SonicWALL GMS 7.0 User Manual
Global Management System (GMS) 7.0 Getting Started Guide
PROTECTION AT THE SPEED OF BUSINESS
™
SonicWALL GMS 7.0
Getting Started Guide
This Getting Started Guide contains installation procedures and configuration guidelines
for deploying SonicWALL Global Man agement System (SonicW ALL GMS) on a Windows
server on your network. SonicW ALL GMS is a Web-based application that can config ure,
manage, and monitor the status of thousands of SonicWALL Internet security appliances
and non-SonicWALL appliances from a central location. SonicWALL GMS provides the
following benefits:
• Centralized security and network mana ge m en t
• Sophisticated VPN deployment and configuration
• Active device monitoring and alerts
• Intelligent reporting and activity visualization
• Centralized logging and offline management
Note: For complete documentation, refer to the SonicWALL GMS Administrator’s
Guide. This and other documentation are available at:
http://www.sonicwall.com/us/Support.html
For the latest SonicWALL GMS software version downloads and documentation,
login to the MySonicWALL website at: http://www.mysonicwall.com.
SonicWALL GMS 7.0 Getting Started Guide Page 1
Contents
1
2
3
456
This document contains the following sections:
“Before You Begin” on page 3
“Installing and Upgrading SonicWALL GMS” on page 8
“Registering and Licensing SonicWALL GMS” on page 14
“Selecting the Role for a SonicWALL GMS Serve r” on page 18
“Introduction to the Management Interfaces” on page 32
• “System Requirements” on page 3
• “Record Configuration Information” on page 7
• “Installing Universal Management Suite 7.0” on page 8
• “Upgrading From an Earlier Version of SonicWALL GMS” on page 12
• “Registering / Licensing SonicWALL GMS After a Fresh Install” on page 14
• “Registering Associated Servers in a Distributed Deployment” on page 17
• “Using the Role Configuration Tool” on page 19
• “Manually Configuring the System Role” on page 22
• “Overview of the Two Interfaces” on page 32
• “Switching Between Management Interfaces” on page33
• “SonicWALL UMH System Interface Introduction” on page 33
• “SonicWALL GMS Management Interface Introduction” on page 34
“Next Steps” on page 40
Page 2
Before You Begin
1
See the following sections for information about SonicWALL GMS:
• “System Requirements” on page 3
• “Record Configuration Information” on page 7
System Requirements
The SonicWALL GMS 7.0 software comes with a base license to manage either
10 nodes or 25 nodes. You can purchase additional licenses on MySonicWALL. For
more information on licensing additional nod es , visi t:
http://www.sonicwall.com/us/Products_Solutions.html
Before installing SonicWALL GMS, review the following requirements.
Operating System Requirements
The SonicWALL GMS 7.0 release supports the following operating systems:
• Windows Server 2003 32-bit and 64-bit (SP2)
• Windows Server 2008 SBS R2 64-bit
• Windows Server 2008 R2 Standard 32 bit and 64 bit
Tip: In all instances, SonicWALL GMS is running as a 32-bit application. Bundled
databases run in 64-bit mode on 64-bit Windows operating systems. All listed
operating systems are supported in both virtu aliz ed and non- virt ua lize d (VM wa r e
ESXi 4.1) environments.
Hardware for Windows Server
• x86 Environment: Minimum 3 GHz processor dual-core CPU Intel processor
•4GB RAM
• 300 GB disk space
For Windows Server 64-bit, the higher the amount of RAM memory provides better
performance for the SonicWALL GMS management, reporting, and monitoring modules.
Database Requirements
SonicWALL GMS 7.0 supports the following databases:
• Microsoft SQL Server 2000 (SP4)
• Microsoft SQL Server 2005 (SP1)
• Microsoft SQL Server 2008
Regarding MS SQL Server 2005, SonicWALL GMS supports:
• SQL Server 2005 Workgroup
• SQL Server 2005 Standard
• SQL Server 2005 Enterprise
SonicWALL GMS 7.0 Getting Started Guide Page 3
Note: SonicWALL GMS does not support MS SQL Server 2005 Express.
• SonicWALL MySQL Install Package installed on either Windows 2000 Server (SP4)
or 2003 Server (SP1)
MySQL Requirements
SonicWALL GMS automatically installs MySQL as part of the base installation package.
Separately installed instances of MySQL is not supported with SonicWALL GMS 7.0.
Separately installed instances of MySQL is supported with SonicWALL GMS 6.0 only.
