SonicWall GMS 8.7 Software PDF Free Download

2y ago

31 Views

1 Downloads

2.81 MB

59 Pages

Report/dmca

Download PDF

Transcription

SonicWall GMS 8.7 SoftwareGetting Started Guide

1ContentsBefore You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Record Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Installing and Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Installing Universal Management Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Before Upgrading to GMS 8.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Upgrading From an Earlier Version of GMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Upgrading the SonicWall GMS Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Registering and Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Registering/Licensing After a Fresh Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Registering Associated Servers in a Distributed Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Registering Associated Servers in a Closed Network Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Configuring UMH Deployment Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Deployment Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Deployment Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Using the Role Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Manually Configuring the System Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Configuring the All In One Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Configuring the Database Only Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Configuring the Console Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Configuring the Agent Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configuring the Reports Summarizer Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Configuring the Monitor Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Configuring the Event Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Configuring the Syslog Collector Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Configuring the Flow Server Role (Virtual Appliances Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Configuring the All in One-Flow Server (Demo Mode Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Configuring the Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Configuring Database Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Configuring Deployment Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Controlling Deployment Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Introduction to the Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Overview of the Two Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Switching Between Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40UMH System Interface Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Management Interface Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Login Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Live Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Multi-Firewall Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43SonicWall GMS 8.7 Getting Started GuideContents2

Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Using the GMS TreeControl Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Provisioning and Adding Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Provisioning a SonicWall Firewall Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Provisioning a SonicWall Firewall Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Provisioning a SonicWall SMA SMB Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Provisioning a SonicWall E-Class SMA Series Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Provisioning a SonicWall Email Security Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Adding SonicWall Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Adding SonicWall Appliances Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Importing SonicWall Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Managing Multiple Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56SonicWall Live Product Demos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59SonicWall GMS 8.7 Getting Started GuideContents3

1Before You BeginThis Getting Started Guide contains installation procedures and configuration guidelines for deployingSonicWall GMS on a server on your network. SonicWall GMS is a Web-based application that can configure,manage, and monitor the status of thousands of SonicWall firewalls, Internet security appliances andnon-SonicWall appliances from a central location. SonicWall GMS provides the following benefits: Centralized security and network management Sophisticated VPN deployment and configuration Active device monitoring and alerts Intelligent reporting, analytics, and activity visualization Centralized logging and offline managementTopics: System Requirements on page 4 Record Configuration Information on page 9System RequirementsSonicWall GMS software comes with a base license to manage either 5, 10, or 25 nodes. You can purchaseadditional licenses on MySonicWall. For more information on licensing additional nodes, read the “SonicWallUpgrades” section of the GMS 8.7 Console Admin Guide.Before installing SonicWall GMS, review the following requirements.Topics: Operating System Requirements on page 5 Unsupported Platforms on page 5 GMS Hardware Resource Requirements on page 5 Hard Drive HDD Specifications Browser Requirements on page 6 Database Requirements on page 6 Java Requirements on page 6 Microsoft Azure Platform Requirements on page 7 SonicWall Appliance and Firmware Support on page 8 Non-SonicWall Appliance Support on page 9 SonicWall GMS Gateway Recommendations on page 9SonicWall GMS 8.7 Getting Started GuideBefore You Begin4

Operating System RequirementsSonicWall GMS Software release supports the following operating systems: Windows Server 2016 Standard (English and Japanese language versions) Windows Server 2012 Standard 64-bit Windows Server 2012 R2 Standard 64-bit (English and Japanese language versions) Windows Server 2012 R2 DatacenterThese Windows systems can either run in physical standalone hardware platforms, or as a virtual machine underMicrosoft Azure or Windows Server 2012 Hyper-V or VMware ESXi.TIP: All listed operating systems are supported in both virtualized and non-virtualized environments. In aHyper-V virtualized environment, Windows Server is a guest operating system running on Hyper-V. GMS isthen installed on the Windows Server virtual machine that is layered over Hyper-V.NOTE: GMS is not supported on Amazon Web Services EC2.Unsupported PlatformsThe following platforms have been dropped from support: CDP management and reporting UMA EM5000 as part of the GMS deployment Windows 32-bit as part of the GMS deployment Firewalls with firmware older than SonicOS 5.0 Gen4 or older FirewallsGMS Hardware Resource RequirementsUse the Capacity Planning Tool to determine the hardware requirements for your deployment.NOTE: A Windows 64-bit operating system with a RAM of 16GB is highly recommended for betterperformance of reporting modules. Read the “Capacity Planning and Performance Tuning” appendix in theGMS 8.7 Firewall - Manage Administration Guide.Hard Drive HDD SpecificationsThe following hard drive HDD specifications are required when using GMS Software on a Windows Server or aGMS Virtual Appliance:Hardware RequirementsRequirementDetailsSpindle Speed10,000 RPM or higherCache64 MB or higherTransfer rate600 MBs or higherAverage latency4 microseconds or lowerSonicWall GMS 8.7 Getting Started GuideBefore You Begin5

