To manually acquire a firewall, see Manual Firewall Acquisition . NetworkSecurityManager Administration Guide. Firewalls. 19. Page 20. ○.
Indicates the name of a technical manual. ... acquisition. To manually acquire a firewall, see Manual Firewall Acquisition . ... Updated - March 2021.
SonicWall Network Security Manager (NSM) is the next generation firewall management application that provides a holistic approach to security management.
Network Security Manager Administration Guide Network Security Manager Overview About Network Security Manager API Support Legal Information Conventions Guide Conventions UI Conventions Related Documents Dashboard Summary Network Threat Firewalls Device Inventory Device Status Managing Devices Device Groups Working with Device Groups Backups Scheduling Backups Archiving TSR Archiving EXP Templates Templates Inventory Creating Templates Editing Templates Viewing Template Configuration Creating Duplicate Template Modifying Template Attributes Applying Templates View Template Status Deleting Templates Configuration Management Approval Groups Approval Workflow Settings Contents 4 4 5 5 6 6 6 7 8 9 10 11 13 13 15 19 24 25 28 30 30 30 32 32 34 34 35 35 35 36 37 37 39 39 39 Network Security Manager Administration Guide 2 Contents Approval Group Management 40 Configuration Management Workflow 43 Viewing Pending-Configuration Updates 43 Committing and Deploying the Updates 44 Discarding Pending Configurations 46 Monitoring Commits 47 Managing Commits 48 Editing Commits 48 Redeploying Commits 48 Rescheduling Commits 49 Deleting Commits 49 Auditing Configuration Changes 50 Tenants 51 CSC Users 52 CSC User Status 52 Users 53 Sorting and Filtering 54 Editing CSC Users 54 Support Portal Users 55 Roles and Permissions 56 Scheduled Reports 58 Managing the Schedules 58 Creating Scheduled Reports 59 Editing Schedule 62 Running Reports Manually 63 Setting the Report Date Range 63 Archived Reports 64 Downloading Archived Reports 65 System Events 66 Configuring Log Settings 66 Viewing System Events 66 SonicWall Support 69 About This Document 70 Network Security Manager Administration Guide 3 Contents 1 Network Security Manager Overview SonicWall® Network Security Manager is a web-based application that centralizes management, reporting, and analytics for the SonicWall family of network security appliance and web services. SonicWall offers both a cloud solution and an on-premises solution that automates the steps to set up an appliance. It also offers robust reporting and management tools. Topics: l About Network Security Manager l API Support l Legal Information l Conventions l Related Documents About Network Security Manager SonicWall Network Security Manager (NSM) is the next generation firewall management application that provides a holistic approach to security management. The approach is grounded in the principles of simplifying and automating various tasks to achieve better security operation and decision-making, while reducing the complexity and time required. NSM gives you everything you need for firewall management; it provides comprehensive visibility, granular control and the capacity to govern the entire SonicWall network security operations with greater clarity, precision and speed. This is all managed from a single, functionpacked interface that can be accessed from any location using a browser-enable device. Firewalls can be centrally managed to provision all the network security services with a single-pane-of-glass experience. This security management platform is a SaaS (Software-as-a-Service) or an on-premises offering, depending on your needs. The SaaS offering is accessible on-demand, via the cloud, with virtually unlimited system scalability to support multiple tenants with thousands of security nodes under each one. The solution's redundant and distributed architecture enables organizations to centrally and reliably manage a single small network to one or more enterprise-class deployments with the flexibility to scale without increasing management and administrative overhead. The on-premises offering is for those customers that don't want to opt for a cloud solution. It can be deployed on multiple form factors such as ESXi and Hyper-V. The architecture allows you to scale to 10,000 devices under management and will support migration from Global Management System (GMS) in the future release. NSM offers many salient features: Network Security Manager Administration Guide 4 Network Security Manager Overview l On-boarding hundreds of devices with Zero-Touch Deployment easily l Group devices based on geographic location, business functions or customers with Device Groups l Enforce consistent security across all your devices with Device Templates l Make informed decision and policy actions to any threat, quickly and in real time, with detailed reporting and powerful analytics NSM can manage both Gen6 and Gen7 SonicWall firewalls. SonicOS 6.4.5 is the minimum version allowed for management by NSM. API Support A RESTful (Representational State Transfer) API (application programming interface) has been developed for Network Security Manager. This allows you to either script or build custom user interface elements to manage a unit or tenant if you do not want to use the default user interface. Managed service providers (MSPs) may find this feature especially useful when customizing the product for their use. Navigate to Manager View|API for details. In the SONICWALL END USER PRODUCT section, links to the NSM API Specification and the SonicOS API Specification are provided. Do not download, use or install the APIs if you do not agree to the terms of the End Product User Agreement. Legal Information SonicWall Network Security Manager is protected by copyright and is provided as is. The details associated with this status are provided on the Legal Information page. Navigate to Manager View | > Legal Information to read the details: l Copyright and Limited Liability l SonicWall End User Product Agreement For deliveries outside the United States, go to SonicWall End User General Product Agreement for more details. Network Security Manager Administration Guide 5 Network Security Manager Overview Conventions The Network Security Manager Administration Guide guide makes use of the following conventions: l Guide Conventions l UI Conventions Guide Conventions The following text conventions are used in this guide: Convention Use Bold text Used in procedures to identify elements in the user interface like dialog boxes, windows, screen names, messages, and buttons. Also used for file names and text or values you are being instructed to select or type into the interface. Menu view Indicates a multiple step menu choice on the user interface. For example, Manager or mode | View | HOME > Firewall > Groups means verify you are in Manager View first and Menu item > that the HOME option is selected. Then click on Firewall in the left-hand menu, and Menu item select Groups. Computer code Indicates sample code or text to be typed at a command line. <Computer code italic> Italic Represents a variable name when used in command line instructions within the angle brackets. The variable name and angle brackets need to be replaced with an actual value. For example, in the segment serialnumber=<your serial number>, replace the variable and brackets with the serial number from your device: serialnumber=C0AEA0000011. Indicates the name of a technical manual. Also indicates emphasis on certain words in a sentence, such as the first instance of a significant term or concept. UI Conventions When acquiring devices for management and reporting, the Status option uses colored icons to indicate the various states of the devices being monitored and managed. Network Security Manager Administration Guide 6 Network Security Manager Overview Status Definition Icon Indicates that a process is in progress. In some instances, specific details are provided: for example, Requesting Licenses. Indicates that a process has completed successfully. May provide the message Success or something with more detail like Device parameters set up in Cloud Capture Security Center complete. Indicates that a task is in process or pending the completion of another task. The message Pending is usually displayed, as well. Indicates a potential issue. Messages provide additional detail to help you resolve the issue. Indicates an error. Additional information may be provided via an information icon. Click the icon or mouse over it to see the message: For example, Gateway Firewall is not available in CSC. Indicates an unknown status. Indicates the device is online. Indicates the device is offline. Indicates the device is unmanaged. Indicates the device is managed. Related Documents The NSM documentation includes the following: l About Network Security Manager provides an overview of the product and describes the base modes of operation, the navigation and icons, and the Notification Center. l The Network Security Manager Getting Started Guide describes how to license and configure a basic NSM setup. l The NSM Administration Guide reviews the management tasks for administering your security infrastructure. l The Network Security Manager Reporting and Analytics Administration Guide discusses how to use the reporting and analytics features. l Network Security Manager On-Premises System Administration describes the system administration tasks for an on-premises deployment of NSM. l The NSM Release Notes summarizes the new features for the product. Network Security Manager Administration Guide 7 Network Security Manager Overview 2 Dashboard The Dashboard provides a visual status of the security infrastructure. You can review the Dashboard and see at a glance if any issues need investigating. The system dashboard has four tabs: Device, Summary, Network, and Threat. You can quickly see the summary of status of devices, traffic distribution, and threats to know whether you have issues and where to focus to resolve them. The default view of system dashboard is Devices dashboard. It shows a summary of the devices and alerts in your infrastructure. NOTE: For the on-premises solution, the only view on the Dashboard is the Devices view. There are no other tab options at the top of the graph. The tab Devices, Summary, Network and Threat are only seen on the SaaS version