Global Management System (GMS) 7.
SonicWALL GMS 7.0 Getting Started Guide This Getting Started Guide contains installation procedures and configuration guidelines for deploying SonicWALL Global Management System (SonicWALL GMS) on a Windows server on your network. SonicWALL GMS is a Web-based application that can configure, manage, and monitor the status of thousands of SonicWALL Internet security appliances and non-SonicWALL appliances from a central location.
Contents This document contains the following sections: Page 2 1 “Before You Begin” on page 3 • “System Requirements” on page 3 • “Record Configuration Information” on page 7 2 “Installing and Upgrading SonicWALL GMS” on page 8 • “Installing Universal Management Suite 7.
1 Before You Begin See the following sections for information about SonicWALL GMS: • “System Requirements” on page 3 • “Record Configuration Information” on page 7 System Requirements The SonicWALL GMS 7.0 software comes with a base license to manage either 10 nodes or 25 nodes. You can purchase additional licenses on MySonicWALL. For more information on licensing additional nodes, visit: http://www.sonicwall.com/us/Products_Solutions.
Note: SonicWALL GMS does not support MS SQL Server 2005 Express. • SonicWALL MySQL Install Package installed on either Windows 2000 Server (SP4) or 2003 Server (SP1) MySQL Requirements SonicWALL GMS automatically installs MySQL as part of the base installation package. Separately installed instances of MySQL is not supported with SonicWALL GMS 7.0. Separately installed instances of MySQL is supported with SonicWALL GMS 6.0 only. Java Requirements SonicWALL GMS services uses Java SE 6 Update 23.
SonicWALL Appliance and Firmware Support SonicWALL Platforms SonicWALL Firmware Version Firewall / VPN SuperMassive 10000 Series SonicOS 6.0 or newer NSA Series SonicOS 5.0 or newer TZ Series SonicOS Enhanced 3.2 or newer SonicOS Standard 3.1 or newer PRO Series SonicOS Enhanced 3.2 or newer SonicWALL CSM Series SonicOS CF 2.0 or newer Secure Remote Access SonicWALL SMB SRA Series SonicOS SSL-VPN 2.0 or newer (management) SonicOS SSL-VPN 2.
SonicWALL GMS Gateway Recommendations A GMS gateway is a SonicWALL firewall appliance that allows for secure communication between the SonicWALL GMS server and the managed appliance(s), using VPN tunnels. A GMS gateway is not required in all deployment scenarios, but when deployed, the GMS gateway must be a SonicWALL VPN-based network security appliance running SonicOS Enhanced firmware or another VPN device that is interoperable with SonicWALL VPN.
Record Configuration Information Before continuing, record the following configuration information for your reference. SonicWALL GMS Information SMTP Server Address: The IP address or host name of your Simple Mail Transfer Protocol (SMTP) server. For example, mail.emailprovider.com. HTTP Web Server Port: The number of your Web server port if customized. The default port is 80. HTTPS Web Server Port: The number of your secure (SSL) Web server port if customized. The default port is 443.
2 Installing and Upgrading SonicWALL GMS SonicWALL GMS can be configured for a single server or in a distributed environment on multiple servers. SonicWALL GMS 7.0 can be installed as a fresh install or as an upgrade from GMS 6.0. Note: You must disable the User Account Control (UAC) feature on Windows before running the SonicWALL GMS installer. In addition, disable Windows Firewall or your personal firewall before running this installer.
2. In the Introduction screen, click Next. 3. In the License Agreement screen, select the radio button next to I accept the terms of the License Agreement. Click Next. SonicWALL GMS 7.
4. Select the path to the folder where you would like to install the files. You can accept the default path, C:\GMSVP, type in a new path, or click the Choose button to navigate to the selected folder. When you are finished, click Next. Alert: Do not include spaces in the installation path. 5. In the SonicWALL Universal Management Suite Settings screen, select or type in the IP address to which the SonicWALL GMS services should bind to listen for inbound TCP, UDP, SNMP, syslog, or other packets.
8. If you see a Windows Security Alert for Java, click Unblock. 9. The installer displays a progress bar as the files are installed. Wait a few minutes for the installer to finish installing. 10.
This screen also provides information about registration. To register a SonicWALL GMS installation, use the 12-character serial number that you received when you purchased this product. Click Next. 12. In the Installation Complete screen, select Yes, restart my system to restart your system immediately, or select No, I will restart my system myself to restart your system later. Click Done. 13.
Note: In a distributed environment, stop all GMS services on all GMS servers before performing an upgrade. You must upgrade all GMS servers in your deployment to the same version of SonicWALL GMS 7.0. You cannot have some servers running version 6.0 and others running 7.0. It is highly recommended that you backup your database, GMS installation folders, and the \conf\sgmsConfig.xml file on all GMS servers prior to performing the SonicWALL GMS upgrade.
3 Registering and Licensing SonicWALL GMS All instances of SonicWALL GMS must be registered and licensed before use. This requirement applies to both single server deployments or distributed deployments on multiple servers, to fresh or upgraded installations, and to software installations on Windows servers or to SonicWALL UMA appliances.
