sonicwall global management system and analyzer · sonicwall global management system and analyzer...
TRANSCRIPT
SonicWALL Update
Jean-Marc Baumann
Regional Manager Switzerland / Austria
2
SonicWALL’s Future
• SonicWALL will be an independant company
• Day «One» is 1. November 2016
• Channel of distribution will stay the same
3
SonicWALL Selling Models
Classic Sell-out
- Offer Hardware and Services to your customer and sell it
- The customer is the owner
MSP
- Offer Managed Security Services to your customer
- Sell or lease the appliance to the customer
- Offer additonal Service which makes you as a partner unique
- Manage Renewals over Flexspend
- Use GMS to managed centrally
SECaaS
- Offer security solution on a monthly payment to the customer
- Combine this model with the MSP model
Unique selling model offer from one Vendor – DELL SonicWALL
4
SonicWALL News
• Price Increase by 1. November 2016
• On Gen5 Services and Support (TZ215, NSA 220, NSA 2400, NSA 3500 etc.)
• Potential to upgrade to Gen 6
• Secure Upgrade Promo
• Renewal today
• The prices online are already higher
5
SonicWALL Partner Event
• 4. November 2016 – 9 to 5
• GDI Gottlieb Duttweiler Institute, Langhaldenstrasse 21, 8803
Rüschlikon/Zürich
• Technical Update / Sales Infos
• Free participation
• Registration: http://peak16.dell.com/regional/switzerland.html
SonicWALL Global Management System and Analyzer
Technical Training
Daniel Bühler
Module 1.1Overview
8
What is GMS?
• Dell SonicWALL Global Management System, or GMS, provides a comprehensive architecture for centrally creating and managing security policies, providing real-time monitoring and alerts, and delivering intuitive compliance and usage reports, all from a single management interface
9
GMS ReportsWeb Site access denied…
Summarized data
Reporting databaseGMS agent
Syslog
This site is blocked by the content Filter Service.
URL: https://www.google.com/
Reason for restriction: «Search Engines andPortals»
10
The Value of Global Management
SonicWALL Solution• Simplified inventory management• Incremental node license model• Integrated service licensing• Service contract co-termination• Reporting for auditors• User activity reporting
Customer Benefit• Greater efficiencies via a single platform
• Relevant data for auditors
• Adherence to compliance controls
• Elimination of wasteful network usage
• Prevent lapse in support coverage
• One vendor to procure from
SonicWALL Solution• Granular control of SNWL devices
• Role based management
• Policy automation for multiple sites
• Inheritance rules and filters
• Customizable network alarms
• High availability architecture
Customer Benefit• Increased staff productivity
• Streamlined Mgmt and provisioning
• Adherence to compliance controls
• Rapid response to network disruptions
• High service and network uptime
• Scheduled policy changes
IT Staff
Integrated Management, Reporting, Monitoring Suite
Business Owner
11
. . . and Analyzer?
• Dell SonicWALL Analyzer is a web-based traffic analytics and reporting tool that provides real-time and historical insight into the health, performance and security of the network.
12
GMS versus Analyzer
GMS Analyzer
Reporting
Policies
Monitoring
13
Why customers choose GMS over Analyzer
• Multi-device policy management capabilities
• Role based access control– Reporting and Analytics
– Policy Management
• Scheduled policy changes
• Monitoring
• Automated backup of preferences files on a daily/weekly schedule
• Third party application integration (web services API, CLI, etcetera)
14
Available Platforms
• Software (Windows application)
– Windows Server 2008/2003 32-bit or 64-bit
– Windows 7, Vista, XP (Analyzer)
• Virtual Appliance (VA)
– Same as the UMA5000, only in a virtualized state for VMWare ESX or ESXi 4.x/5.0
GMS can operate with a mix of software and VA components
15
System Requirements: Software
GMS – Windows Operating System Requirements
Windows Server 2008 SBS 64-bit
Windows Server 2008 Standard 32-bit and 64-bit (SP1)
Windows Server 2003 32-bit and 64-bit (SP2)
– All listed operating systems are supported in both virtualized and non virtualized (VMware ESXi 4.1) environments.
Virtual Appliance Hardware Resource Requirements
ESX/ESXi 4 Update 1 or ESXi 5
RAM – 3168 MB – max RAM supported by SonicLinux - 32-bit OS.
CPU – 2 (SonicWALL recommends allocating 4 CPUs for best performance.)