of NSM, and these are described in the following sections. At the top of the dashboard, you see a summary of your devices: l FIREWALLS: Displays the number of firewalls that you intend to manage through NSM. Click FIREWALLS to list all the firewalls in the Inventory page. Network Security Manager Administration Guide 8 Dashboard l OFFLINE: Displays the number of firewalls that are offline. Click OFFLINE to list the offline devices in the Inventory page. l EXPIRING LICENSES: Displays the number of expiring firewall licenses. l GROUPS: Displays the number of device groups. Click GROUPS to list the device groups. The FIREWALL OVERVIEW section shows how many devices are ONLINE & MANAGED, OFFLINE, ONLINE & UNMANAGED and UNASSIGNED. A pie chart representation of firewall overview is also displayed. The geographical locations of the firewalls are shown on the map. For more details of the devices in a particular location, click the map location. The Alert Center is shown at the bottom of the Device dashboard. An alert summary is provided and you can click on any of the categories--All, Threats, or General to open the Notification Center and see all the alerts for the selected category. The most recent alerts are displayed in a tabular format below the summary. Summary The Summary tab in the Dashboard > System page displays information on TRAFFIC DISTRIBUTION, TOP USERS, OBSERVED THREATS, and TOP DEVICES BY SESSIONS in your network infrastructure, for the period selected in the slider at the top. Network Security Manager Administration Guide 9 Dashboard l TRAFFIC DISTRIBUTION: Shows the graphical representation of the percent distribution of the number of network sessions based on protocol. l TOP USERS: Shows the top users by the number of sessions, amount of data received, amount of data sent, and the number of blocked connections. l OBSERVED THREATS: Shows the different types of threats and the number of threats of each threat type across managed devices. l TOP DEVICES BY SESSIONS: Shows the list of devices that are sorted in descending order of the category you select. Click the Gear icon to select your desired category; the default selection is Sessions. The Insights section (scroll to the right if it's not visible) gives information about number of infected hosts and the number of critical attacks. Network The Network tab in the Dashboard > System page shows data pertaining to transactions in your network infrastructure. Network Security Manager Administration Guide 10 Dashboard The following data is displayed on the Network page: types of applications that run in your infrastructure; IP addresses that initiate sessions; users that initiate sessions; web categories; and countries from which connections are initiated. Each space enables you to filter the data with available options. There is an option to switch to Graph and List view. For more details on the data displayed in each space, click View Details link available at the bottom. Threat The Threat tab in the Dashboard > System page shows top threats by type, including the viruses, intrusions, spyware, and botnet. For more details on threats of a particular threat type, click View Details.There is an option to switch to Graph and List view. Network Security Manager Administration Guide 11 Dashboard For more information on monitoring the displayed threat data, see Analytics and Reporting document available at https://www.sonicwall.com/support/technical-documentation/. NOTE: The ability to drill down to specific details of an incident is dependent up on the licensing options you purchased. Having Analytics added ensures the broadest access to information. Network Security Manager Administration Guide 12 Dashboard 3 Firewalls Topics: l Device Inventory l Device Groups Device Inventory The Inventory page (Manager View | Firewalls > Inventory) provides the inventory and activity status of all the firewalls and appliances managed by the Network Security Manager. Multi-tenant administrators can click on the tenant name and select any other tenant to see the devices associated with the selected tenancy. To customize columns, click Column Selection and select or clear the options to include or hide the data of the columns. The menu bar above the table shows: All Devices-- total number of devices; number of devices that are ONLINE & MANAGED, OFFLINE, ONLINE & UNMANAGED and UNASSIGNED. You can click these icons to list the devices--one category at a time--all the devices, online and managed by NSM, offline, online and unmanaged by NSM, and devices that are not assigned to any group. The menu bar below the Firewall View lets you to search using the Keyword and Group By from the available options in the drop-down list. l Search : Enter the Keyword and the list brings up the desired search results l Group By : From the drop-down list, choose the options to No Grouping, Model, Connectivity, Managed Status, Group Name and they are displayed below. l Add : The Add icon lets you to Add Device and Import Add Device File. Click Add Device and input Serial number, IP Address, User name and Password. To import device, click Add Device File and choose the files. Only xml,csv and json file types are supported. l Delete : Select any device to delete and click this icon. l Export : Click this icon to Export Device Inventory data to a .CSV file. l Refresh : Refreshes the devices in the list. l Grid Settings : This option lets you to Show or Hide Columns, Rearrange using Drag and Drop. You can also restore them to defaults or tick the boxes and click Apply. l More Options : There are additional options which enables to Archive the selected configuration and download Add device JSON and CSV files to your local machine. Network Security Manager Administration Guide 13 Firewalls The following information is displayed for each firewall: l Appliance details: Details of the firewall, such as: FRIENDLY NAME, SERIAL NUMBER, TENANT NAME--Tenant to which the appliance is registered to, GROUP-- Device Group, if the firewall belongs to any, MODEL, IP ADDRESS, TAGS, SonicOS VERSION that runs on the firewall. l TEMPLATES APPLIED: The templates applied to the firewall, if any. l ZERO TOUCH: Activation status of zero-touch feature or status of zero-touch connection between firewall and NSM for zero-touch enabled device. For detailed information on zero-touch status of a firewall, see Zero Touch Status l CONNECTIVITY: Status of connectivity between NSM and firewall. l Green icon-- NSM can reach the firewall. l Red icon-- NSM cannot reach the firewall. l CONFIGURATION l Blue icon--Device acquisition was successful and firewall configuration is synchronized with NSM; firewall is in managed state. l Red icon--Device acquisition was either successful or unsuccessful; the firewall configuration is not synchronized with NSM as it was modified locally. Therefore, the firewall is in unmanaged state. In this state, commits cannot be deployed on to the firewall. Using the table as the central location, you can: switch to Firewall View to manage any system listed, for example: edit settings, upgrade software, and so on. For any firewall, click Ellipses icon in the ACTION column and select appropriate option to perform any of the listed actions on the firewall: l Access Firewall View: Click Switch to Firewall View to access firewall management interface. For information on how to perform configuration changes to a firewall, see SonicOS documentation. l Edit Settings: Click Edit Settings to edit settings of the firewall. For information on editing settings of a firewall, see Editing Device Settings. l Synchronize Firewall: A successfully-acquired firewall's management status changes to unmanaged state when the firewall is locally modified. Click Synchronize Firewall to synchronize Network Security Manager Administration Guide 14 Firewalls firewall configuration with NSM so that the management status is set to Managed. See Synchronizing Firewall Configuration with NSM. When firewall is in unmanaged stage, commits cannot be deployed on to the firewall. l Upgrade Firmware: Click Upgrade Firmware to upgrade firmware on the firewall. For information on upgrading firmware, see Upgrading SonicOSX Firmware. l Archive Config : Archives the selected configuration. l Audit: Click Audit to access Audit page. To perform audits, see Auditing Configuration Changes. l Managing Commits: Click Manage Commits to access Commits page. To manage commits, see Monitoring Commits l Scheduled Reports: Click Scheduled Reports to set a schedule to generate PDF reports at regular intervals. For information on creating scheduled reports, see Creating Scheduled Reports. l Export to Template : Part of the device configuration to be exported to the Template. l Log-in to Unit : This option is a fast and easy way to log into the managed firewall device-level. l Delete Firewall : Deletes the selected Firewall. l Upload Keyset File : Choose a License File by clicking Browse and click Upload. Device Status Click the caret icon next to a device name and then click the available options for more information on the device such as Management Status, License Details, Analytics & Reporting Status, and Templates & Firmware Versions. Topics: l Management Status l System Details l Templates Applied l License Details l Available SonicOS Versions l Zero Touch Status l Multi-device Firmware Upgrade Network Security Manager Administration Guide 15 Firewalls Management Status NSM manages a firewall, when: firewall acquisition is successful, firewall configuration is synchronized with NSM, and NSM can reach the firewall. For information on performing firewall acquisition, see NSM Getting Started Guide available at https://www.sonicwall.com/support/technical-documentation/. MANAGEMENT STATUS gives information of the status of the device and device-management through NSM. MANAGEMENT STATUS Connectivity Status of connectivity between NSM and firewall. l Up(green icon)-- NSM can reach firewall. l Down(red icon)-- NSM cannot reach firewall. Configuration Status of synchronization of firewall configuration with NSM. Acquired l Green icon--Synchronization successful l Red icon--Synchronization failed Status of firewall acquisition by NSM. Zero Touch l Green icon--Acquisition successful l Red icon--Acquisition failed l Yellow icon--Acquisition is in progress Activation status