2. The login page loads by default in English, type admin in the User field, and password in the Password field and then click Submit. SonicWALL GMS includes language support for English, Japanese, Simplified Chinese, Traditional Chinese. Click the language of your choice at the bottom of this page. 3. The Login page reloads to force a password change. Type a new password into both the New Password and Confirm New Password fields, and then click Submit. 4.
6. On the License Management page, type your MySonicWALL user name and password into the appropriate fields and then click Submit. Note: If you do not have a MySonicWALL account, you must create one before continuing. Click here in the sentence, If you do not have a mySonicWall account, please click here to create one. 7. On the second License Management page, type your 12-character software serial number into the Serial Number field and your authentication code into the Authentication Code field.
Registering Associated Servers in a Distributed Deployment When you have a distributed SonicWALL GMS deployment involving more than one SonicWALL UMA EM5000 appliance or software instance of SonicWALL GMS, you can associate these components during the registration process. A MySonicWALL account is required. In a distributed deployment, SonicWALL GMS must be registered and licensed on each server and associated with the initially registered instance of GMS.
4 Selecting the Role for a SonicWALL GMS Server The role that you assign to your SonicWALL GMS defines the SonicWALL Universal Management Suite services that it will provide. SonicWALL GMS uses these services to perform management, monitoring, and reporting tasks.
The initial Deployment > Role page is shown below: Using the Role Configuration Tool The Role Configuration Tool is a wizard that guides you through the process of defining the deployment role for SonicWALL GMS. Your system must be registered and licensed for SonicWALL GMS to run the Role Configuration Tool.
To use the Role Configuration Tool, perform the following steps: 1. Log into the appliance management interface and navigate to the System > Status page. 2. Click the Click here link at the top of the page. 3. In the Introduction page of the Role Configuration Tool, click Next. 4. In the Setup Type page, select Yes if you are adding this system to an existing SonicWALL GMS deployment. Selecting Yes indicates to the wizard that there is an existing SonicWALL GMS database on another server.
If you selected a role that does not include the MySQL database, you have the option of configuring the use of a SQL Server database in this screen. • • Note the following when selecting values for these fields: Database User – Do not use any special characters, and do not use 'sa', 'root', or 'admin'. • Database Password – Do not use any special characters. • Admin Login – If using MySQL, the default Admin Login is 'root'. This cannot be changed. • Admin Password – Do not use any special characters.
11. In the Summary page, verify that all parameters are correct. Click Back to make changes on a previous screen, or click Apply to accept the settings. 12. Wait for the settings to be applied. The screen displays a progress bar until it finishes, and then displays the status. This phase can take up to 10 minutes, especially if the database was included in the deployment. 13. Click Close to exit the Role Configuration Tool.
Configuring the All In One Role All In One deployments are ideal for managing a small number of SonicWALL appliances or for test environments. However, SonicWALL recommends that you use a multisystem, distributed deployment in production environments, with the database on a dedicated server and the other services on one or more systems. When only one other system is deployed, the Console role should be assigned to it.
Configuring the Database Only Role The Database Only role is used in a multi-server SonicWALL GMS deployment. In this role, the server is configured to run only the database service. SonicWALL recommends that one of the servers in a multi-server GMS deployment is assigned a Database Only role. Only the SonicWALL Universal Management Suite Database service runs on a Database Only system.
To deploy your SonicWALL GMS server in the Console role, perform the following steps: 1. Log into your UMH system interface and navigate to the Deployment > Role page. 2. Under Host Role Configuration, select the Console radio button. 3. If this SonicWALL GMS server will connect to managed appliances through a GMS gateway, type the gateway IP address into the GMS Gateway IP field. To determine if a GMS gateway is required, see the SonicWALL GMS Gateway Recommendations section, on page 6. 4.
• • Syslog Collector Web Service Server To deploy your SonicWALL GMS server in the Agent role, perform the following steps in the UMH system interface: 1. Navigate to the Deployment > Role page. Under Host Role Configuration, select the Agent radio button. 2. If this SonicWALL GMS server will connect to managed appliances through a GMS gateway, type the gateway IP address into the GMS Gateway IP field.
Configuring the Monitor Role The Monitor role is used to dedicate the SonicWALL GMS server to monitoring appliances and applications in a multi-server SonicWALL GMS deployment. The monitoring is based on ICMP probes, TCP probes and SNMP OID retrievals. Only the SonicWALL Universal Management Suite Monitoring Manager service runs on a Monitor system. To deploy your SonicWALL GMS server in the Monitor role, perform the following steps in the UMH system interface: 1. Navigate to the Deployment > Role page.
To deploy your SonicWALL GMS server in the Syslog Collector role, perform the following steps in the UMH system interface: 1. Navigate to the Deployment > Role page. Under Host Role Configuration, select the Syslog Collector radio button. 2. If this SonicWALL GMS server listens for syslog messages on a non-standard port, type the port number into the Syslog Server Port field. The default port is 514. 3. To include the MySQL database on this system, select the Include Database (MYSQL) checkbox.
