SonicWall™ Cloud GMS Quick Start Guide

SonicWall™ Cloud GMS is a web-based management and reporting application that provides centralized management and high performance reporting for the SonicWall family of firewalls. With the introduction of a cloud-based solution, you can now focus on your core business and not worry about additional installation and maintenance of the software.

This Quick Start Guide helps to rapidly deploy one or more firewalls and to quickly configure the necessary policies, schedule firmware upgrades for execution during maintenance windows, and monitor the capacity and activity of the firewalls while using industry standard encrypted IPFix-based logs with highly pleasing reports. In addition to the reporting, the real-time reports can also be used to view the active traffic passing instantaneously through the firewall.

This document covers the basic functionality on how to:
1
Log in to www.MySonicCloud.com
2
How to log in to Cloud GMS and Add Unit for Management and Reporting
3
Introduction to Policy Management
4
Introduction to Reporting

Refer to the steps that follow and the Cloud GMS Online Help for detailed steps and in-depth descriptions on the features of the product.

Topics:  
Supported Firewalls
MySonicWall Setup
Summary of Steps to Adding Unit to Cloud GMS
Activating Cloud GMS
Managing Firewalls
Provisioning and Adding Units
Adding new SonicWall appliances to Cloud GMS
Advanced Firewall Configuration
Auto-configuration for Reporting
Introduction to Policy Management and UI layout
Introduction to Reporting
General > Status
Real-Time > Monitor
Real-Time > Report
Dashboard > Applications
Reports > Applications
SWARM Report
Online Training

Supported Firewalls

Cloud GMS is designed for the current generation of SonicWall firewalls running SonicOS 6.2.7 and higher.
SOHO and SOHO-W
TZ300 through TZ600
NSA 2600 through NSA 6600 with an active CGSS or AGSS subscription.

MySonicWall Setup

Prerequisites

You need a MySonicWall account: Sign up at https://www.mysonicwall.com/user/registration.aspx

Summary of Steps to Adding Unit to Cloud GMS

These are the steps for an advanced user who is already familiar with MySonicWall, GMS, the firewall user interface, and how to add a unit to Cloud GMS.

1
Log in to www.MySonicCloud.com.
2
Enroll to Cloud GMS tenancy.
* 
NOTE: You can skip this step if you have enrolled previously.
3
Activate Cloud GMS license for each firewall to MySonicWall.com.
4
Log in to the firewall and configure the GMS Management settings to point to cloudgms.global.sonicwall.com to manage the firewall from a US-based datacenter, or to cloudgmsams.global.sonicwall.com to manage the firewall from a European-based datacenter.
5
Click back to the Cloud GMS instance at www.MySonicCloud.com and log in to the Cloud GMS user interface.
6
Add a unit to Cloud GMS using “Add Unit” and by following the prompts.
7
Monitor the Status page for unit acquisition.
* 
NOTE: Cloud GMS makes changes to the following configuration files for the firewall to be managed and to generate reports correctly.
Firewall > System > Administration > Enable Management Using GMS > Configure
Firewall > AppFlow > Flow Reporting > GMS Flow Server
Firewall > AppFlow > GMSFlow Server

Any changes to the settings disrupts the Cloud GMS management and report generation capability.

In addition to the above settings, Cloud GMS creates a Reporting tunnel between the firewall and Cloud GMS to upload the reporting data securely with a prefix “SGMS-<fw serial number>”. Do not make any changes to this tunnel.

Activating Cloud GMS

1
Log in to www.MySonicCloud.com by signing in with your MySonicWall account credentials, and follow the login instructions.

2
Click Next.

3
Enter your MySonicWall password credentials. If you have forgotten your password, you can click “Forgot password?” to receive a reminder from MySonicWall. If you would like to log in as a different user, click “Different user?” and you will return to the previous screen. After successfully logging in, you will be taken to the MySonicCloud Dashboard.
4
Activate Cloud GMS by clicking Go to MySonicWall and completing the registration process.
* 
NOTE: The initial login may show that “You do not have any products registered” which is expected.

If you have products registered, you will be taken to the Instances screen which shows the total number of licensed products Cloud GMS can manage.

If no Instances are available to license, click Enable Cloud GMS to provision a new Instance.