of the zero-touch feature or status of zero-touch connection between firewall and NSM for zero-touch enabled device. l A gray icon indicates Zero Touch feature was disabled. l A red icon indicates that the Zero Touch connection failed. l A yellow icon indicates that the system is waiting for a Zero Touch connection from the firewall. l A green icon indicates that the firewall is connected successfully to NSM using zero-touch. System Details The SYSTEM DETAILS section displays the following details of a system: SYSTEM DETAILS Term Model Serial Number Friendly Name IP Address Username Group Name Definition Device model. Serial number of the device Friendly name of the device, if entered when registering the firewall. IP Address of the device. Username Device group, if the device belongs to any group. Network Security Manager Administration Guide 16 Firewalls Term Definition Tenant The tenant to which the firewall is registered to. Verify SSL Certificate Status of SSL certificate verification. Firmware Version The SonicOS version that runs on the device Last Modified By User that modified device configuration the last time. Product Code Product code of the firewall. Memory RAM capacity of the system. ROM Version ROM version running on the device. Safemode Version Safemode Version Up Time Duration for which the device is online. Current Time Current time. Auth Code Authorization code of the firewall. Registration Code Registration code of the firewall. Prefs Changed Status of preferences changed. License Details The LICENSE DETAILS section shows the activation status of all the licenses associated with your device and also notifies if the licenses are nearing expiration. The list of licenses is given here: l Nodes/Users l Global VPN Client l VPN SA l SSL VPN l WAN Acceleration Client l Botnet Filter l App Visualization l App Control l Gateway AV/Anti-Spyware/Intrusion Prevention/App Control/App Visualization l Content Filtering Client l Capture Client (Advanced) l Deep Packet Inspection for SSL (DPI-SSL) l Premium Content Filter l SonicOSX Expanded l DPI-SSL Enforcement l Virtual Assist l E-Mail Filtering Service Network Security Manager Administration Guide 17 Firewalls l WAN Acceleration Software l Comprehensive/Advanced Gateway Security Suite l Deep Packet Inspection for SSH (DPI-SSH) l Comprehensive Anti-Spam Service l SYSLOG Analytics l Capture Advanced Threat Protection l Capture Client McAfee Malware Engine l Global VPN Client Enterprise l External IDS Support l Analyzer l Stateful High Availability Available SonicOS Versions The AVAILABLE VERSIONS section under Templates & Firmware Versions shows all the SonicOS versions available for firewall upgrade. NSM downloads these versions from MySonicWall. To upgrade SonicOS software on your device, see Upgrading SonicOSX Firmware. Zero Touch Status The ZERO TOUCH STATUS section under ZT, Analytics & Reporting Status provides information on zero-touch connection between firewall and NSM. The ZERO TOUCH STATUS section is displayed only for firewalls that have zero-touch feature enabled. ZERO TOUCH STATUS Term Enabled Description Displays the status of the Zero-Touch connection between firewall and NSM. l A red icon indicates Zero Touch connection has failed. l A yellow icon indicates that the system is waiting for a Zero Touch connection from the firewall. l A green icon indicates that the firewall is connected successfully to NSM using zero-touch. Connection State Status of zero-touch connection between firewall and NSM. Zero Touch The IP address of proxy server for Zero Touch deployment. Proxy Address Last HeartBeat Time at which heartbeat of the firewall was heard the last time. Time Last Request Time at which the request was sent to firewall the last time. Time Sent Connection Time at which zero touch connection is initiated. Initiation Time HeartBeat Ack Time at which the heartbeat acknowledgment is received by the firewall. Received Time Network Security Manager Administration Guide 18 Firewalls Managing Devices Several functions are provided so you can easily manage your nsm infrastructure. Topics: l Editing Device Settings l Synchronizing Firewall Configuration with NSM l Upgrading SonicOSX Firmware l Creating Backup of Device Configuration l Manual Firewall Acquisition Editing Device Settings To edit settings of a device: 1. Navigate to Manager View | Firewalls > Inventory page. 2. Hover over the device for which want to edit the settings, click Ellipses icon in the ACTION column and select Edit Settings. 3. In the Edit Settings dialog: l For a device that is managed successfully by NSM, you can edit only the Friendly Name and Tags. l For a device that isn't acquired yet, you can edit Friendly Name, Tags and perform manual acquisition. To manually acquire a firewall, see Manual Firewall Acquisition . Network Security Manager Administration Guide 19 Firewalls l For a device that has failed acquisition, you can edit Friendly Name, Tags. 4. Click Save. Multi-device Firmware Upgrade You can now upgrade multiple firewalls from a group of devices in a single action. To perform group upgrade of devices: 1. Navigate to Manager View | Firewalls > Inventory page. 2. Hover over the device for which want to edit the settings, click Ellipses icon in the ACTION column and select Firmware Upgrade. 3. There are 3 steps to perform upgrade. Select the devices in the group by checking the box. 4. Browse and select the Firmware and click Next to proceed to the next screen . a. Schedule Now - Choose this to upgrade instantly. b. Set Schedule - Set a future date to upgrade. 5. Click Upgrade. Synchronizing Firewall Configuration with NSM The management status of a firewall changes to Unmanaged state when the firewall is locally modified. You need to synchronize firewall configuration with NSM to set the device in Managed state. Network Security Manager Administration Guide 20 Firewalls To synchronize firewall configuration with NSM: 1. Navigate to Manager View | Firewalls > Inventory. 2. Click the Ellipses icon in the Action column for the firewall you want to synchronize the changes with NSM, and select Synchronize Firewall. 3. In the Synchronize Firewall dialog, click Review Diff. 4. In the Device Synchronization wizard: a. Review the configuration differences between NSM configuration and the local firewall configuration. b. Click Next. c. Review the pending commits. d. Click Synchronize. e. Click OK in the Warning dialog. Synchronization process runs. f. Click Close. The firewall is now managed by NSM, thus the CONFIGURATION status changes to Managed in the Firewall Inventory page. Network Security Manager Administration Guide 21 Firewalls Upgrading SonicOSX Firmware To upgrade SonicOS firmware on a firewall:: 1. Navigate to Manager View | Firewalls > Inventory page. 2. Hover a firewall, click Ellipses icon in the ACTION column, and then select Upgrade Software. The Software Upgrade dialog is displayed. 3. Do one of the following: l To upgrade to any available version on your Local system: 1. In the NEW SOFTWARE VERSION(S) section, click Browse and select the setup file in your system. 2. Click Upload. l To upgrade to any available version instantly: 1. Select the required software version In the AVAILABLE SOFTWARE VERSION(S) section. 2. Select Now in the SCHEDULED UPGRADE section, if not selected. 3. Click Upgrade. l To schedule software upgrade: 1. Select the required software version In the AVAILABLE SOFTWARE VERSION(S) section. 2. Select Later in SCHEDULED UPGRADE section and set the schedule for upgrade in Upgrade Time box. 3. Click Upgrade Creating Backup of Device Configuration Creating configuration backups enables you to restore a firewall configuration anytime. Network Security Manager Administration Guide 22 Firewalls To create a configuration backup of a device: 1. Navigate to Manager View | Firewalls > Inventory. 2. Hover over the device for which you want to create a configuration backup and click Ellipses icon in the Action column. 3. Select Archive Config. 4. Click OK to confirm. To validate the backup: 1. Navigate to Manager View | Config Management > Audit. 2. Select the appropriate device from the Devices drop-down list. 3. View the entries in the Audit table to find the backup. 4. Click the arrow next to the date of the backup. The entry expands to show the configuration file that was backed up. Manual Firewall Acquisition Under certain conditions you may opt to acquire a firewall manually rather than using Zero Touch. NOTE: When acquiring manually, SSL cert verify is enabled by default. This is set as a security feature, but if proper SSL certification is not enabled on the firewall, the firewall does not get acquired. To acquire a firewall manually: 1. Navigate to Manager View | Firewalls > Inventory. 2. Hover over the firewall, click the Ellipsis icon in the Action column and select Edit Settings. 3. Enter IP Address with Port for your device. 