Java Requirements
SonicWALL GMS services uses Java SE 6 Update 23. SonicWALL GMS automatically
downloads the Java Plug-in 6.0 when accessing SonicWALL GMS. SonicWALL GMS
uses Tomcat 6.0.32.
Browser Requirements
• Microsoft Internet Explorer 8.0 or higher
• Mozilla Firefox 7.0 or higher
• Google Chrome 14.0 or higher
Network Requirements
To complete the SonicWALL GMS deployment process documented in this Getting
Started Guide, the following network requirements must be met:
• The SonicWALL GMS server must have access to the Internet
• The SonicWALL GMS server must have a static IP address
• The SonicWALL GMS server’s network connection must be able to
accommodate at least 1 KB/s for each device under management. For example,
if SonicWALL GMS is monitoring 100 SonicWALL appliances, the connection
must support at least 100 KB/s.
Page 4
Alert: Depending on the configuration of SonicWALL log settings and the amount of
traffic handled by each device, the network traffic can var y dr ama tica lly. T he
1 KB/s for each device is a general recommendation. Your installation
requirements may vary.
SonicWALL Appliance and Firmware Support
SonicWALL Platforms SonicWALL Firmware Version
Firewall / VPN
SuperMassive 10000 Series SonicOS 6.0 or newer
NSA Series SonicOS 5.0 or newer
TZ Series SonicOS Enhanced 3.2 or newer
SonicOS Standard 3.1 or newer
PRO Series SonicOS Enhanced 3.2 or newer
SonicWALL CSM Series SonicOS CF 2.0 or newer
Secure Remote Access
SonicWALL SMB SRA Series SonicOS SSL-VPN 2.0 or newer (management)
SonicOS SSL-VPN 2.1 or newer (reporting)
SonicWALL Aventail EX-Series Aventail 9.0 or newer
Backup and Recovery
SonicWALL CDP Series SonicWALL CDP 2.3 or newer (management)
SonicWALL CDP 5.1 or newer (reporting)
Email Security / Anti-Spam
SonicWALL Email Security Series SonicWALL Email Security 7.2 or newer
(management only)
Note: Legacy SonicWALL XPRS/XPRS2, SonicWALL SOHO2, SonicWALL Tele2, and
SonicWALL Pro/Pro-VX models are not supported for SonicWALL GMS
management. Appliances running SonicWALL legacy firmware including
SonicOS Standard 1.x and SonicWALL legacy firmware 6.x.x.x are not sup ported
for SonicWALL GMS management.
Non-SonicWALL Appliance Support
SonicWALL GMS provides monitoring support for non-SonicWALL TCP/IP and SNMPenabled devices and applications.
SonicWALL GMS 7.0 Getting Started Guide Page 5
SonicWALL GMS Gateway Recommendations
A GMS gateway is a SonicWALL firewall appliance that allows for secure communication
between the SonicWALL GMS server and the managed appliance(s), using VPN
tunnels.
A GMS gateway is not required in all deployment scenarios, but when deployed, the
GMS gateway must be a SonicWALL VPN-based network security appliance running
SonicOS Enhanced firmware or another VPN device that is interoperable with
SonicWALL VPN. The GMS gateway provides a VPN management tunnel for each
managed appliance. The number of management tunnels depends on the number of
VPNs supported by the GMS gateway appliance and may be a limiting factor.
For complete information about SonicWALL GMS management methods and
requirements for a GMS Gateway, see the GMS Gateway Requirements section in the
SonicWALL GMS Administrator’s Guide, available on:
http://www.sonicwall.com/us/Support.html
Page 6
Record Configuration Information
Before continuing, record the following configuration information for your reference.
SonicWALL GMS Information
SMTP Server Address: The IP address or host name of your Simple Mail
Transfer Protocol (SMTP) server. For example,
mail.emailprovider.com.
HTTP Web Server Port:
HTTPS Web Server Port:
GMS Administrator Email 1: The email address of a SonicWALL GMS
GMS Administrator Email 2:
Sender Email Address: The email address from which the email
GMS Gateway IP:
GMS Gateway Password: The password for the SonicWALL GMS gateway.
The number of your Web server port if customized.
The default port is 80.
The number of your secure (SSL) Web server port if
customized. The default port is 443.
administrator who will receive email notifications
from SonicWALL GMS.
The email address of an additional SonicWALL
GMS administrator who will receive email
notifications from SonicWALL GMS. This field is
optional.
notifications will be sent by SonicWALL GMS.
The IP address of the SonicWALL GMS gateway
between the SonicWALL GMS agent and the
network. This optional field is only applicable if you
have a GMS gateway.
