness of network events,user activities, threats, operational andperformance issues, security efficacy,risks and security gaps, compliance4readiness, and even post-mortemanalysis. Every report is designed, withthe collective input from many years ofSonicWall customer and partnercollaborations. This provides the deepgranularity, scope and knowledge ofsyslog and IPFIX/NetFlow data needed totrack, measure and run an effectivenetwork and security operation.Intuitive graphical reports simplifymanaged appliance monitoring.Administrators can easily identify trafficanomalies based on usage data for aspecific timeline, initiator, responder orservice. They can also export reports to aMicrosoft Excel spreadsheet, portabledocument format (PDF) file or directly toa printer for regular business review.
Security management and monitoring featuresFeatureDescriptionCentralized security andnetwork managementHelps administrators deploy, manage and monitor a distributed network security environment.Federate policy configurationEasily sets policies for thousands of SonicWall firewalls, wireless access points, email security,secure remote access devices and switches from a central location.Change Order Managementand Work FlowAssures the correctness and compliance of policy changes by enforcing a process for configuring,comparing, validating, reviewing and approving policies prior to deployment. The approval groupsare user-configurable for adherence to company security policy. All policy changes are logged inan auditable form that ensures the firewall complies with regulatory requirements.All granular details of any changes made are historically preserved to help with compliance, audittrailing, and troubleshooting.Zero-Touch DeploymentSimplifies and speeds the deployment and provisioning of SonicWall firewalls remotely using thecloud. Automatically pushes policies; performs firmware upgrades; and synchronizes licenses.SD-WAN ProvisioningCentrally provision, manage and monitor SD-WAN deployment and connectivity with ease acrossa distributed enterprise environment.Sophisticated VPN deploymentand configurationSimplifies the enablement of VPN connectivity, and consolidates thousands of security policies.Offline managementEnables scheduling of configurations and firmware updates on managed appliances to minimizeservice disruptions.Streamlined license managementSimplifies appliance management via a unified console, as well as the management of security andsupport license subscriptions.Universal dashboardFeatures customizable widgets, geographic maps and user-centric reporting.Active-device monitoring andalertingProvides real-time alerts with integrated monitoring capabilities, and facilitatestroubleshooting efforts, thus allowing administrators to take preventative action and deliverimmediate remediation.SNMP supportProvides powerful, real-time traps for all Transmission Control Protocol/Internet Protocol (TCP/IP) and SNMP-enabled devices and applications, greatly enhancing troubleshooting efforts topinpoint and respond to critical network events.Application Visualizationand IntelligenceShows historic and real-time reports of what applications are being used, and by which users.Reports are completely customizable using intuitive filtering and drill-down capabilities.Rich integration optionsProvides application programming interface (API) for web services, command line interface(CLI) support for the majority of functions, and SNMP trap support for both service providersand enterprises.Dell Networking X-Series switchmanagementDell X-Series switches can now be managed easily within TZ, NSA and SuperMassive seriesfirewalls to offer single-pane-of-glass management of the entire network security infrastructure.Closed Network SupportDeploy GMS in closed environments, such as highly protected government networks. All licensekeysets and signature files from SonicWall backend services are packaged, encrypted and securelytransferred to the local file system, where GMS can access, upload and then push requiredupdates to all managed security appliances.Security reporting and analyticsFeatureDescriptionBotnet ReportIncludes four report types: Attempts, Targets, Initiators, and Timeline containing attack vectorcontext such as Botnet ID, IP Addresses, Countries, Hosts, Ports, Interfaces, Initiator/Target,Source/Destination, and User.Geo IP ReportContains information on blocked traffic that is based on the traffic’s country of origin ordestination. Includes four report types: Attempts, Targets, Initiators, and Timeline containingattack vector context such as Botnet ID, IP Addresses, Countries, Hosts, Ports, Interfaces,Initiator/Target, Source/Destination, and User5