Hard disk space – (Thin Provisioning is not recommended)
For the 40 GB image – Up to 40 GB
For the 250 GB image – Up to 250 GB
For the 950 GB image – Up to 950 GB - either a 4 MB or 8 MB block size
16
GMS Licensing Information
• Licensed by “Node” - which is ANY unit under management– 5, 10, or 25 licenses are offered
– GMS Licenses are stackable› Incremental licenses range from 1, 5, 10, 25, 100, 250 & 1000 bundles.
• Support – 24x7 based on the number of nodes under management
17
Analyzer Licensing Information
• Licensed per appliance
• Price point depends on the type of appliance
– TZ, NSA, SuperMassive, etc…
• Support is covered by the appliance under management
18
Version Requirements: Managed Units
SonicWALL Platforms SonicWALL Firmware Version
Firewall / Network Security
SonicWALL SuperMassive 10000 Series SonicOS 6.0 or newer
SonicWALL NSA Series SonicOS Enhanced 5.0 or newer
SonicWALL TZ Series SonicOS Enhanced 3.2 or newerSonicOS Standard 3.2 or newer
SonicWALL Pro Series SonicOS Enhanced 3.2 or newer
Email Security / Anti-Spam
SonicWALL Email Securtiy Series SonicWALL Email Securtiy 7.2 or newer(management only)
Secure Mobile Access
SonicWALL SMA 100 Series (SMB, SRA) SonicOS SSL-VPN 2.1 or newer
SonicWALL SMA 1000 Series Avantail 9.0 or newerNote: Always check the Release Notes for the most up to date information
19
User Interface
All-In-One
• WebServer
• Update Manager
• Syslog Collector
• Scheduler
• Reports Summarizer
• Reports Scheduler
• Event Manager
• Monitoring Manager
• Database
• Reporting Database
http://gms.demo.sonicwall.com/appliance /login
http://gms.demo.sonicwall.com/sgms/auth
20
System Interface
21
User Interfaces
Console Agent2 Summarizer
WebServerUpdate ManagerSyslog CollectorSchedulerReports SummarizerReports SchedulerEvent ManagerMonitoring ManagerDatabaseReporting Database
Syslog CollectorSchedulerReports SummarizerEvent ManagerMonitoring ManagerReporting Database
Reports SummarizerReporting Database
System Interface
http://gms.demo.sonicwall.com/appliance /login
System Interface
http://gms.demo.sonicwall.com/appliance /login
Application Interface - http://gms.demo.sonicwall.com/sgms/auth
System Interface - http://gms.demo.sonicwall.com/appliance /login
22
Application Interface – Policies Panel
23
Unit StatusProvisioned – the unit has been added to GMS, but has not yet been acquired.
Up – the unit is acquired and the GMS agent is receiving heartbeats from the appliance.
Task(s) pending – the unit is up, and there are one or more tasks pending for immediate execution.
Task(s) scheduled – the unit is up, and there are one or more tasks scheduled.
Down – the GMS agent is no longer receiving heartbeats from the unit.
The small symbol in the upper-left corner of the icon indicates that when the unit was added to GMS, the Managed Address was specified manually.
24
Application Interface – Reports Panel
25
Applications Interface - Monitor
26
Application Interface - Console
Module 1.2Deployment Scenarios
28
Managed Service Provider Environment
GMS can be deployed as software (on a third party Windows server)or as a virtual appliance
GMS
29
Distributed Enterprise Deployment
GMS can be deployed as software (on a third party Windows server)or as a virtual appliance
GMS
30
Single Tier Deployment or “All in One”
Home Office
Car Dealership
Law Firm
GMS
SERVER
Agent-Database-Console
GMS Gateway
Agent, Console, and Database on the same server
Recommended for small deployments without redundancy requirements
31
Multi-Tier Deployment: Example 1
Distributed agents behind single GMS Gateway
Home Office
SQL
Car Dealership
Law Firm
AgentGMS
Console Agent
1 2
GMS Gateway
Primary: Agent 2
Secondary: Agent 1
Primary: Agent 1
Secondary: Agent 2
Primary: Agent 1
Secondary: Agent 2
32
Multi-Tier Deployment: Example 2
Agents behind separate GMS Gateway
Home Office
SQL
Car Dealership
Law Firm
AgentGMS
Console
Agent
VP
N
2
1
Primary: Agent 1
Secondary: Agent 2
Primary: Agent 1
Secondary: Agent 2
Primary: Agent 2
Secondary: Agent 1
GMS Gateway
GMS Gateway
33
GMS Roles• All-in-One
– All GMS services, including the database using MySQL.
• Database Only– GMS database using MySQL Server.
• Console– All GMS services, no database.