4. Enter your Username and Password of your NSM user account. Network Security Manager Administration Guide 23 Firewalls 5. Click Save and Acquire Again. As part of the device acquisition process, NSM establishes connection to the device, configures the firewall to send out syslog heartbeats so its health can be monitored, and then the pulls the status and configuration of the firewall. The status of the device acquisition is displayed in DEVICE ACQUISITION STATUS section; If the acquisition is successful, you will see a green icon next to Acquired. The firewall is now managed by NSM, and the CONFIGURATION is displayed as Managed in the Firewall Inventory page. Device Groups NSM enables you to create device group(s), deploy and manage common configurations across all the devices of a device group using templates. You can create device groups based on your requirement, for Network Security Manager Administration Guide 24 Firewalls example: geographical location, business function and so on. To create a device group, see Creating Device Groups The Manager View | Firewalls > Groups page displays the device groups that are created under the Root Group. To review the configuration of a device group in the Group View, click on the group name. The devices that are not part of any device groups are listed under Unassigned Firewalls. Multi-tenant administrators can click on the Tenant name and select any other tenant to display and manage the groups created under that tenant. You can also select All Tenants option to display and manage device groups of all the tenants in a single pane of glass. In the table you can see the all the device groups listed. Click the caret icon next to the group name to see devices that are part of the device group. DEVICE GROUPS Term Group Tenant Name SERIAL NUMBER TAGS ZERO TOUCH Link State Action Description Name of the device group. Tenant under which the device group is created. Serial numbers of devices that are part of a device group. Tags, if entered when creating the device group. Activation status of the zero-touch feature or status of zero-touch connection between firewall and NSM for zero-touch enabled device. Status of a firewall that is part of the group. l Up--Firewall is healthy. l Down-- Status check of the firewall failed because firewall could be down or the connection between firewall and NSM failed. Status of device acquisition and management by NSM. l Green icon--Device acquisition was successful; firewall is being managed through NSM. l Red icon--Device acquisition failed; firewall can't be managed through NSM. Actions that can be performed on a device group Working with Device Groups From the Manager View, you can create, update, and delete a device group. You can add a firewall to any device group, and you can add a device group under any existing device groups to create a hierarchical structure. If you want to view configuration of a particular group, navigate to Manager View | Firewalls > Groups and click on the group. You are taken to the Group View. The default location is Group View | HOME > Dashboard > System. Here you can monitor various dashboard views that include Summary, Network, and Threat. Click the gear arrow beside Group View to return to the Manager View. Network Security Manager Administration Guide 25 Firewalls Topics: l Creating Device Groups l Editing Device Groups l Creating Backup of Device-Group Configuration l Deleting Device Groups Creating Device Groups A device group enables you to easily deploy common configurations across all the devices of the group using templates. You can create device groups based on your requirement, for example: geographical location, business function and so on. To create a device group: 1. Navigate to Manager View | Firewalls > Inventory page. 2. Click Add. 3. Enter the Friendly Name and Tags in their respective fields. 4. Select devices listed in Unassigned Devices to add to the group being created and click caret-right icon. The devices are moved to In Group list. 5. Click Save. The newly created group is listed under the default group--Root Group, which cannot be deleted. To create a device group under another device group: 1. Hover over the group under which you want to create a new device group. 2. Click the Ellipses icon in the Action column and select Add a Group under this Group. 3. Follow steps 3 through 5 in the above procedure for creating a device group. Network Security Manager Administration Guide 26 Firewalls The newly created group is added under the selected parent group. Click the caret icon next to the parent group to view the newly added group. Editing Device Groups You can edit a device group to: add Unassigned Firewall(s) to the group; remove firewalls from the group; update friendly name and tags. To edit a device group: NOTE: The Root Group cannot be edited. 1. Navigate to Manager View | Firewalls > Groups. 2. In the Action field for the group you want to edit, select Edit Device Group. 3. Make changes to the Friendly Name and Tags fields, if needed. 4. To add devices to the group, select devices in the Unassigned Devices list and click the caret-right icon to move them to the In Group. To remove devices from the group, select the devices in In Group list and click the left-caret icon to move the devices to the Unassigned Devices list. NOTE: To move devices from one device group to another, first you need to delete the devices from one group and then add them to the other group from Unassigned Firewalls list. NOTE: When you add a device to a group that already has a template applied to it, the template configuration is made available to the newly added device and therefore you need to commit and deploy the available updates on to the device. 5. Click Save. Network Security Manager Administration Guide 27 Firewalls Creating Backup of Device-Group Configuration To create a backup of device-group configuration: 1. Navigate to Manager View | Firewalls > Groups. 2. Hover over the device group for which you want to create a backup and click the Ellipses icon in the ACTION column. 3. Select Backup Config. 4. Click OK to confirm. Deleting Device Groups NOTE: When you delete a device group, all the sub-groups also get deleted. All devices under the device group and its sub-groups will be automatically assigned to the parent group--Root Group. NOTE: When you delete a sub-group, all devices under the group is automatically assigned to its parent group. To delete device group(s): 1. Navigate to Manager View | Firewalls > Groups. 2. Select the group(s) you want delete. 3. Click the Delete icon. 4. Click Confirm. Backups To create a backup of the device configuration: 1. Navigate to Manager View| Firewall View > Backups 2. Click Add icon to Add Schedule. There are 3 steps to add schedule. Schedule Configuration - Enter Schedule Name, choose Daily Interval, Schedule Time, Edit Weekly Schedule Day. If you choose to Edit Weekly Schedule Day, toggle the switch and choose a day from the drop-down list. You are required to select at least one Backup Type and check the box as TSR or EXP and click Next to proceed to Device Selection screen. Network Security Manager Administration Guide 28 Firewalls Device Selection - In the Device Selection screen, choose the devices that are online and offline connectivity from the list. Toggle the switch to Show only online devices which filters the devices that are online. Click Next after choosing the devices to review. Review - In the last step, the Schedule configuration and Device Selection is displayed for review. If you want to change any information listed there, click Previous or click Save to schedule task. 3. Click Delete icon to delete any selected schedule from the list. 4. Refresh icon refreshes the list Network Security Manager Administration Guide 29 Firewalls 5. Column Selection allows to choose which options can be displayed in the schedule by checking the box. Scheduling Backups This section lists all the created backup schedules. To know, how to add schedule, see Backups. 1. Navigate to Manager View | Firewalls > Backups page. 2. Expand the scheduled backup from the list. It displays Schedule details and Previous Job Status. Hover over the item for which want to edit the schedule, click Ellipses icon in the ACTION column and select Edit Schedule. 3. Delete Schedule deletes the selected item. Archiving TSR The archived TSR backup types are displayed in this tab with File Name, Date and Time, Device Name, Serial Number and User Name. To know, how to add schedule, see Backups. Hover over the item for which want to view, click Ellipses icon in the ACTION column and select Download TSR and Delete TSR. The icons on the top also lets to download and delete the TSR files. Click Refresh to refresh the list. Column Selection allows to choose which options can be displayed in the schedule by checking the box. Download TSR option downloads the selected TSR to a zip file in .txt format. Archiving EXP The archived EXP backup types are displayed in this tab with File Name, Date and Time, Device Name , Serial Number and User Name. To know, how to add schedule, see Backups. Network Security Manager Administration Guide 30 Firewalls Hover over the item for which want to view the , click Ellipses icon in the ACTION column and select Download EXPand Delete EXP. . The icons on the top also lets to download and delete the EXP files. Click Refresh to refresh the list. Column Selection allows to choose which options can be displayed in the schedule by checking the box. Download EXP option downloads the selected EXP to a zip file in .txt format. Network Security Manager Administration Guide 31 Firewalls 4 Templates Templates allow you to effectively deploy and manage common configurations across firewalls. Template can be developed to set definitions for Device, Network, Objects and Policies settings on numerous firewalls. It brings scalability to the overall firewall management process. These templates can be reused or reworked for other configurations. Topics: l Templates Inventory l Creating Templates l Editing Templates l Viewing Template Configuration l Creating Duplicate Template l Modifying Template Attributes l Applying Templates l Deleting Templates l Golden Template Templates Inventory Navigate to Manager View > Templates to see the inventory of all your templates in a tabular format. Multi-tenant administrators can click on the tenant name (highlighted in the below image) and select any other tenant to list the templates associated with the selected tenancy. You can use the Search feature to find a specific template to use. To customize columns, click Column Selection, and select or clear the options to include or hide the data of the selected columns. The following details are displayed for each template listed on the Templates page: Network Security Manager Administration Guide 32 Templates TEMPLATE DETAILS NAME DESCRIPTION ZERO TOUCH USER ROLE ACTIVE TENANTS APPLIED TO Name of the tenant Gives more information on the template, if included when creating the template. Displays the deployment status of templateconfiguration on to zero-touch devices. l Enabled: The template configuration is autodeployed on to the target zero-touch devices when applied. l Disabled: The template configuration needs to be committed and deployed on to the target devices when applied. Management role of the user that created the template. Tenant to which the template is associated with. Active target devices and groups for the template To switch to the TEMPLATE VIEW, click on a template name or click on Edit Template in the Action menu. You can also access other functionality clicking the options in the Action field. The actions you can perform on the Templates page are listed here: l Creating Templates l Editing Templates l Viewing Template Configuration l Modifying Template Attributes l Creating Duplicate Template l Deleting Templates l Applying Templates Network Security Manager Administration Guide 33 Templates Creating Templates You can build templates that you can use repeatedly to apply configurations to the firewalls in your environment. To create a template: 1. Navigate to Template View > Templates. 