Browser RequirementsSonicWall GMS uses advanced browser technologies such as HTML5 that are supported in most recentbrowsers. SonicWall recommends using the latest Chrome, Firefox, Internet Explorer, or Safari browsers foradministration of the SonicWall GMS.This release supports the following Web browsers: Chrome 42.0 and higher (recommended browser for dashboard real-time graphics display) Mozilla Firefox 37.0 and higher Microsoft Edge 41 or higher Internet Explorer 11.0 and higher (do not use compatibility mode)NOTE: Internet Explorer version 10.0 in Metro interfaces of Windows 8 is currently not supported.Turn off Compatibility Mode when accessing the GMS management interface with InternetExplorer. For more information, see the Knowledge Base article located ge-base/170502904412584Mobile device browsers are not recommended for SonicWall GMS system administration.NOTE: If using Chrome version 42 and newer to access GMS 7.2 and older, you will need to enable NPAPIsupport in Chrome, which by default has been disabled starting with version 42.Database RequirementsSeparately installed instances of MySQL are not supported with GMS.The following SQL Server versions are supported: SQL Server 2014 SQL Server 2012NOTE: For SQL Server deployments in countries in which English is not the default language, set thedefault language to English in the Login Properties of the GMS database user in the SQL Serverconfiguration.NOTE: A database user with “DB Creator” privileges must be provided to GMS during the RoleConfiguration process of any GMS Server.Java RequirementsNOTE: Java is required only when you are using Net Monitor.Download and install the latest version of the Java 8 plug-in on any system that accesses the GMS managementinterface. This can be downloaded ork/java/javase/downloads/index.htmlSonicWall GMS 8.7 Getting Started GuideBefore You Begin6

Network RequirementsTo complete the SonicWall GMS Software deployment process documented in this Getting Started Guide, thefollowing network requirements must be met: The SonicWall GMS server must have access to the InternetNOTE: GMS 8.7 supports closed network deployments. A closed network deployment does notrequire Internet access, see the GMS 8.5 Closed Network Deployment Guide for more information. The SonicWall GMS server must have a static IP addressNOTE: Depending on the configuration of SonicWall log settings and the amount of traffic handledby each device, the network traffic can vary dramatically. The 1 KB/s for each device is a generalrecommendation. Your installation requirements can vary. Refer to the Capacity Planning Tool.Microsoft Azure Platform RequirementsSonicWall Global Management System (GMS) can now be deployed as software on a Microsoft Azure cloudcomputing platform. This allows you to have more flexibility in the types of server you select to host GMS. Referto the following documentation to set up the Azure platform: Tutorial: Create and Manage Windows VMs with Azure PowerShell Quickstart: Create a Windows Virtual Machine in the Azure Portal.NOTE: You need to have the following ports open in Microsoft Azure to deploy GMS: 3389, 3306, 514,8585, 2055, 443, and 21021.SonicWall GMS 8.7 Getting Started GuideBefore You Begin7