Security reporting and analytics (continued)FeatureDescriptionMAC Address ReportShows the Media Access Control (MAC) address on the report page. Includes device-specificinformation (Initiator MAC and Responder MAC ) in five report types: Data Usage Initiators Data Usage Responders Data Usage Details User Activity Details Web Activity InitiatorsCapture ATP ReportShows detail threat behavior information to respond to a threat or infection.HIPPA, PCI and SOX reportsIncludes pre-defined PCI, HIPAA and SOX report templates to satisfy security compliance audits.Rogue Wireless AccessPoint ReportingShows all wireless devices in use as well as rogue behavior from ad-hoc or peer-to-peer networkingbetween hosts and accidental associations for users connecting to neighboring rogue networks.Flow analytics and reportsProvides a flow reporting agent for application traffic analytics and usage data through IPFIX orNetFlow protocols for real-time and historical monitoring. Offers administrators an effective andefficient interface to visually monitor their network in real-time, providing the ability to identifyapplications and websites with high bandwidth demands, view application usage per user andanticipate attacks and threats encountered by the network. A Real-Time Viewer with drag and drop customization A Real-Time Report screen with one-click filtering A Top Flows Dashboard with one-click View By buttons A Flow Reports screen with five additional flow attribute tabs A Flow Analytics screen with powerful correlation and pivoting features A Session Viewer for deep drill-downs of individual sessions and packets.Intelligent reporting and activityvisualizationProvides comprehensive management and graphical reports for SonicWall firewalls, email securityand secure mobile access devices. Enables greater insight into usage trends and security eventswhile delivering a cohesive branding for service providers.Centralized loggingOffers a central location for consolidating security events and logs for thousands of appliances,providing a single point to conduct network forensics.Real-time and historic nextgeneration syslog reportingThrough a revolutionary enhancement in architecture, streamlines the time-consumingsummarization process, allowing for near real-time reporting on incoming syslog messages. Alsoprovides the ability to drill down into data and customize reports extensively.Universal scheduled reportsSchedules reports that are automatically created and mailed out across multiple appliances ofvarious types to authorized recipients.Application traffic analyticsProvides organizations with powerful insight into application traffic, bandwidth utilization andsecurity threats, while providing powerful troubleshooting and forensics capabilities.Authentication securityFeatureDescriptionAccount lockoutAccount lockout policy disables a GMS user account if incorrect passwords are entered after aspecified number of allowed attempts during a given period. This helps prevent attackers fromguessing users' passwords and reducing the chance of successful attacks gaining unauthorizedaccess to protected assets and data on the network.Password ComplexityThe password complexity policy sets the minimum guidelines considered important for a strongpassword to log in and access the GMS system.Admin access to specificaddress rangeCustomers will be able to control admin access to specific IP address ranges.6
SonicWall GMS Secure Compliance EnforcementScalable distributed architectureSingleManagementConsoleGMS is an on-premises solution, deployable as a software Benefitsor a virtual appliance. At the core of GMS is a distributed Centralizedmanagementarchitecture that facilitates limitless system availability andscalability. A single instance of GMS can add visibility and Error-free policycontrol over thousands of your network security devicesmanagementunderits management, regardless of location. At the customer Strong access controlfacing level, its highly interactive universal dashboards, loadedComprehensivewith real-time monitoring, reporting, and analytics data,audithelptrailsguide smart security policy decisions, and drive collaboration, PCI, HIPAA, SOXreport templatescommunication and knowledge across the shared securityframework. With an enterprise-wide view of the security Lower operating costsenvironment and real-time security intelligence reaching theright people in the organization, accurate security policies andcontrols actions