• Agent– Syslog Collector, Scheduler, Reports Summarizer, Event Manager,
Web sever (for System Interface) and Monitoring Manager
• Reports Summarizer– Reports Summarizer and Web sever (for System Interface)
• Reports Scheduler– Reports Scheduler and Web sever (for System Interface)
• Monitor– Monitoring Manager and Web sever (for System Interface)
• Event Manager– Event Manager and Web sever (for System Interface)
Module 1.3Communication and Management Options
35
Encryption Method and FlowGMS Console
XP/7/8/10/2000/2003/2008/2012
Man
ag
em
en
t T
un
ne
lE
xist
ing
HT
TP
S
UMA Management G/W
Terminates Management Tunnel(s)Managed F/W
3DES (168-bit) Syslog
HTTPS (128-bit):Port 443
DES (56-bit)
Syslog & Management:
HTTP POST
DES/3DES/
AES/ETC
36
Management Tunnel
• Unit is added to GMS.
• Scheduler service logs into GMS Gateway and creates the Manual Key Management SA using DES/MD5.
• Management traffic from GMS to the managed appliance is sent securely using the Management SA parameters.
• Syslog from the managed appliance to the GMS agent is sent securely using the Management SA parameters.
GMS
GMS Gateway
Secure communicationbetween GMS and appliance
Syslog sent securely
37
HTTPS Management
• Management traffic from GMS to the managed appliance is sent securely using HTTPS.
• Syslog from the managed appliance to the GMS agent is sent in the clear, but the payload is encrypted.
Gateway applianceforwards syslog to GMS agent
Secure HTTPS communicationbetween GMS and appliance
Encrypted SyslogSent in the clear
GMS
38
Existing Tunnel/ LAN
• No GMS Gateway required.
• Management from GMS agent to managed appliance is HTTP.
• Syslog sent in the clear if there is no site-to-site VPN tunnel.
Insecure HTTP communicationbetween GMS and appliance
Syslog sent securely
Gateway applianceforwards syslog to GMS agent
GMS
39
Which management method is best?Advantage Disadvantage Most Likely Deployment Scenario
VPN License Count:Not counted on the managed device
VPN Tunnel is unidirectional:Managed Device GMS Gateway
VPN License Count:
GMS Gateway must be able to handle number of remotely managed appliances
Manual Key SA:
No negotiation of the VPN tunnel since Manual Key SA is created
VPN security parameter:
Limited options
MSSP :
GMS deployment where the customer and the MSSP do not need VPN access to each other’s networks
SMB:
VPN license count are at or close to the available on the managed device
Most amount of configuration
VPN access is bidirectional
VPN Security Parameters:Fully configurable
VPN License Count:Counted against the VPN license on the GMS Gateway and the Managed Device
Mixed Traffic:VPN tunnel is used for GMS Management and data exchange between the networks
Distributed Enterprise :Existing VPN mesh environments
SMB:GMS deployments where VPN tunnels have already been previously configured
GMS Gateway is optional:
A device other than a SonicWALL appliance can be upstream of the GMS Agent.
Closed Remote Network:
No need to open remote network to GMS subnet
Complex Routing:
Can be used in complex NAT environments where IPSEC does not work
Decryption:
Performed by the GMS Server not by the firewall
Encryption:
Limited to 3DES
Public IP for GMS:
Requires GMS server has a public, routable IP address or upstream device forwards syslog packets to the GMS server.
Redundant Agents:
Agents must each have own unique routable IP address.
MSSP:
GMS deployment where the customer and the MSSP do not need VPN access to each other’s networks
Distributed Enterprise or SMB:
The device upstream of the GMS Server is not a SonicWALL Appliance.
VPN license count are at or close to available on the managed device
Man
ag
em
en
t T
un
ne
lE
xist
ing
HT
TP
S
Module 2.1Adding Appliances
41
Management Tunnel Configuration
42
HTTPS Management Configuration
43
Existing Tunnel/ LAN Configuration
44
Unit Added; Waiting to be Acquired
• Unit Added
• Yellow unit with lighting bolt, task indicator
Module 2.2Custom Groups, Group Attributes, and Views
46
Custom Groups
47
Creating Custom Groups
48
Applying Group Attributes to Units
49
Modifying Properties when Adding Units
50
Views
51
Views – Custom
52
Changing Views
Module 2.3Users, User Rights, and Authentication
54
GMS Users
55
GMS Users . . .
56
User Screen Permissions
57
Configuring Unit Permissions
Evalution Unit
NSA3600 – Adam2 Demo Unit
Franks Cheese Shop
POC_do_not_touch_critcase
Test 240
Franks Cheese Shop
SonicWALL
PCW
Customer 1
Customer 2
58
Configuring User GMS Permissions
59
Security Settings
60
Example User Jeff Logged In
61
External User Authentication
Note: External Auth Domains will initially create users in the Guest Group
62
Domains
63
Domains
Module 3.1Tasks: execution options, pending tasks, scheduled tasks and automation
65
Task Definition and Creation
• Task:
Any action taken against a unit under management
• Examples:– Create VPNs
– Collect ARP table.