2. Click Add Template. 3. Enter the Template Name. 4. From the type, choose SonicOSor SonicOSX. The templates can be applied to specific devices that are running the OS. 5. To enable automated deployment of the template configuration to Zero-Touch devices when the template is applied to target group(s) or device(s), enable or disable Zero Touch option. Offline devices will be updated once they come online. 6. Enter a valid Description. This is optional. 7. Click Create. 8. Confirm that you want to switch to Template View if you want to define your template now; otherwise click Cancel to see that your template is added to the inventory. To define your template, see Editing Templates. Editing Templates If a template--applied to device group(s) or device(s)--is edited, the configuration changes are not automatically committed to the devices. You need to commit and deploy the changes so that the changes are pushed to the devices. To perform commit and deploy, see Committing and Deploying the Updates NOTE: The updates made to a zero touch template are automatically deployed to the applied zerotouch devices. To define or edit a template: 1. If not already in Template View, either click the template name or select Edit Template in the Action field. 2. Navigate to other options in Template View: Device, Network, Object, or Policy. 3. Using the interface commands under each of these options, define the various parameters of your template. For information on performing configuration in these fields, see SonicOS documentation at https://www.sonicwall.com/support/technical-documentation/. 4. After you update the template, click View Templates Details to see the updates done to the default. All the updates done to the template configuration are captured here. 5. Click Close to return to Template inventory. Network Security Manager Administration Guide 34 Templates Viewing Template Configuration To view template configuration: 1. Navigate to Manager View > Templates. 2. Click Ellipses icon in Action column for any template and select View Template Configuration. The configuration changes are listed in the dialog displayed. 3. Click the Edit icon next to the operation to edit the template configuration as required. 4. To delete the selected template, check the devices and click Delete Selected. Creating Duplicate Template You can create a duplicate of any template and then edit the configuration to use it on other devices. To create a duplicate template: 1. Navigate to Manager View > Templates. 2. Click Ellipses icon in the Action column for any template and select Clone Template. 3. Click OK in the dialog displayed. The duplicate template is now available on the Templates page with name clone<template name>. To tweak the attributes of the newly created template, see Modifying Template Attributes. To make changes to the configuration of the newly created template, see Editing Templates. Modifying Template Attributes To modify template-attributes: 1. Navigate to Manager View > Templates. 2. Hover over a template and click Ellipses icon in the ACTION column, and then select Modify Template Attributes. 3. In the Edit Template dialog, edit the template attributes as needed. The name of the template and description can be added as a reference. Network Security Manager Administration Guide 35 Templates 4. Click Update. 5. Click Confirm to switch to the Template View; click Cancel otherwise. Applying Templates You need to apply a template to deploy and manage common configurations across devices. When you apply a template to device group(s), you can deploy and manage configuration across all the devices of the group (s). You also have an option to apply a template to selected devices within any group. NSM supports application of multiple templates to device group(s) or device(s): To overwrite the configuration of the devices associated with any template, you can apply another template. To apply a template: 1. Navigate to Manager View > Templates. 2. Hover over a template that you want to apply, click on the Action column and select Apply Template. 3. Select the device group(s) or devices within any group (s) to apply the template. IMPORTANT: A template cannot be applied to device(s) that don't belong to any group. Hence, Unassigned Firewalls aren't displayed in the dialog. 4. Click Save. If Zero Touch option is enabled for a template, the configuration of the template is auto-deployed to applied Zero-Touch devices; Offline devices will be updated once they come online. For non Zero Touch devices, the configuration updates available at each device needs to be committed and deployed to push the updates to the devices. For information on committing and deploying updates, see Committing and Deploying the Updates. Network Security Manager Administration Guide 36 Templates View Template Status To view template status: 1. Navigate to Manager View > Templates. 2. Hover over a template that you want to apply, click on the Action column and select View Template Status. 3. Expand the device name to view the status of the listed templates. 4. Click Close to return to Template inventory. Deleting Templates NOTE: By deleting a template associated with devices, you cannot perform configuration rollback on the target group(s) and device(s). To delete a template: 1. Navigate to Manager View > Templates. 2. Hover over the template you wish to delete and click Ellipses icon in the Action column. Network Security Manager Administration Guide 37 Templates 3. Select Delete Template. 4. Click Confirm. Network Security Manager Administration Guide 38 Templates 5 Configuration Management NSM supports different types and sizes of customers interested in managing their firewalls in the Cloud. A configuration change that is defined on the NSM side is referred to as PENDING CONFIGS, and for the changes to be effective on the firewalls, the changes need to be committed and deployed. Topics: l Approval Groups l Configuration Management Workflow l Auditing Configuration Changes Approval Groups NSM has the ability to configure an approval process when planning and scheduling changes to the configuration (commits). Approval groups can be defined and enabled on a per tenant basis. You can also enforce partial approval, where one of a group of people can approve, or complete approval, where everyone has to approve. Customize the Approval Groups table by clicking Column Selection. Topics: l Approval Workflow Settings l Approval Group Management Approval Workflow Settings Approval Groups allows you to enable and set up approvals for proposed system updates. . Network Security Manager Administration Guide 39 Configuration Management To enable approvals: 1. Navigate to Home | Config Management > Approval Groups. 2. Enable the switch for Approval Workflow for tenant (move it to green). 3. Select whether full approval is required or if partial approval is allowed. 4. Set the number of day required to get the approval in the Default Approval Expire Period field. The default is 1 day. 5. Click Accept. Approval Group Management On the Approval Groups tab, you have to tools to manage the approval groups that you've defined for your tenants. The Approval Groups table lists all the approval that have been defined. It provides the group name, description, the number of users in the list and the type of user (whether they are an approver or a notificant). To see more details about a particular group, click the caret by the Group Name. The entry expands to you can see the users that make up the list. Topics: l Searching the Approval Groups l Adding a New Approval Group l Editing an Approval Group l Deleting an Approval Group l Setting the Default Approval Group Searching the Approval Groups You can search for a specific approval group by using the name or description. 1. Type the string that you are searching for in the Name or Description field. 2. Press return and the table is filtered. You can use both fields at the same time to do further filtering. Network Security Manager Administration Guide 40 Configuration Management 3. Clear the filters to restore the full table. Adding a New Approval Group To add a new approval group: 1. Navigate to Home | Config Management > Approval Groups and select the Approval Groups tab. 2. Click the +Add icon. 3. Type the Name of the approval group. 4. Type the Description in the field provided. Make it unique so you can easily search on it if needed. A maximum of 256 characters are allowed. 5. Click Next. 6. In the Users column, select the users that you want to act as approvers for this group, and click the right arrow to move them to the Selected Approvers column. NOTE: If the user you want is not listed, you need to go to MySonicWall to set them up. 7. Click Next. Network Security Manager Administration Guide 41 Configuration Management 8. In the Users column, select the users that you want to receive notice when approval is required, and click the right arrow to move them to the Selected Notificants column. 9. If you want to send notice to people not listed as users, enter their email in the Adhoc Email field and click Add to Notificant List. 10. Click Done. 11. Verify that the group appears in the table. Editing an Approval Group To edit an approval group: 1. Navigate to Home | Config Management > Approval Groups and select the Approval Groups tab. 2. Select the group name of the group you want to edit. 3. In the Action column, select Edit. 4. Navigate through the screens and make the changes needed. 5. Click Done. 6. Verify that the changes appear in the table. Deleting an Approval Group To delete an approval group: 1. Navigate to Home | Config Management > Approval Groups and select the Approval Groups tab. 2. Select the group name of the group you want to delete. 3. In the Action column, select Delete. NOTE: If you want to delete several groups at once, check the box beside each one and click the Delete icon at the top of the table. 