This optional field is only applicable if you have
gateway between the SonicWALL GMS and the
network.
Database Vendor: Your database vendor if you are using a SQL
Server database.
Database Host/IP:
Database User:______________________ The MySQL user name for the database
The IP address of the database host. This is not
required when using the bundled database on this
server.
administrator. This is not required when using the
bundled database on this server. Refer to
“Configuring Database Settings” on page 28.
Database Password:_________________ The MySQL password for the database
administrator. This is not required when using the
bundled database on this server.
SonicWALL GMS 7.0 Getting Started Guide Page 7
Installing and Upgrading SonicWALL GMS
2
SonicWALL GMS can be configured for a single server or in a distributed environment on
multiple servers.
SonicWALL GMS 7.0 can be installed as a fresh install or as an upgrade from GMS 6.0.
Note: You must disable the User Account Control (UAC) feature on Windows before
running the SonicWALL GMS installer. In addition , disab l e Wind ow s Fir ew all or
your personal firewall before running this installer.
This section contains the following subsections:
• “Installing Universal Management Suite 7.0” on page 8
• “Upgrading From an Earlier Version of SonicWALL GMS” on page 12
Installing Universal Management Suite 7.0
In SonicWALL GMS 7.0, all software components related to SonicWAL L GMS and
SonicWALL Analyzer, including the MySQL database, executable bin ary files for all GMS
services, and other necessary files, are installed using the Universal Management Suite
7.0 single-binary installer. All GMS and Analyzer files are installed as the Universal
Management Suite 7.0, but no distinction is made between GMS and Analyzer during
the installation. The initial installation phase takes just a few minutes for any type of
installation, such as GMS server, Analyzer server, database server, or any other role.
To perform a fresh install of the Universal Management Suite 7.0 from the single binary
installer, perform the following steps:
1. Log on to your SonicWALL GMS management computer as administrator
(Windows). Launch the SonicWALL Universal Management Suite 7.0 installer, by
right-clicking the file sw_gmsvp_win_eng_7.0.xxxx.xxxx.exe (where “xxxx”
represent the exact version numbers) and select Run as administrator. It may take
several seconds for the InstallAnywhere self-extractor to initialize.
Page 8
2. In the Introduction screen, click Next.
3. In the License Agreement screen, select the radio button next to I accept the terms
of the License Agreement. Click Next.
SonicWALL GMS 7.0 Getting Started Guide Page 9
4. Select the path to the folder where you would like to install the files. You can accept
the default path, C:\GMSVP, type in a new path, or click the Choose button to
navigate to the selected folder. When you are finished, click Next.
Alert: Do not include spaces in the installation path.
5. In the SonicWALL Universal Management Suite Settings screen, select or type in the
IP address to which the SonicWALL GMS services should bind to listen for inbound
TCP, UDP, SNMP, syslog, or other packets. The installer detects and offers radio
buttons for any IP addresses associated with the system. The default is your
management computer IP address. To use a different IP address, select Other and
type the IP address into the field. Click Next.
6. To use a custom port for HTTP or HTTPS traffic to the system’s Web Server, type the
port number into the HTTP Port or HTTPS Port field.
If you receive the message “Cannot bind to the por t numb er s pec ifie d. Pleas e
specify a different one,” the port you specified is in use by anoth er pro gr am, fo r
example, Internet Information Services (IIS). Specify a different, unused port, such
as 8080.
Page 10
Tip: If you specify a custom port, you will need to modify the URLs you use to access
GMS by using the following format: http://localhost:<port>/ (to login from the local
host) or http://<ipaddress>:<port>/ ( to login from a remote location). Fo r example,
if you specified HTTP port 8080, the URL would be http://localhost:8080/ for a
local host login, or http://10.0.93.20:8080/ for a remote login.
7. Click Install.
8. If you see a Windows Security Alert for Java, click Unblock.
9. The installer displays a progress bar as the files are installed. Wait a few minutes for
the installer to finish installing.
10. After the files are installed, whether or not the system has a Personal Firewall such
as Windows Firewall enabled, a dialog is displayed notifying you to either disable the
firewall or manually open the syslog and SNMP port s, a nd to ensure tha t these ports
are open on your network gateway or firewall if you plan to use HTTPS Management
mode for managing remote appliances (instead of GMS Management Tunnel or
Existing Tunnel modes). Click OK. Be sure to adjust the settings as recommended.
