sonicwall global management system and analyzer · sonicwall global management system and analyzer...

SonicWALL Update

Jean-Marc Baumann

Regional Manager Switzerland / Austria

2

SonicWALL’s Future

• SonicWALL will be an independant company

• Day «One» is 1. November 2016

• Channel of distribution will stay the same

3

SonicWALL Selling Models

Classic Sell-out

- Offer Hardware and Services to your customer and sell it

- The customer is the owner

MSP

- Offer Managed Security Services to your customer

- Sell or lease the appliance to the customer

- Offer additonal Service which makes you as a partner unique

- Manage Renewals over Flexspend

- Use GMS to managed centrally

SECaaS

- Offer security solution on a monthly payment to the customer

- Combine this model with the MSP model

Unique selling model offer from one Vendor – DELL SonicWALL

4

SonicWALL News

• Price Increase by 1. November 2016

• On Gen5 Services and Support (TZ215, NSA 220, NSA 2400, NSA 3500 etc.)

• Potential to upgrade to Gen 6

• Secure Upgrade Promo

• Renewal today

• The prices online are already higher

5

SonicWALL Partner Event

• 4. November 2016 – 9 to 5

• GDI Gottlieb Duttweiler Institute, Langhaldenstrasse 21, 8803

Rüschlikon/Zürich

• Technical Update / Sales Infos

• Free participation

• Registration: http://peak16.dell.com/regional/switzerland.html

SonicWALL Global Management System and Analyzer

Technical Training

Daniel Bühler

Module 1.1Overview

8

What is GMS?

• Dell SonicWALL Global Management System, or GMS, provides a comprehensive architecture for centrally creating and managing security policies, providing real-time monitoring and alerts, and delivering intuitive compliance and usage reports, all from a single management interface

9

GMS ReportsWeb Site access denied…

Summarized data

Reporting databaseGMS agent

Syslog

This site is blocked by the content Filter Service.

URL: https://www.google.com/

Reason for restriction: «Search Engines andPortals»

10

The Value of Global Management

SonicWALL Solution• Simplified inventory management• Incremental node license model• Integrated service licensing• Service contract co-termination• Reporting for auditors• User activity reporting

Customer Benefit• Greater efficiencies via a single platform

• Relevant data for auditors

• Adherence to compliance controls

• Elimination of wasteful network usage

• Prevent lapse in support coverage

• One vendor to procure from

SonicWALL Solution• Granular control of SNWL devices

• Role based management

• Policy automation for multiple sites

• Inheritance rules and filters

• Customizable network alarms

• High availability architecture

Customer Benefit• Increased staff productivity

• Streamlined Mgmt and provisioning

• Adherence to compliance controls

• Rapid response to network disruptions

• High service and network uptime

• Scheduled policy changes

IT Staff

Integrated Management, Reporting, Monitoring Suite

Business Owner

11

. . . and Analyzer?

• Dell SonicWALL Analyzer is a web-based traffic analytics and reporting tool that provides real-time and historical insight into the health, performance and security of the network.

12

GMS versus Analyzer

GMS Analyzer

Reporting

Policies

Monitoring

13

Why customers choose GMS over Analyzer

• Multi-device policy management capabilities

• Role based access control– Reporting and Analytics

– Policy Management

• Scheduled policy changes

• Monitoring

• Automated backup of preferences files on a daily/weekly schedule

• Third party application integration (web services API, CLI, etcetera)

14

Available Platforms

• Software (Windows application)

– Windows Server 2008/2003 32-bit or 64-bit

– Windows 7, Vista, XP (Analyzer)

• Virtual Appliance (VA)

– Same as the UMA5000, only in a virtualized state for VMWare ESX or ESXi 4.x/5.0

GMS can operate with a mix of software and VA components

15

System Requirements: Software

GMS – Windows Operating System Requirements

Windows Server 2008 SBS 64-bit

Windows Server 2008 Standard 32-bit and 64-bit (SP1)

Windows Server 2003 32-bit and 64-bit (SP2)

– All listed operating systems are supported in both virtualized and non virtualized (VMware ESXi 4.1) environments.

Virtual Appliance Hardware Resource Requirements

ESX/ESXi 4 Update 1 or ESXi 5

RAM – 3168 MB – max RAM supported by SonicLinux - 32-bit OS.

CPU – 2 (SonicWALL recommends allocating 4 CPUs for best performance.)

Hard disk space – (Thin Provisioning is not recommended)

For the 40 GB image – Up to 40 GB

For the 250 GB image – Up to 250 GB

For the 950 GB image – Up to 950 GB - either a 4 MB or 8 MB block size

16

GMS Licensing Information

• Licensed by “Node” - which is ANY unit under management– 5, 10, or 25 licenses are offered

– GMS Licenses are stackable› Incremental licenses range from 1, 5, 10, 25, 100, 250 & 1000 bundles.