SonicWall Appliance and Firmware SupportSonicWall GMS supports SonicWall firewall App Control policy management and reporting. Refer to the SonicOSdocumentation for information on which SonicOS firmware versions support these features.NOTE: GMS 8.7 does not support legacy SonicWall appliances, including: Firewall appliances running firmware earlier than SonicOS 5.0 CSM Series CDP SeriesSonicWall GMS 8.7 supports the following SonicWall appliances and firmware versions:Component RequirementsSonicWall PlatformsSonicWall Firmware VersionNetwork Security ApplianceNSsp 120006.5.1.8-1n or newerSuperMassive 10000 seriesSonicOS 6.0 or newerNOTE: Only partial policy management and reporting support iscurrently available. The following SuperMassive specific featuresare not supported for centralized policy management in GMS: Multi-blade Comprehensive Anti-Spam Service (CASS) High Availability/Clustering Support for Management Interface Flow Reporting Configurations Multi-blade VPN Advanced Switching Restart: SonicOS versus ChassisContact your SonicWall Sales representative ontact-sales formore information.SuperMassive 9000 seriesSonicOS 6.1 or newerNSA/NSa seriesSonicOS 5.5 or newerNSv seriesSonicOS 6.5.2 or newerTZ series and TZ WirelessSonicOS 5.5 or newerSonicWall SOHOSonicOS 5.9.1.3 or newer 5.9 versionsSOHO WirelessSonicOS 6.2.6 or newer 6.x versionsSecure Mobile AccessSRA/SSL-VPN SeriesSSL-VPN 2.0 or newer (management)SSL-VPN 2.1 or newer (management and reporting)E-Class SRA SeriesE-Class SRA 9.0 or newerSMA 6200/7200SMA 10.7.2 or newerEmail Security/Anti-SpamEmail Security SeriesEmail Security 7.2 or newer (management only)Notes: Appliances running firmware newer than this GMS release can still be managed and reports can still begenerated. However, the new features in the firmware will be supported in an upcoming release of GMS. GMS 8.7 does not support SonicOS 5.8 or earlier using RC4.SonicWall GMS 8.7 Getting Started GuideBefore You Begin8

Non-SonicWall Appliance SupportSonicWall GMS provides monitoring support for non-SonicWall TCP/IP and SNMP-enabled devices andapplications.SonicWall GMS Gateway RecommendationsA GMS gateway is a SonicWall firewall appliance that allows for secure communication between theSonicWall GMS server and the managed appliance(s), using VPN tunnels.A GMS gateway is not required in all deployment scenarios, but when deployed, the GMS gateway must be aSonicWall VPN-based network security appliance running SonicOS Enhanced firmware or another VPN devicethat is interoperable with SonicWall VPN. The GMS gateway provides a VPN management tunnel for eachmanaged appliance. The number of management tunnels depends on the number of VPNs supported by theGMS gateway appliance and could be a limiting factor.For complete information about SonicWall GMS management methods and requirements for a GMS Gateway,see the “GMS Gateway Requirements” section in the GMS 8.7 INTRODUCTION - DASHBOARD AdministrationGuide.Record Configuration InformationBefore continuing, record the following configuration information for your reference:SMTP Server Address:The IP address or host name of your Simple Mail Transfer Protocol (SMTP)server. For example, mail.emailprovider.com.HTTPS Web Server Port:The number of your secure (SSL) Web server port if customized. The defaultport is 443.GMS Administrator Email 1:The email address of a SonicWall GMS administrator who receives emailnotifications from SonicWall GMS.GMS Administrator Email 2:The email address of an additional SonicWall GMS administrator whoreceives email notifications from SonicWall GMS. This field is optional.Sender Email Address:The email address from which the email notifications are sent by SonicWallGMS.GMS Gateway IP:The IP address of the SonicWall GMS gateway between the GMS agent andthe network. This optional field is only applicable if you have a GMS gateway.GMS Gateway Password:The password for the SonicWall GMS gateway. This optional field is onlyapplicable if you have gateway between the GMS and the network.Database Vendor:Your database vendor if you are using a SQL Server database.*Database Host/IP:The IP address of the database host. This is not required when using thebundled database on this server.*Database User:The MySQL user name for the database administrator. This is not requiredwhen using the bundled database on this server 1Database Password:The MySQL password for the database administrator. This is not requiredwhen using the bundled database on this server. 11. This information is needed if Microsoft SQL Server is used, or in the case of a distributed deployment.SonicWall GMS 8.7 Getting Started GuideBefore You Begin9

2Installing and UpgradingSonicWall GMS Software can be configured for a single server or in a distributed environment on multipleservers.SonicWall GMS can be installed as a fresh install or as an upgrade from a previous version.NOTE: You must

SonicWall GMS 8.7 Getting Started Guide Contents 1 2 . SonicWall GMS software comes with a base license to manage either 5, 10, or 25 nodes. You can purchase additional licenses on MySonicWall. For more infor