can be made towards attaining a strongeradaptive security posture.ReportingConvergedInfrastructureSonicWall FirewallSonicWall WANAccelerationX-Series Switchwith PoESonicWallSonicPointPort Expansion ScalabilitySonicWall Global Management System (GMS)On-premise GMS provides a complete and scalable security management, analytic and reporting platform for distributed enterprisesand data centers.Distributed EnterpriseHeadquartersBranch OfficesSecure Wireless ZoneSecure Mobile AccessGlobalManagementSystem (GMS)(Software or virtualappliance)Internal FirewallGuest ZoneIoT ZoneSonicPoint ACeLAN ZoneEmail SecurityRetail LocationsPOSInternetPOSGateway FirewallSwitchInternal FirewallGuestDMZ ZoneWAN AccelerationInternal FirewallServer ZoneInternal FirewallIoTInternational OfficesFirewall Security Services Layers Capture Threat ResearchCapture LabsCapture SandboxApplication ControlContent Filtering Botnet FilteringAnti-MalwareIntrusion PreventionSSL InspectionVPNOn-Premise SonicWall Global Management System Environments7
Feature summaryReportingManagementMonitoring Comprehensive Set of GraphicalReports Ubiquitous AccessIPFIX Data Flows in Real time Compliance Reporting Alerts and NotificationsSNMP Support Diagnostic ToolsActive Device Monitoring and Alerting Customizable Reporting with DrillDown Capabilities Centralized Logging Multi-threat Reporting User-centric Reporting Multiple Concurrent User Sessions Offline Management and Scheduling Management of SecurityFirewall PoliciesSNMP Relay ManagementVPN and Firewall Status MonitoringLive Syslog Monitoring and Alerting Management of Security VPN PoliciesAuthentication Security Management of Email Security PoliciesAccount lockout New Attack Intelligence Management of Secure RemoteAccess/SSL VPN PoliciesPassword Complexity Bandwidth and Services Reportper Interface Management of Value AddedSecurity Services Reporting for SonicWall FirewallAppliances Define Policy Templates at theGroup Level Reporting for SonicWall SRA SSLVPN Appliances Policy Replication from Device to aGroup of Devices Universal Scheduled Reports Policy Replication from Group Level toa Single Device Application Usage Reporting Granular Services Reporting Next-generation Syslog and IPFIXReporting Redundancy and High Availability Flexible and Granular NearReal-Time Reporting Provisioning Management Per User Bandwidth Reporting Dynamic Management Views Client VPN Activity Reporting Detailed Summary of Services overVPN Report Rogue Wireless Access Point ReportingSRA SMB Web Application Firewall(WAF) Reporting Scalable and Distributed Architecture Unified License Manager Command Line Interface (CLI) Web Services Application ProgrammingInterface (API) Role Based Management (Users,Groups) Universal Dashboard Backup of preference files for firewallappliances SD-WAN Zero-Touch Deployment Closed network support Firewall Sandwich support8Admin access to specific address range
Minimum system requirementsBelow are the minimum requirements for SonicWall GMS withrespect to the operating systems, databases, drivers, hardwareand SonicWall-supported appliances:Supported databasesOperating system1Internet browsers External databases: Microsoft SQL Server 2012 and 2014 Bundled with the GMS application: MySQL Microsoft Internet Explorer 11.0 or higher (do not usecompatibility mode) Windows Server 2016 Windows Server 2012 Standard 64-bit Windows Server 2012 R2 Standard 64-bit (English andJapanese language versions) Mozilla Firefox 37.0 or higher Google Chrome 42.0 or higher Safari (latest version) Windows Server 2012 R2 DatacenterSupported SonicWall appliances managed by GMSHardware requirements SonicWall Network Security Appliances: SuperMassiveE10000 and 9000 Series, E-Class NSA, NSa Series, andTZ Series appliances Use the GMS Capacity Calculator to determine the hardwarerequirements for your deployment.Virtual appliance requirements Hypervisor: ESXi 6.5, 6.0 or 5.5 Use the GMS Capacity Calculator to determine the hardwarerequirements for your deployment.VMware Hardware Compatibility h.php SonicWall Network Security Virtual Appliances: NSv Series SonicWall Secure Mobile Access (SMA) appliances:SMA Series and E-Class SRA SonicWall Email Security appliances All TCP/IP and SNMP-enabled devices and applications foractive monitoringGlobal Management System (GMS) ordering in
SONICWALL GLOBAL MANAGEMENT SYSTEM Comprehensive security management, monitoring, reporting and analytics . cyber-attacks and compliance violations. Using numerous tools running on . PCI and SOX reports Includes pre-defined PCI, HIPAA and SOX report template