• Support – 24x7 based on the number of nodes under management

17

Analyzer Licensing Information

• Licensed per appliance

• Price point depends on the type of appliance

– TZ, NSA, SuperMassive, etc…

• Support is covered by the appliance under management

18

Version Requirements: Managed Units

SonicWALL Platforms SonicWALL Firmware Version

Firewall / Network Security

SonicWALL SuperMassive 10000 Series SonicOS 6.0 or newer

SonicWALL NSA Series SonicOS Enhanced 5.0 or newer

SonicWALL TZ Series SonicOS Enhanced 3.2 or newerSonicOS Standard 3.2 or newer

SonicWALL Pro Series SonicOS Enhanced 3.2 or newer

Email Security / Anti-Spam

SonicWALL Email Securtiy Series SonicWALL Email Securtiy 7.2 or newer(management only)

Secure Mobile Access

SonicWALL SMA 100 Series (SMB, SRA) SonicOS SSL-VPN 2.1 or newer

SonicWALL SMA 1000 Series Avantail 9.0 or newerNote: Always check the Release Notes for the most up to date information

19

User Interface

All-In-One

• WebServer

• Update Manager

• Syslog Collector

• Scheduler

• Reports Summarizer

• Reports Scheduler

• Event Manager

• Monitoring Manager

• Database

• Reporting Database

http://gms.demo.sonicwall.com/appliance /login

http://gms.demo.sonicwall.com/sgms/auth

20

System Interface

21

User Interfaces

Console Agent2 Summarizer

WebServerUpdate ManagerSyslog CollectorSchedulerReports SummarizerReports SchedulerEvent ManagerMonitoring ManagerDatabaseReporting Database

Syslog CollectorSchedulerReports SummarizerEvent ManagerMonitoring ManagerReporting Database

Reports SummarizerReporting Database

System Interface

http://gms.demo.sonicwall.com/appliance /login

System Interface

http://gms.demo.sonicwall.com/appliance /login

Application Interface - http://gms.demo.sonicwall.com/sgms/auth

System Interface - http://gms.demo.sonicwall.com/appliance /login

22

Application Interface – Policies Panel

23

Unit StatusProvisioned – the unit has been added to GMS, but has not yet been acquired.

Up – the unit is acquired and the GMS agent is receiving heartbeats from the appliance.

Task(s) pending – the unit is up, and there are one or more tasks pending for immediate execution.

Task(s) scheduled – the unit is up, and there are one or more tasks scheduled.

Down – the GMS agent is no longer receiving heartbeats from the unit.

The small symbol in the upper-left corner of the icon indicates that when the unit was added to GMS, the Managed Address was specified manually.

24

Application Interface – Reports Panel

25

Applications Interface - Monitor

26

Application Interface - Console

Module 1.2Deployment Scenarios

28

Managed Service Provider Environment

GMS can be deployed as software (on a third party Windows server)or as a virtual appliance

GMS

29

Distributed Enterprise Deployment

GMS can be deployed as software (on a third party Windows server)or as a virtual appliance

GMS

30

Single Tier Deployment or “All in One”

Home Office

Car Dealership

Law Firm

GMS

SERVER

Agent-Database-Console

GMS Gateway

Agent, Console, and Database on the same server

Recommended for small deployments without redundancy requirements

31

Multi-Tier Deployment: Example 1

Distributed agents behind single GMS Gateway

Home Office

SQL

Car Dealership

Law Firm

AgentGMS

Console Agent

1 2

GMS Gateway

Primary: Agent 2

Secondary: Agent 1

Primary: Agent 1

Secondary: Agent 2

Primary: Agent 1

Secondary: Agent 2

32

Multi-Tier Deployment: Example 2

Agents behind separate GMS Gateway

Home Office

SQL

Car Dealership

Law Firm

AgentGMS

Console

Agent

VP

N

2

1

Primary: Agent 1

Secondary: Agent 2

Primary: Agent 1

Secondary: Agent 2

Primary: Agent 2

Secondary: Agent 1

GMS Gateway

GMS Gateway

33

GMS Roles• All-in-One

– All GMS services, including the database using MySQL.

• Database Only– GMS database using MySQL Server.

• Console– All GMS services, no database.