5
Clicking the “Enable Cloud GMS” link opens a popup where you can select a Data Center and establish a “friendly name” for that Instance.

6
Enter the necessary data and click Submit.

The new Instance appears in the Dashboard, and an email is triggered upon successful registration that invokes an automatic provisioning that also triggers an email with the following message:

“Congratulations! Cloud GMS has been successfully enabled.”

7
Click Done.

A list of licensed Instances along with their Friendly Names displays.

8
Click Instances.

In this screen, all serial numbers that have valid Cloud GMS subscriptions, but are not assigned under any Instance, are grouped under the Unassigned Instances. You can open a Cloud GMS Instance and establish an association between the two.

All other serial numbers that are assigned to corresponding Cloud GMS serial numbers can be reassigned to any one of the other Instances. Multiple Instances of Cloud GMS for a single user can only be assigned to any one of the serial numbers.

9
After clicking License New Firewall, a popup appears where you can Try or Activate Cloud GMS services on one or all of your registered firewalls.

10
Click Try or Activate a License to continue.

Clicking Try activates a trial license of the Cloud GMS Management + Reporting service for 30 days. Using the Try option deactivates the datacenter option as provisioning has already been established.

Click Activate to enable multiple activation keys for the Cloud GMS services available for this product.

* 
NOTE: The option to License New Firewall does NOT appear if no Cloud GMS Instances are registered to you. This is possible if you are activating the service in MySonicWall where automatic provisioning of the tenant is done even when no Instances are registered.

11
Click Browser Refresh in the original session or log back in to www.MySonicCloud.com.
* 
NOTE: You are now logged in to Cloud GMS.

12
Before you continue to Add a New Unit into Cloud GMS, you will need to activate one of three services; Cloud GMS Management and Reporting, Cloud GMS Management Only, or Cloud GMS Basic for every firewall.
* 
NOTE: The service activation steps need to be repeated for each unit that is being added to Cloud GMS.
a
Log in to www.mysonicwall.com using the ID that you used to activate Cloud GMS.
b
Navigate to My Products > Product Management.
c
Select the firewall you want to add to Cloud GMS.
d
Page down to Applicable Services > Desktop and Server Software.
e
Click Try under Cloud GMS Management and Reporting.

f
Repeat the steps (b) through (e) for activating Cloud GMS on multiple units.
g
Log out of www.mysonicwall.com.

Managing Firewalls

When you visit the Manage Firewalls screen and have no Instances registered, you are taken to the Manage Instances screen. When you visit this screen with no firewalls present, you are taken to the Dashboard.

To manage a firewall,
1
Click the firewall serial number to access the MySonicWall service management screen.
2
Click the Instance serial number to access the Cloud GMS system.
3
Clicking Try or Activate is the same as using Manage Instances.

Provisioning and Adding Units

The next steps in setting up your SonicWall Cloud GMS are provisioning SonicWall appliances to communicate with Cloud GMS and adding them to the SonicWall Cloud GMS. All SonicWall appliances must be provisioned before adding them to the SonicWall Cloud GMS. Make sure the provisioned SonicWall appliances have a valid Cloud GMS license, one for each SonicWall appliance.

Adding new SonicWall appliances to Cloud GMS

Log in to www.MySonicCloud.com using the same credentials you used to activate the Cloud GMS service.

* 
NOTE: Adding a unit to Cloud GMS requires a restart of the firewall during the course of activating the firewall for reporting.

Step 1: Adding Unit to Cloud GMS

1
Add the firewall to Cloud GMS by clicking the “+” icon (Add Unit).
2
Type in the following information:
a
Unit Name
b
Serial Number of the firewall
c
Password
d
Management port defaults to 443. If you are going to configure your firewall to something other than the default, such as 8443, then change this to 8443.
* 
The login credentials are encrypted and stored in a password protected database.
If the firewall is installed behind an NAT device, then rules have to be created for Cloud GMS to be able to access the firewall by way of a secure SSL connection.