4. 5. 6. 7. 8. drop-down list. This field is not editable if you previously selected Include Database (MYSQL) or if the selected role is All In One or Database Only. In the Database Host field, type in the IP address of the database server or accept the default, localhost, if this SonicWALL GMS server includes the database. This field is not editable if you previously selected Include Database (MYSQL) or if the selected role is All In One or Database Only.
Configuring Web Port Settings Web port settings configuration is largely the same on any role. To change the Web port settings, perform the following steps: 1. On the Deployment > Settings page under Web Port Configuration, to use a different port for HTTP access to the SonicWALL GMS server, type the port number into the HTTP Port field. The default port is 80. 2. To use a different port for HTTPS access to the SonicWALL GMS server, type the port number into the HTTPS Port field. The default port is 443. 3.
To configure the SMTP settings, perform the following steps: 1. On the Deployment > Settings page under SMTP Configuration, enter the IP address of the SMTP server into the SMTP server field. 2. Select the Use Authentication checkbox, and enter your SMTP server username and password. 3. In the Sender address field, enter the email address that will appear as the ‘From’ address when email alerts are sent to the administrator. 4.
5 Introduction to the Management Interfaces This section describes the two SonicWALL GMS management interfaces. An almost identical URL is used when accessing either the GMS management interface or the Universal Management Host system interface, but the URL is modified to specify either sgms or appliance.
Switching Between Management Interfaces On systems deployed in the All In One or Console role, the “superadmin” user can easily switch between the UMH system management interface and the SonicWALL GMS management interface. The SuperAdmin is the master administrator for the entire GMS installation. When logged in to either interface, the superadmin can switch to the login page of the other interface by clicking the Switch button in the top right corner of the page.
SonicWALL GMS Management Interface Introduction SonicWALL GMS is a Web-based application for configuring, managing, monitoring and gathering reports from thousands of SonicWALL Internet security appliances and nonSonicWALL appliances, all from a central location. This section provides an introduction to the main elements of the Web-based management interface.
The Dashboard tab also provides administrators with a centralized location to create Universal Scheduled Reports for Firewall, SRA, CDP, and Email Security reporting solutions. For more information on configuring the Universal Dashboard and Universal Scheduled Reports, refer to the “Using the Dashboard Panel” chapter in the SonicWALL GMS 7.0 Administrator’s Guide.
Management Interface The SonicWALL GMS management interface is the main control panel for SonicWALL GMS. The management interface allows you to add and modify appliances, perform monitoring and reporting tasks, set policies for managed appliances, and configure SonicWALL GMS settings.
Navigation Tabs The SonicWALL GMS management interface navigation tabs are located at the top of the management interface. The seven navigation tabs are Dashboard, Firewall, SRA, CDP, ES, Monitor, and Console. The Monitor tab provides real-time monitoring at the global, group or appliance level. The Console tab provides tools to customize options found in the other SonicWALL GMS tabs and to manage SonicWALL GMS settings that affect the environment globally.
The current selection in the center pane is indicated by the highlighted item. For example, the figure to the left displays the current selection Log > Log Settings. The center pane options change based on the navigational tab and left pane selections, and selections in the center pane modify the display in the right pane.
Description of Managed Appliance States This section describes the meaning of icons that appear next to managed appliances listed in the left pane of the SonicWALL GMS management interface. Appliance Status Description One blue box indicates that the appliance is operating normally. The appliance is accessible from the SonicWALL GMS, and no tasks are pending or scheduled. Two blue boxes indicate that appliances in a group are operating normally.
6 Next Steps After installation, registration, and role configuration, the next steps in setting up your SonicWALL GMS deployment are performed in the SonicWALL GMS management interface. See the SonicWALL GMS 7.0 Administrator’s Guide for complete information about configuring SonicWALL GMS device management and reporting. This guide and other related documents are available on: http://www.sonicwall.com/us/Support.
Copyright Notice © 2012 SonicWALL, Inc. All rights reserved. Under the copyright laws, this manual or the software described within, cannot be copied, in whole or part, without the written consent of the manufacturer, except in the normal use of the software to make a backup copy. The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original.
Related Technical Documentation SonicWALL user guide reference documentation is available at the SonicWALL Technical Documentation Online Library: . The SonicWALL GMS 7.0 documentation set includes the following user guides: • SonicWALL GMS 7.0 Release Notes • SonicWALL GMS 7.0 Software Getting Started Guide • SonicWALL GMS 7.0 Virtual Appliance Getting Started Guide • SonicWALL UMA EM5000 Getting Started Guide • SonicWALL GMS 7.
SonicWALL Live Product Demos Get the most out of your Global Management System with the complete line of SonicWALL products. The SonicWALL Live Demo Site provides free test drives of SonicWALL security products and services through interactive live product installations: • • • • • • UTM/Firewall/VPN Continuous Data Protection SSL VPN Secure Remote Access Content Filtering Email Security GMS and Analyzer For further information, visit: SonicWALL GMS 7.
Notes Page 44
SonicWALL, Inc. 2001 Logic Drive T +1 408.745.9600 San Jose CA 95124-3452 F +1 408.745.9300 PN: 232-000758-00 Rev B 2/12 2012 descriptions subject to change without notice. www.sonicwall.