4. Confirm that you want to delete the selected group by clicking Yes. A confirmation message shows that the delete was completed successfully. Network Security Manager Administration Guide 42 Configuration Management Setting the Default Approval Group To set a new default approval group: 1. Navigate to Home | Config Management > Approval Groups and select the Approval Groups tab. 2. Click the Set Default icon. 3. Select the approval group from the drop-down list. 4. Click Update. Configuration Management Workflow Use the following workflow to prepare changes and push them to the devices. 1. Perform firewall configuration changes through NSM. You can perform configuration changes on firewalls by applying template to device group(s) or configuring changes in the Firewall View. To perform configuration in the Firewall View, see SonicOS documentation. 2. View pending configuration updates for the devices. See Viewing Pending-Configuration Updates 3. Perform commit and deploy to push the updates to managed devices. See Committing and Deploying the Updates 4. Monitor commits to check the deployment status of commits and take necessary action. See Managing Commits. Viewing Pending-Configuration Updates The configuration changes performed on devices through NSM (either in FIREWALL VIEW or by applying templates to device groups) need to be committed (so that the changes are locked), and then deployed on the devices to push the updates to the devices. To view pending configurations: 1. Navigate to Manager view | Config Management > Commits page. 2. Click PENDING CONFIGS at the top of the page. Network Security Manager Administration Guide 43 Configuration Management 3. Click the item that has the OPERATIONAL STATUS as Editing. 4. All the devices to which the configuration changes are applicable are displayed. 5. Click the caret icon next to a device name to see the configuration changes that are awaiting commit and deploy. The operations are listed, for example: add, update, and so on. Click the caret icon next to the listed operation to see the JSON script of the operation performed. To perform commit and deploy, refer to Committing and Deploying the Updates Committing and Deploying the Updates After configuration updates are performed on devices through NSM either in Firewall View or by applying templates, you can review the updates (see Viewing Pending-Configuration Updates), and then commit (so that the changes are locked) and deploy the changes to the device(s) for the updates to be effective. The commit and deploy action can be performed in any of following ways: l In the Firewall View: Commit & Deploy menu allows you to commit and deploy updates for a firewall. After the configuration changes are made to any device, the Commit and Deploy menu item notifies configuration updates that are awaiting commit and deploy. See Committing and Deploying Updates in the Firewall View. l In the Manager View: From the Commit & Deploy wizard in the Manager View, you can commit and deploy configuration updates to the device(s). See Committing and Deploying Updates to Device (s) in the Manager View. Committing and Deploying Updates in the Firewall View You can commit and deploy the configuration updates for any firewall in the Firewall View. To commit and deploy the configuration updates on a firewall: 1. Navigate to the Firewall View. 2. To see the pending configuration updates on a firewall, click Commit and Deploy. NOTE: You will see a notification on the Commit and Deploy option only when there are any pending configurations. Network Security Manager Administration Guide 44 Configuration Management 3. In the Commit & Deploy Pending Changes wizard: a. Enter the Commit ID and Comments in their respective fields. To commit and deploy the changes instantly, click Deploy Now. To schedule commit and deploy operations, navigate through the screens by clicking Next and choose a schedule date b. If you select Deploy Now, a confirmation message on commit status is displayed. c. If you click Next, it allows you to set the schedule to a later time. Click Commit to commit items and Deploy Nowat the scheduled time. d. A confirmation message on commit status is displayed. The deployment process runs at the scheduled time. e. Click Close. f. To see the deployment status of the commit items, see Monitoring Commits. Committing and Deploying Updates to Device(s) in the Manager View From the Commit & Deploy wizard in the Manager View, you can commit and deploy configuration updates to the device(s). 1. Navigate to the Manager View. 2. View pending configuration updates. See Viewing Pending-Configuration Updates 3. Do one of the following: l Click Commit & Deploy in the upper-right corner of any page in the Manager View. l Navigate to Config Management > Commits , and click New Commit. Network Security Manager Administration Guide 45 Configuration Management 4. In the Commit & Deploy Pending Changes dialog, click the caret icon next to each device name in the Devices section to review the pending configuration updates. 5. Select the device(s) to commit and deploy pending configuration updates on all the selected device (s), enter Commit ID and Comment for your reference. 6. Click Next. 7. In the SCHEDULE TIME section, select either of the options: l Now--To commit and deploy the changes instantly. Skip to step 8. l Set Schedule --To commit now, and then deploy the changes as per the schedule. 8. If you selected Set Schedule , you need to set the schedule. 9. Click Next. 10. In the Commit & Deploy Pending Changes section, review your changes before committing . 11. Click Commit. 12. The status of commit is displayed in the COMMIT STATUS section. For scheduled deployment, the configuration changes will be deployed at the scheduled time; for instantaneous deployment, configuration changes will be deployed shortly after committing the changes. 13. Click Redirect to All Commits to view the commits and their status. See Monitoring Commits. Discarding Pending Configurations You can discard the pending configurations when you don't intend to commit and deploy the configuration changes. Network Security Manager Administration Guide 46 Configuration Management To discard pending configurations: 1. Navigate to Manager view | Config Management > Commits. 2. Hover over the item that shows Editing as its OPERATIONAL STATUS and click the Ellipses icon in the ACTION column. 3. Select Discard. 4. Click Yes in the confirmation dialog. Monitoring Commits The Manager view | Config Management > Commits page displays the information, such as, pending configuration updates and deployment status of commits. You can also manage commits from this page. See Managing Commits. You can customize what contents appear in the Commits table. The following list shows all the options. Click Column Selection and select or clear the selection of items to include or exclude data of any category in the table. COMMITS Term Description OPERATIONAL STATUS COMMIT ID SCHEDULE DEVICE COUNT USER ROLE COMMENTS Status of the commit. The user-assigned ID for the commit. The Time at which the commit is deployed or when the commit should be deployed as per the schedule. Number of devices to which the configuration changes are to be deployed. User that performed commit. Management role of user. The comment entered when creating a Network Security Manager Administration Guide 47 Configuration Management Term PENDING CONFIG / APPROVAL APPROVED / COMMITTED DEPLOY STATUS Description commit. Editing--configuration updates that are pending commit and deploy operations. Status of the commit. The deployment status of the commit. Managing Commits This section provides information on managing commits. Topics: l Editing Commits l Rescheduling Commits l Redeploying Commits l Deleting Commits Editing Commits NOTE: You can edit only the commits that are scheduled for deployment. To edit a commit: 1. Navigate to Manager view | Config Management > Commits. 2. Hover over the commit and click the Ellipses icon in the ACTION column. 3. Click Edit. 4. Click Yes in the Confirmation dialog. Redeploying Commits You can redeploy commits that have failed deployment. To redeploy a commit: 1. Navigate to Manager view | Config Management > Commits. 2. Hover over the commit and click the Ellipses icon in the ACTION column. 3. Click Redeploy. 4. In the Redeploy Commit dialog, select one of the options: Network Security Manager Administration Guide 48 Configuration Management l Now--to deploy instantaneously l Set Schedule--to set the schedule for deployment 5. If you selected Set Schedule, set the Schedule Date. 6. Click Submit. Rescheduling Commits To reschedule a commit: 1. Navigate to Manager view | Config Management > Commits. 2. Hover over the commit and click the Ellipses icon in the ACTION column. 3. Click Reschedule. 4. In the Reschedule Commit dialog, select one of the options: l Now--to deploy instantaneously l Set Schedule--set the schedule for deployment 5. If you selected Set Schedule, set the Schedule Date. 6. Click Submit. Deleting Commits NOTE: You can delete the commits that are scheduled for deployment and ones that are already deployed. To delete a commit: 1. Navigate to Manager view | Config Management > Commits. 2. Hover over the commit and click the Ellipses icon in the ACTION column. Network Security Manager Administration Guide 49 Configuration Management 3. Click Delete. a. Click Yes in the Confirmation dialog. A success message is displayed if deletion is successful. The OPERATIONAL STATUS of the commit changes to Canceled in the Commits page. Auditing Configuration Changes When managing multiple firewalls in an environment with multiple users, you want to be able to audit changes made by all the users to firewall address objects and groups. Network Security Manager shows who made changes that affect the rules and overall security of your devices. This data is shown in the Audit table at MANAGER VIEW> Config Management > Audit. You can adjust the period of the audit by adjusting the slider at the top of the page to the predefined values. The table lists all the commits performed by the users on any device selected from the Devices drop-down list. To view the configuration of the device after any particular commit / deploy operation, click caret icon next to the DATE & TIME field of the commit. To view differences between configurations: 1. Navigate to Template View > Config Management > Audit. 