3
The firewall is in the “Provisioned State” until the firewall is configured for management by Cloud GMS.

Step 2: Configuring the firewall for management with Cloud GMS

1
Log in to the firewall with the admin ID.

2
Navigate to System > Administration.
a
Click Enable management using GMS.

3
Click Configure.
4
Add:
a
Enter cloudgms.global.sonicwall.com to the GMS Host Name or IP Address field to connect the firewall to a US-based datacenter, or enter cloudgmsams.global.sonicwall.com to connect the firewall to a European-based datacenter.
b
Enter 514 in GMS Syslog Server Port.
c
Check Send Heartbeat Status Messages Only.
d
Click OK.

e
Click Accept on the page that follows.

f
Log out of the firewall user interface.
* 
NOTE: After you log in to the Cloud GMS application and find that the middle pane reveals a button instead of the Policies and Flows page links, click the button to sync the license information from the back end. This then clears the issue of the missing links in the middle pane.
* 
NOTE: Check the Console Panel > View Logs for any errors or warning messages when the licensing synchronization does not correctly synchronize the licenses for the unit.

If the middle panel does not appear, but the Status screen shows the license as Active, you can reload the browser once to view the contents of the middle panel.

Step 3: Configuring perimeter routers and gateways that allow Cloud GMS access to the firewall

Add a rule to allow inbound HTTPS traffic on your NAT Device that also allows access from Cloud GMS to the WAN interface of your managed appliance.

* 
NOTE: These rules are critical in managing the appliance from the Cloud GMS application. Without these rules, the appliance cannot be acquired, it appears unprovisioned (yellow icon), and an error message is displayed in the status screen of the Cloud GMS user interface at the unit level.

Advanced Firewall Configuration

Auto-configuration for Reporting

After the Firewall has been acquired, and the status icon in the Tree Control changes to “Blue” for the firewall licensed for Reporting and Analytics, the scheduler engine auto-configures the Flow Server information on the GMSFlow Server page.

* 
NOTE: This step could require a restart of the firewall depending on your version of the firmware.

The Application Control feature available in the firewall is required for showing the Application Names in Flow reporting. Enabling this option on the firewall reveals raw traffic being generated by Google Chat sessions in a more readable report than “Google Chat,” “Facebook,” and so on. Follow this link for detailed instructions on how to enable the feature on your firewalls using SonicOS Gen 6 firmware.

Introduction to Policy Management and UI layout

Cloud GMS is a Web-based application for configuring, managing and gathering reports from SonicWall firewalls. This section provides an introduction to the main elements of the Web-based management interface.

Multi-firewall Management

Cloud GMS provides next generation management capability by allowing you to manage multiple firewalls over HTTPS. Functions such as creating tasks, posting policies, scheduling tasks, and more are easily completed across multiple appliances at the Unit and Group levels.

Navigation Tabs

The Cloud GMS management interface navigation tabs are located at the top of the management interface. The navigations tabs include:
Firewalls
Flows
Console

The Console tab provides tools to customize options and to manage the Cloud GMS settings that affect the environment.

Left Pane or Tree Control

The left pane of the Cloud GMS management interface provides tree control that displays the current Cloud GMS view as well as a list of managed appliances. The left-pane tree control provides the ability to switch between views and displays the current state of each appliance under management. A single box in the tree control indicates a node at the appliance or unit level. Two boxes in the tree control indicate a node at the group level. A global node at the top of the tree control is indicated by a three-box icon. The color and additional images superimposed on these icons provide useful status information

Middle Pane

At the top of the Middle pane there are two sub-tabs:

Policies - Provides policy configuration options for managed appliances.
Flows - Provides IPFIX-based Flow Reporting at the global, group, or appliance level. The current selection in the center pane is indicated by the highlighted item.

The Middle pane options change based on the navigational tab and the Left pane selections, and the selections in the Middle pane modify the display in the Right pane.

Right Pane

The Right pane displays the available status or tasks based on the current selection of the navigational tab and the Left pane and Middle pane options. Configurations completed in the Right pane modify the global, group, and appliance settings. For example, the Right pane image displays the status and tasks available for the Policies navigation tab, the Left pane selection in the GlobalView, and the Middle pane selection of System > Status.

Introduction to Reporting

This describes the general report flows on the full range of SonicWall platforms and includes the following:
General > Status
Real-Time > Monitor
Real-Time > Report
Dashboard > Applications
Reports > Applications
SWARM Report

General > Status

The General > Status dialog shows reporting configuration information such as: Firewall information, Flow Agents Assignment, the Data Retention Period, and other critical information such as disk storage allocation and flows collected.