– Firmware Update
66
Default Task Configuration
• Default
• Immediate
• Scheduled
67
Default Task Execution Configuration
68
Viewing Pending Tasks & Manual Execution
69
Automatic Preferences Backup
Module 3.2Group management and Inheritance
71
Group Level Configuration
72
Inheritance Overview
• Forward Inheritance – Pushes Group Level configurations down to units in that group
• Reverse Inheritance – Pushes Unit Level configurations up to the group
73
Inheritance Filters
74
Forward Inheritance
75
Forward Inheritance Continued
76
Reverse Inheritance
Module 3.3Mass Deployment Considerations
78
Minimum Configuration
Gateway applianceforwards syslog to GMS agent
Secure HTTPS communicationbetween GMS and appliance
Encrypted SyslogSent in the clear
GMS
• Minimum Configuration Needed – WAN Connectivity
– GMS Management Method
Unit with minimal configuration deployed
Appliance phone’s home to GMS
GMS will send down tasks that have been configured
79
AddUnit.XML
<FirewallList><FirewallInfo>
<sonicwallName>NSA240</sonicwallName><serialNumber>0017C52C67DD</serialNumber><userName>admin</userName>
<sonicwallPassword>9A5DA02CE0B95E499D863C8089321B9287</sonicwallPassword><passwordEncrypted>1</passwordEncrypted><typeOfUnit>1</typeOfUnit><port>4240</port><useVPN>1</useVPN><standbyManagedAtWan>1</standbyManagedAtWan><httpsMgmt>1</httpsMgmt><SAencryptionKey>cfdc65e9f4b32e12</SAencryptionKey><SAuthKey>2cfab81eec803cbb821c2da64b3aadca</SAuthKey><schedulerIPAddress>10.240.10.100</schedulerIPAddress><standbySchedulerIP></standbySchedulerIP><domainName>LocalDomain</domainName><CustomInfo>
<Country>USA</Country><Company>SonicWALL</Company><Department>Engineering</Department><State>California</State>
</CustomInfo></FirewallInfo>
</FirewallList>
Module 4Management of Non-NGFW Appliances
81
Secure Mobile Access Appliances
• GMS can make manual/scheduled backup of SRA appliances (Policies, General, Settings)
• Alerts can be generated when GMS detects unit is down (heartbeat)
• Firmware upgrade can be scheduled
• Reports can also be generated:
Unit Level Reports
• Data Usage
– Timeline
– Users
• User Activity
• Access Method
– Summary
– Users
• Authentication
– User Login
– Failed Login
• Web Application Firewall
– Threats Detected
– Threats Prevented
– Apps Detected
– Apps prevented
– Users detected
– Users Prevented
• Connections
– Application
– Users
• Up/Down
– Timeline
82
Email Security Management
• GMS can only manage ES– No reporting data is forwarded by GMS
• Management of ES uses Heterogeneous Management– Same method used to manage CDP units
• To enable GMS on ES– From CLI (SSH or serial access) - use the command “gms <interval> <serverIP>”
Module 5.1Reporting
84
A need for off-box application traffic analytics
On-box reportingQuick sampleApplication controlFor a single device
Off-box reportingHistoric advanced reportingTrouble shooting, forensicsSchedule customer reportsAcross multiple devices
85
ReportingWeb Site access denied…
Summarized data
Reporting databaseGMS agent
Syslog
This site is blocked by the content Filter Service.
URL: https://www.google.com/
Reason for restriction: «Search Engines andPortals»
86
Next Generation Reporting
• Near real-time• Granular drill down• Modern look and feel
87
User Activity Reporting . . .
88
Application Traffic Analytics
Trouble shooting, forensics, app usage reports for customers
89
Device Uptime Reporting
• Q: Can you prove the firewall has been up consistently?
• Q: MSP – Do you need to prove you met your Service Level Agreement?
90
Data Usage Reporting
• Q: Are you (or your customers) concerned about mounting bandwidth costs?
91
Threat Protection Reporting . . .
92
Universal Report Scheduler
• Q: Do you need to generate reports for your executive team or as part of a compliance initiative?
• Q: If you’re an MSP, do you need to send out scheduled reports to your customer?
93
Adding Templates
94
Scheduling Reports
95
Manage Scheduled Reports
96
Net Monitor
97
Net Monitor
How to differentiate?
Talk to the security Expert – 25 Years of Expirience