2. Select two commits to compare. 3. Click on Config Diff. A color-coded display shows where the differences appear. Green text represents configuration data that was added. Red text represents data that was deleted, and blue is the value of the parameter. 4. To see a side-by-side comparison of the complete difference in configurations, click on Full Diff. Network Security Manager Administration Guide 50 Configuration Management 6 Tenants The Manager View | Tenants page shows details of all the MSW tenants you have access to. You can manage or monitor all the firewalls that are registered to these tenants through NSM, based on your user role. Adding tenants, assigning users to tenants, and assigning user roles can be performed only in MSW. To add tenants, assign users to tenants, and assign permission to users, see MSW online help. Click on any tenant displayed on the Tenants page to access data corresponding to the selected tenant, across all the tabs listed in the left pane. The table displays the below information for each tenant: Term Definition Name Tenant name. MSW TENANT ID ID assigned to the tenant in MSW. ALIAS Another name (if any). DEFAULT ADMIN Email address of the default admin. Click the caret icon next to a tenant name to view more details of the tenant. Network Security Manager Administration Guide 51 Tenants 7 CSC Users The Manager View | CSC Users command set provides information on all the users that have been setup for access to the tenant you have logged into. Those users can manage firewalls through NSM, based on user roles assigned to them. Topics: l CSC User Status l Users l Support Portal Users l Roles and Permissions CSC User Status The Manager View | CSC Users > Status page provides information of all the active user sessions. The following information is displayed for each active user session: Term USER IP EMAIL ROLE LOGIN TIME ACTIVE IDLE REMAINING TIME Definition User that has an active session. IP address of the system that hosts user session. Email address of the user. Management role of the user. Timestamp of the user login. Activity status Duration for which the user remains inactive. The time remaining in their login session. Network Security Manager Administration Guide 52 CSC Users To log out the user(s): 1. Select the user(s) and click Logout User(s). 2. Click OK to confirm. Users The users listed on the Users page (Manager View | CSC Users > Users)are assigned to a tenant in MySonicWall (MSW). You can add CSC users for any tenant, assign users to a tenant and assign user roles only through MSW. For information on assigning users to tenants and assigning user roles, refer to the MSW online help. The table on the Users page gives the following details for any user listed: Term PRIMARY EMAIL FULL NAME ROLE TENANT(S) COMMENT NOTIFICATION BETA FEATURES ACTION Definition Email address of the user. Full name of the user. Management role of the user; this role is assigned in MSW. l SuperAdmin- Provides complete access to the user. User can add or update or delete the following: Users, Tenants, and Devices in MSW. l Admin - User can configure firewall; edit UserInfo (Email/timeout); add or delete devices in MSW l Operator - User can configure firewalls. l Support - No Configuration Mode; user can only view firewall configurations. l ReadOnly - No Configuration Mode; user can only view firewall configurations. l Guest - No Configuration Mode; user can only view firewall configurations. Tenant(s) to which the user has access to. Any comment if added. A switch that enables or disables notifications for a user. A switch that enables or disables beta features for a user. Provides the options edit or delete a user. Network Security Manager Administration Guide 53 CSC Users Topics: l Sorting and Filtering l Editing CSC Users Sorting and Filtering The Users table can be sorted, searched, and filtered to find a specific user or type of user. At the top of the page, you can use the graphs to filter the table contents. The default is to show all users, but if you click on the other options, Admin Users or Operator User, for example, the table filters itself to show only the type of user chosen. The fields at the top of the table offer other filtering options. Enter a string of characters in the search field and the table responds as you type. You can select specific roles or tenants to provide additional filtering. At any time you can export the data to a CSV file by clicking the Export icon. Editing CSC Users Most major changes to users, including deleting users, need to be performed in MSW. However, some features can be edited locally. To update user information: 1. Navigate to Manager View | CSC Users > Users. 2. Hover over the user that you want to edit and click Edit option in the ACTION column. 3. In the Edit User dialog, enter the following: l Secondary Email--Secondary email address of the user l Comment--Any valid comment l Notifications--Enable or disable notifications l Timeout--The duration after which the user is logged out 4. In the Authentication dialog, you can Whitelist login IP addresses. The IP address that are not added in the Whitelist Login IP Addresses will be blocked. Network Security Manager Administration Guide 54 CSC Users a. Click Add to add Whitelist login IP Address. b. From the Network Type, choose the option Host, Range or Network. Host - When selected Host, input the IP address of the whitelist device. Range - When selected Range, enter starting and ending IP range Network - When selected Network, enter Network name and Netmask. The user's IP address is automatically checked whether the user is logging in from an allowed IP whenever a login is attempted. 5. Click the Access tab to see the various permissions and devices access. 6. Click on the Role to see the permissions granted to this user. Yo can click the + icon to expand the permissions list to see the detail behind it. Click again to collapse permissions. 7. Click the Edit icon in TENANTS & DEVICES to associate tenants and devices together and click Apply. 8. Return to the General tab and click Save. Support Portal Users Navigate to Manager View | CSC Users > Support Portal Users set up user permissions for using the Support Portal. All current users are listed in a table and you can use the search field to filter the list by typing in a string of characters. The table identifies the support user type (Admin or User) and shows whether they are enabled to use the support portal or not. Network Security Manager Administration Guide 55 CSC Users To create a Support Portal user: 1. Navigate to Manager View | CSC Users > Support Portal Users. 2. Click the +Add icon. 3. Type the email of the user you are adding. 4. Select the type of user from the drop-down list. 5. Enable the user's access. 6. Click Save. Users can be deleted by selecting a user and clicking the Delete icon. Roles and Permissions The functions of the administrative and support roles are defines on the Roles and Permissions page. Here you determine what actions each roles is allowed to take. You can see a summary of the definitions in the table, and you can see the details by clicking on the caret beside the role name. Network Security Manager Administration Guide 56 CSC Users To edit the permissions assigned to each role: 1. Navigate to Manager View | CSC Users > Roles and Permissions. a. Select the Edit command in the Action column for the role you want to change. 2. Expand the permissions and find the parameters that you want to change. NOTE: When the state is enabled, the green circle means that all the children parameters are also enabled. A half green circle indicates that some children parameters are in a disabled state. A gray circle indicates that all children are disabled. 3. Slide the indicator to enabled or disabled as needed. 4. Click Save to retain the settings. Network Security Manager Administration Guide 57 CSC Users 8 Scheduled Reports You can set up schedules to generate reports at regular intervals. As part of scheduling, you need to specify the following: report type and the type of information that you wish to include; devices or groups for which the reports should be generated; how often the reports are delivered; and the medium for report delivery. Managing the Schedules The table on Manager View | Scheduled Reports > Rule page displays the shows the scheduled reports that are created. The details of each scheduled report are shown in a tabular format. SCHEDULES TABLE Term Description SCHEDULE Name of the scheduled report. NAME SCHEDULE Execution frequency of the scheduled report. TYPE REPORT TYPE Report type--Flow or CTA or Management DELIVERY TYPE Medium for delivering the PDF report. LAST RUN TIME Timestamp when the scheduled report was executed the last time. NEXT SCHEDULE TIME Timestamp when the scheduled report will be executed the next time. Network Security Manager Administration Guide 58 Scheduled Reports Term LAST RUN STATUS ACTION Description Status of the report that was executed the last time. Displays options to edit or delete the schedule. In addition to the above data, more information about a rule is displayed when you click the caret icon next to the schedule name. l Schedule ID: ID assigned to the scheduled report by NSM l Owner: User that created the scheduled report l Report Type: Report type--Flow or CTA or Management l SCHEDULE UNIT STATUS DETAILS: Status of the report execution for each device Several icons at the top right corner of the table help you manage your schedules. Refer to the image and table below to learn more about them. Success Fail In Progress Add Delete Refresh Run Now Run for date range Column Selection Number of reports that were successfully executed the last time. Number of reports that failed execution the last time. Number of reports that are currently running. To set up a new scheduled report. To delete the selected scheduled report. Refresh the page. To generate the selected report(s) instantly. To generate the selected report(s) to obtain data over a custom period. Choose which options to be displayed in the table Creating Scheduled Reports You can set up Flow report or CTA (Capture Threat Assessment) report or Management report. You can also create scheduled reports for a firewall in