• Agent– Syslog Collector, Scheduler, Reports Summarizer, Event Manager,

Web sever (for System Interface) and Monitoring Manager

• Reports Summarizer– Reports Summarizer and Web sever (for System Interface)

• Reports Scheduler– Reports Scheduler and Web sever (for System Interface)

• Monitor– Monitoring Manager and Web sever (for System Interface)

• Event Manager– Event Manager and Web sever (for System Interface)

Module 1.3Communication and Management Options

35

Encryption Method and FlowGMS Console

XP/7/8/10/2000/2003/2008/2012

Man

ag

em

en

t T

un

ne

lE

xist

ing

HT

TP

S

UMA Management G/W

Terminates Management Tunnel(s)Managed F/W

3DES (168-bit) Syslog

HTTPS (128-bit):Port 443

DES (56-bit)

Syslog & Management:

HTTP POST

DES/3DES/

AES/ETC

36

Management Tunnel

• Unit is added to GMS.

• Scheduler service logs into GMS Gateway and creates the Manual Key Management SA using DES/MD5.

• Management traffic from GMS to the managed appliance is sent securely using the Management SA parameters.

• Syslog from the managed appliance to the GMS agent is sent securely using the Management SA parameters.

GMS

GMS Gateway

Secure communicationbetween GMS and appliance

Syslog sent securely

37

HTTPS Management

• Management traffic from GMS to the managed appliance is sent securely using HTTPS.

• Syslog from the managed appliance to the GMS agent is sent in the clear, but the payload is encrypted.

Gateway applianceforwards syslog to GMS agent

Secure HTTPS communicationbetween GMS and appliance

Encrypted SyslogSent in the clear

GMS

38

Existing Tunnel/ LAN

• No GMS Gateway required.

• Management from GMS agent to managed appliance is HTTP.

• Syslog sent in the clear if there is no site-to-site VPN tunnel.

Insecure HTTP communicationbetween GMS and appliance

Syslog sent securely

Gateway applianceforwards syslog to GMS agent

GMS

39

Which management method is best?Advantage Disadvantage Most Likely Deployment Scenario

VPN License Count:Not counted on the managed device

VPN Tunnel is unidirectional:Managed Device GMS Gateway

VPN License Count:

GMS Gateway must be able to handle number of remotely managed appliances

Manual Key SA:

No negotiation of the VPN tunnel since Manual Key SA is created

VPN security parameter:

Limited options

MSSP :

GMS deployment where the customer and the MSSP do not need VPN access to each other’s networks

SMB:

VPN license count are at or close to the available on the managed device

Most amount of configuration

VPN access is bidirectional

VPN Security Parameters:Fully configurable

VPN License Count:Counted against the VPN license on the GMS Gateway and the Managed Device

Mixed Traffic:VPN tunnel is used for GMS Management and data exchange between the networks

Distributed Enterprise :Existing VPN mesh environments

SMB:GMS deployments where VPN tunnels have already been previously configured

GMS Gateway is optional:

A device other than a SonicWALL appliance can be upstream of the GMS Agent.

Closed Remote Network:

No need to open remote network to GMS subnet

Complex Routing:

Can be used in complex NAT environments where IPSEC does not work

Decryption:

Performed by the GMS Server not by the firewall

Encryption:

Limited to 3DES

Public IP for GMS:

Requires GMS server has a public, routable IP address or upstream device forwards syslog packets to the GMS server.

Redundant Agents:

Agents must each have own unique routable IP address.

MSSP:

GMS deployment where the customer and the MSSP do not need VPN access to each other’s networks

Distributed Enterprise or SMB:

The device upstream of the GMS Server is not a SonicWALL Appliance.

VPN license count are at or close to available on the managed device

Man

ag

em

en

t T

un

ne

lE

xist

ing

HT

TP

S

Module 2.1Adding Appliances

41

Management Tunnel Configuration

42

HTTPS Management Configuration

43

Existing Tunnel/ LAN Configuration

44

Unit Added; Waiting to be Acquired

• Unit Added

• Yellow unit with lighting bolt, task indicator

Module 2.2Custom Groups, Group Attributes, and Views

46

Custom Groups

47

Creating Custom Groups

48

Applying Group Attributes to Units

49

Modifying Properties when Adding Units

50

Views

51

Views – Custom

52

Changing Views

Module 2.3Users, User Rights, and Authentication

54

GMS Users

55

GMS Users . . .

56

User Screen Permissions

57

Configuring Unit Permissions

Evalution Unit

NSA3600 – Adam2 Demo Unit

Franks Cheese Shop

POC_do_not_touch_critcase

Test 240

Franks Cheese Shop

SonicWALL

PCW

Customer 1

Customer 2

58

Configuring User GMS Permissions

59

Security Settings

60

Example User Jeff Logged In

61

External User Authentication

Note: External Auth Domains will initially create users in the Guest Group

62

Domains

63

Domains

Module 3.1Tasks: execution options, pending tasks, scheduled tasks and automation

65

Task Definition and Creation

• Task:

Any action taken against a unit under management

• Examples:– Create VPNs

– Collect ARP table.