11. The Important Registration Information screen provides the URL and credentials to
use to log into the SonicWALL GMS Universal Management Host system interface
after restarting your system:
The default URL for accessing the interface from the local system is:
http://localhost:80/
The default credentials are:
User name – admin
Password – password
SonicWALL GMS 7.0 Getting Started Guide Page 11
This screen also provides information about registration. To register a SonicWALL
GMS installation, use the 12-character serial number that you received when you
purchased this product.
Click Next.
12. In the Installation Complete screen, select Yes, restart my system to restart your
system immediately, or select No, I will restart my system myself to restart your
system later. Click Done.
13. After restarting your system, you can access the SonicWALL UMH system interface
to register the product and configure the GMS server settings on this system.
Access the SonicWALL GMS UMH system interface by either clicking on the new
desktop shortcut for SonicWALL Universal Management Suite 7.0 (your
default Web browser will launch http://localhost/appliance/login), or by
pointing your browser at http://localhost/.
14. Log in using the username admin and the password password. You will be
prompted to change your password.
Note: You are forced to change your password the first time you login.
To register and license SonicWALL GMS, see “Registering Associated Servers in a
Distributed Deployment” on page 17.
Upgrading From an Earlier Version of SonicWALL GMS
You can use the SonicWALL UMS installer to upgrade from the GMS 6.0 to the 7.0
release. To complete registration, the system must have access to the Internet and you
must have a MySonicWALL account.
Page 12
When upgrading a distributed deployment, upgrade an d register the primary system first.
This is usually the SonicWALL GMS Console system from the original deployment. All
subsequent instances of SonicWALL GMS will use the primary system’s 12 character
serial number when registering as components of the deployment. Each server in the
distributed deployment must be upgraded and registered individually.
If the GMS Console (Web server) is set up for HTTPS management, the upgrade to
GMS will preserve the HTTPS settings for the GMS Web server.
The upgrade installer checks with the SonicWALL backend to see if the SonicWALL
GMS deployment has a valid support license. If it does not, then the upgrade
discontinues. If the SonicWALL GMS installer detects that the SonicWALL backend site
is not accessible, it prompts the user to enter a n Upgrade Key. If the key is valid, it allows
the upgrade to continue. If the key is invalid, the installation fails.
Note: In a distributed environment, stop all GMS services on all GMS servers before
performing an upgrade. You must upgrade all GMS servers in your deployment to
the same version of SonicWALL GMS 7.0. You cannot have some servers
running version 6.0 and others runnin g 7.0.
It is highly recommended that you backup your database, GMS installation folders, and
the <GMS installation folder>\conf\sgmsConfig.xml file on all GMS servers prior to
performing the SonicWALL GMS upgrade.
To upgrade the SonicWALL GMS software, perform the following steps:
1. Log on to your SonicWALL GMS management computer as administrator
(Windows). Launch the SonicWALL Universal Management Suite 7.0 installer, by
double-clicking the file sw_gmsvp_win_eng_7.0.xxxx.xxxx.exe (where “xxxx” are
the exact version numbers). It may take several seconds for the InstallAnywhere selfextractor to initialize.
2. In the Introduction screen, click Next.
3. In the License Agreement screen, select the radio button next to I accept the terms
of the License Agreement. Click Next.
4. Wait while the installer prepares to install SonicWALL UMS on your system.
5. Click Install to upgrade your installation.
Note: You must have a valid support license to upgrade your SonicWALL GMS.
6. The Installer detects the previous installation of SonicWALL GMS. Click Install to
proceed with the upgrade.
7. If you see a Windows Security Alert for Java, click Unblock.
8. The installer displays a progress bar as the files are installed. Wait a few minutes for
the installer to finish installing.
9. After the files are installed, whether or not the system ha s a Personal Firewall such
as Windows Firewall enabled, a dialog is displayed notifying you to either disable the
firewall or manually open the syslog and SNMP port s, a nd to ensure tha t these ports
are open on your network gateway or firewall if you plan to use HTTPS Management
mode for managing remote appliances (instead of GMS Management Tunnel or
Existing Tunnel modes). Click OK. Be sure to adjust the settings as recommended.
10. The final installer screen contains the path of the installation folder, and warns you
that the Universal Management Suite Web page will be launched next. Click Done.
Note: When upgrading from SonicWALL GMS 6.0 to 7.0, legacy reports from GMS 6.0
will not be migrated to GMS 7.0. In GMS 7.0, you can still view legacy reports. For
more information on viewing legacy reports, refer to the SonicWALL GMS 7.0
Administrator’s Guide.
SonicWALL GMS 7.0 Getting Started Guide Page 13
Loading...