the Firewall View (Home | Schedule > Reports Rules) page. The procedure for creating scheduled reports in the Firewall Viewis similar to creating a scheduled report in the Manager View as given below. To create a scheduled report: 1. Navigate to Manager View | Scheduled Reports > Rule. 2. Click the + Add icon above the table. The ADD SCHEDULE wizard is displayed. Network Security Manager Administration Guide 59 Scheduled Reports 3. In the REPORT CONFIGURATION page: a. Type the Report Name. b. Type the Report Description. c. Select the Report Type: Flow, CTA, or Management. The options displayed in the REPORTS section depend on the selected report type. For information on the categories that you want in your report, see Analytics and Reporting document. l RealTime Reports: This section provides applications rate, interface bandwidth, cpu usage and connection rate over a period of time. l Dashboard Reports: This section provides top 10 for applications, threats, users, URLs, IPs, countries, bandwidth queue usage for traffic traversing through the firewall during specified times. l Details Reports: This section provides detailed view of the applications, threats, users, URLs, IPs, countries usage for traffic traversing through the firewall during specified times. d. Select the type of information you want in your report from the options displayed. You can include all the data by selecting Select All. e. Click Next. 4. In the DEVICE SELECTION page: a. Select one of the following options: Firewall--to select firewalls, Group--To select device groups, or Tenant--To select the tenant you have logged into. Tenant option is not available for Flow Reports. Network Security Manager Administration Guide 60 Scheduled Reports b. Click Next. 5. In the DELIVERY CONFIGURATION page: a. Select the Delivery Interval. You can choose Daily, Weekly, or Monthly. b. Specify the Schedule Time. c. For Weekly Reports, enable Edit Weekly Reports Schedule Day and select the required day to specify the day when to receive the report. The default option is Sunday. d. For Monthly Reports, enable Edit Monthly Reports Schedule Date and select the appropriate date to receive the report. The default date is 7. e. Select the Delivery Type to indicate whether the report is set up for archiving or emailing, or Network Security Manager Administration Guide 61 Scheduled Reports both. If you have selected delivery type as Email, you need to provide information on the email recipient in Email Destination--user role of the recipient and Email ID fields. Enter the Email Subject and Email Body. Email Body is optional. f. If you have enabled email delivery type, you can choose to receive compressed report by enabling Zip Report. g. If you want added security for the report, enable Password Protect. Enter and confirm the password when asked. h. To use a custom logo in your reports, enable Use Custom Logo and select or upload a logo from your local system. i. Click Next. 6. Review report settings, click Save. If you have successfully created a scheduled report, a success message is displayed. The newly created report is displayed on Rules page. Editing Schedule To edit the rule for a scheduled: 1. Navigate to Manager View | Scheduled Reports > Rule. 2. In the ACTION column, click the Ellipses icon for the schedule you want to edit, and select Edit Schedule. Network Security Manager Administration Guide 62 Scheduled Reports 3. You can make necessary changes in the CREATE SCHEDULE wizard. See Creating Scheduled Reports for reference. Running Reports Manually You can run a scheduled report anytime, and need not wait for the report to run at the scheduled time. Running the report just after scheduling helps you to check if your configurations have been saved and are scheduled as you have planned. To run a scheduled report instantly: 1. Navigate to Manager View | Scheduled Reports > Rule . 2. Select the checkbox next to the schedule name and click Run Now at the top of the table. 3. Click OK in the dialog displayed. LAST RUN STATUS changes to In progress and eventually changes to Success if the report runs successfully. If you had configured Archive as one of the DELIVERY TYPE options for the scheduled report, the report you generated is available for download. For more information on working with the archived reports, see Downloading Archived Reports. Setting the Report Date Range To generate a report to obtain data over a custom period, you need to specify the date range. To set the date range: 1. Navigate to Manager View | Scheduled Reports > Rule. 2. Select the checkbox next to schedule name and click Run for date range at the top of the table. 3. Click the calendar icon and select the date range by clicking and holding the mouse button on a start date and dragging it to the end date, highlighting the range. Network Security Manager Administration Guide 63 Scheduled Reports 4. Click Submit. The report runs instantly; it includes data for the specified date range. Archived Reports Navigate to Manager View | Scheduled Reports > Archive to view the archived reports. Each report shows the following details: FILE NAME ARCHIVE FOR SCHEDULE TYPE USER NAME SOURCE GENERATION TIME START TIME; END TIME ACTION Name of the report Device name to archive Frequency at which the PDF reports are generated User that ran the scheduled report manually Report type Time at which the PDF report was generated Displays the interval for which the data is captured in the generated report. Options to download or delete the report Network Security Manager Administration Guide 64 Scheduled Reports Downloading Archived Reports To download an archived report: 1. Navigate to Manager View | Scheduled Reports > Archive. 2. Select the checkbox(es) next to the schedule name(s) for which you want to download the report, and click Download icon at the top of the table. 3. Click OK in the DOWNLOAD CONFIRMATION dialog. Network Security Manager Administration Guide 65 Scheduled Reports 9 System Events NSM maintains an Event log for tracking potential security threats. Configuring Log Settings You can configure LOGS AND ALERTS SETTINGS on the Manager View | Logs & Alerts > Settings page to configure the items that needs to be tracked in the Events page. You can filter the entries to limit the data display to only those events of interest. NOTE: Debug log settings can be performed only by Super Admins or Tech Support representatives. The Log Level shows the severity or priority of an event. The Alert Level drop-down shows options that indicate whether an alert message will be sent for this event. CAUTION: Changing the Event Priority may have serious consequences as the Event Priority for all events will be changed. Setting the Event Priority to a level that is lower than the Log Level will cause those events to be filtered out. To perform logs and alerts settings: 1. Navigate to Manager View | Logs & Alerts > Settings page. 2. Select an option in Log Level drop-down and set the corresponding Alert Level as required. You can set appropriate alert levels for other log levels available. 3. Click Save. Viewing System Events The Manager View | Logs & Alerts > Events page displays the system events and their details based on the filter you set. Network Security Manager Administration Guide 66 System Events Click the gear icon at the upper-right corner and select the items that you want as columns in the Event Log. You can also search for an event in the Search box. You can export the event logs to a CSV file using Export option. You can configure the following to view the events of your desired combination: Period Priority Category You can set the duration to view the events for the selected period using the slider at the top of the table. Priority level of the event, such as Info (information) or Error. l Emergency l Critical l Alert l Error l Warning l Notice l Info l Debug l Trace l Trace 2 Category of the event. l All Category l Notification l Configuration l API l Device Management l Reporting and Analytics l Reporting l User The following details are displayed for each event logged: LOCAL TIME CATEGORY PRIORITY Time at which the event is logged Category to which the logged event belongs to. Priority level of the event Network Security Manager Administration Guide 67 System Events MESSAGE SOURCEIP TENANT NAME REQUEST ID Information on the event IP address of the source device Tenant for which the log is triggered A unique ID for every event that was created Network Security Manager Administration Guide 68 System Events 10 SonicWall Support Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support. The Support Portal enables you to: l View knowledge base articles and technical documentation l View and participate in the Community forum discussions at https://community.sonicwall.com/technology-and-support. l View video tutorials l Access https://mysonicwall.com l Learn about SonicWall professional services l Review SonicWall Support services and warranty information l Register for training and certification l Request technical support or customer service To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support. Network Security Manager Administration Guide 69 SonicWall Support About This Document NOTE: A NOTE icon indicates supporting information. IMPORTANT: An IMPORTANT icon indicates supporting information. TIP: A TIP icon indicates helpful information. CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. Network Security Manager Administration Guide Updated - March 2021 232-005314-01 Rev B Copyright © 2021 SonicWall Inc. All rights reserved. The information in this document is provided in connection with SonicWall and/or its affiliates' products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. and/or its affiliates do not make any commitment to update the information contained in this document. For more information, visit https://www.sonicwall.com/legal. End User Product Agreement To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/end-user-product-agreements/. Open Source Code SonicWall Inc. is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order in the amount of USD 25.00 payable to "SonicWall Inc.", to: General Public License Source Code Request Attn: Jennifer Anderson 1033 McCarthy Blvd Milpitas, CA 95035 Network Security Manager Administration Guide 70 SonicWall Supportmadbuild