– Firmware Update

66

Default Task Configuration

• Default

• Immediate

• Scheduled

67

Default Task Execution Configuration

68

Viewing Pending Tasks & Manual Execution

69

Automatic Preferences Backup

Module 3.2Group management and Inheritance

71

Group Level Configuration

72

Inheritance Overview

• Forward Inheritance – Pushes Group Level configurations down to units in that group

• Reverse Inheritance – Pushes Unit Level configurations up to the group

73

Inheritance Filters

74

Forward Inheritance

75

Forward Inheritance Continued

76

Reverse Inheritance

Module 3.3Mass Deployment Considerations

78

Minimum Configuration

Gateway applianceforwards syslog to GMS agent

Secure HTTPS communicationbetween GMS and appliance

Encrypted SyslogSent in the clear

GMS

• Minimum Configuration Needed – WAN Connectivity

– GMS Management Method

Unit with minimal configuration deployed

Appliance phone’s home to GMS

GMS will send down tasks that have been configured

79

AddUnit.XML

<FirewallList><FirewallInfo>

<sonicwallName>NSA240</sonicwallName><serialNumber>0017C52C67DD</serialNumber><userName>admin</userName>

<sonicwallPassword>9A5DA02CE0B95E499D863C8089321B9287</sonicwallPassword><passwordEncrypted>1</passwordEncrypted><typeOfUnit>1</typeOfUnit><port>4240</port><useVPN>1</useVPN><standbyManagedAtWan>1</standbyManagedAtWan><httpsMgmt>1</httpsMgmt><SAencryptionKey>cfdc65e9f4b32e12</SAencryptionKey><SAuthKey>2cfab81eec803cbb821c2da64b3aadca</SAuthKey><schedulerIPAddress>10.240.10.100</schedulerIPAddress><standbySchedulerIP></standbySchedulerIP><domainName>LocalDomain</domainName><CustomInfo>

<Country>USA</Country><Company>SonicWALL</Company><Department>Engineering</Department><State>California</State>

</CustomInfo></FirewallInfo>

</FirewallList>

Module 4Management of Non-NGFW Appliances

81

Secure Mobile Access Appliances

• GMS can make manual/scheduled backup of SRA appliances (Policies, General, Settings)

• Alerts can be generated when GMS detects unit is down (heartbeat)

• Firmware upgrade can be scheduled

• Reports can also be generated:

Unit Level Reports

• Data Usage

– Timeline

– Users

• User Activity

• Access Method

– Summary

– Users

• Authentication

– User Login

– Failed Login

• Web Application Firewall

– Threats Detected

– Threats Prevented

– Apps Detected

– Apps prevented

– Users detected

– Users Prevented

• Connections

– Application

– Users

• Up/Down

– Timeline

82

Email Security Management

• GMS can only manage ES– No reporting data is forwarded by GMS

• Management of ES uses Heterogeneous Management– Same method used to manage CDP units

• To enable GMS on ES– From CLI (SSH or serial access) - use the command “gms <interval> <serverIP>”

Module 5.1Reporting

84

A need for off-box application traffic analytics

On-box reportingQuick sampleApplication controlFor a single device

Off-box reportingHistoric advanced reportingTrouble shooting, forensicsSchedule customer reportsAcross multiple devices

85

ReportingWeb Site access denied…

Summarized data

Reporting databaseGMS agent

Syslog

This site is blocked by the content Filter Service.

URL: https://www.google.com/

Reason for restriction: «Search Engines andPortals»

86

Next Generation Reporting

• Near real-time• Granular drill down• Modern look and feel

87

User Activity Reporting . . .

88

Application Traffic Analytics

Trouble shooting, forensics, app usage reports for customers

89

Device Uptime Reporting

• Q: Can you prove the firewall has been up consistently?

• Q: MSP – Do you need to prove you met your Service Level Agreement?

90

Data Usage Reporting

• Q: Are you (or your customers) concerned about mounting bandwidth costs?

91

Threat Protection Reporting . . .

92

Universal Report Scheduler

• Q: Do you need to generate reports for your executive team or as part of a compliance initiative?

• Q: If you’re an MSP, do you need to send out scheduled reports to your customer?

93

Adding Templates

94

Scheduling Reports

95

Manage Scheduled Reports

96

Net Monitor

97

Net Monitor

How to differentiate?

Talk to the security Expert – 25 Years of Expirience