Real-Time > Monitor

This report provides a real-time view of the packets forwarded by the firewall and displayed in the form of live charts. The charts are divided into three sections:
Application bandwidth - Indicates applications that are flowing through the firewall in bits per second.
Per Interface Data - Indicates the bandwidth utilization in bits per second, average packets per second, average packets size, and new connection rates in connections per second
Device data - CPU utilization per core. Total active connections

Data visible on this page is limited to a maximum of 10 minutes. Individual charts can be rearranged manually by dragging and dropping the graph window. Mouse over the data in the graphs and you can drill-down to Flow Reports. The appearance of the chart can be customized by using the Settings button. Mouse-over the information icon or question marks to see context-sensitive help. Collapse or expand individual charts using the + or - icon in the upper right of each chart. Show or hide legends by clicking the Legends button.

Real-Time > Report

This report provides historical views of the real-time monitor charts. You can choose and visualize real-time charts from any time period of recorded data using the Start and End boxes and clicking the Refresh icon. You can also choose either a specific time range in the past using the drop-down time menu or by using a custom time by clicking a start and a stop time on the graph. You can also select the last few hours, days, weeks, or months using the drop-down menu.

Individual charts can be rearranged manually and you can drill-down to AppFlow reports, AppFlow sessions, or Flow Analytics/AppFlow monitor pages from specific charts. Hide legends by clicking the Legends button.

Dashboard > Applications

This provides a concise view of the Top Ten reports available based on following attributes:
Top Applications based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Users based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Virus based on Sessions
Top Intrusions based on Sessions
Top Spyware based on Sessions
Top URL Ratings categories based on Sessions and Bytes
Top Initiator IP addresses based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Responder IP addresses based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Initiator Locations based on Sessions and Bytes
Top Responder Locations based on Sessions and Bytes
Top BWM Queues based on Queue type, Sessions and Bytes
Top Botnets based on Sessions and Bytes

You can choose and visualize this data from any given moment using the Start and End boxes and clicking the Refresh button. You can also choose either a specific time range in the past by indicating a Custom Range or by selecting a drop down menu selection for the last few hours, days, weeks, or months.

The Reports can be displayed in the following ways:
Table View - Data can be sorted on any column.
Pie Chart View - Charts can be selected to either show total data or per entry. (For example, the Initiator IP tab by default shows the total sessions over time, total bytes over time, total intrusion over time, and so on.) You can also choose the same charts for individual IPs by selecting the Table view from the button bar at the top of the chart.

Reports > Applications

This provides a detailed view of reports that are similar to the Top Flow Dashboard reports described in Dashboard > Applications , but these reports are not limited to Top 10. You can get reports on the top 25, 50, 100, 150, 500, 1000, 5000, 10000, 25000, 50000, or unlimited incidents. In this section, you can sort the data displayed under any tab or column. Different tabs are provided to view individual data sets. You can also filter your data by configuring a text Filter String.

You can choose and visualize this data from any given moment (in the past) by clicking start and end points in the graph itself or by using the Start and End menus and clicking the Refresh icon. You can use the time drop-down menu to choose pre-configured hourly, daily, weekly, or monthly increments. You can also choose either a specific time range in the past by indicating a custom time or by selecting a moment from the last few hours, days, weeks, or months.

You can export all table reports into one file or download the currently active table into a single file, by clicking the Export icon.

SWARM Report

A SWARM (SonicWall Application Risk Management Report) report is generated using the SonicFlow Report (SFR) data file.

This file can be exported by clicking “SWARM” in the top right corner of the following reports.

Flows > Dashboard Menu *

Flows > Reports Menu *

The Download Application Visualization Report dialog appears.

Click Download to receive the report of your network traffic between the dates you indicate.

Refer to the https://www.sonicwall.com/partners/swarm-report.aspx for detailed descriptions and steps on how to upload reporting data to MySonicWall.com and to produce a report in a PDF format.

Online Training

To view the free, online Certified SonicWall System Administrator training course for GMS, see https://support.sonicwall.com/sonicwall-analyzer/training/109/global-management-system-certification-cssa-level-course.