SonicWall Network Security Manager on KVM Getting Started Guide

Download

Network Security Manager on KVM

Getting Started Guide

Contents

Overview 3

About NSM 3

System Requirements 3

Browsers Levels 4 Firewall Types and Firmware 4

Deploying NSM on KVM 6

Prerequisites 6

Preparing to Install KVM 6

Installing KVM 7

Deploying the NSM VM in the Virtual Machine Manager 7

Creating a Virtual Machine via Command Line 8 Creating a Virtual Machine via virt-manager 8

Overview

SonicWall’s Network Security Manager is a web-based application that centralizes management for the SonicWall family of network security appliances.

Topics:

l About NSM

l System Requirements

l Conventions

About NSM

SonicWallNetwork Security Manager (NSM) is the next generation firewall management application that provides a holistic approach to security management. The approach is grounded in the principles of simplifying and automating various tasks to achieve better security operation and decision-making, while reducing the complexity and time required. NSM gives you everything you need for firewall management; it provides comprehensive visibility, granular control and the capacity to govern the entire SonicWall network security operations with greater clarity, precision and speed. This is all managed from a single, functionpacked interface that can be accessed from any location using a browser-enable device. Firewalls can be centrally managed to provision all of the network security services with a single-pane-of-glass experience.

NSM offers many salient features:

l On-boarding hundreds of devices with Zero-Touch Deployment easily

l Group devices based on geographic location, business functions or customers with Device Groups

l Enforce consistent security across all your devices with Device Templates

l Make informed decision and policy actions to any threat, quickly and in real time, with detailed

reporting and powerful analytics

System Requirements

Your infrastructure must meet certain minimum requirements for the following:

l Browsers Levels

l Firewall Types and Firmware

Network Security Manager Getting Started Guide

Overview

Browsers Levels

NSM is a cloud service that can be accessed over the internet by using one of these supported browsers:

Browser Supported

Google Chrome

Apple Safari

Microsoft Edge

Mozilla Firefox

Notes

Latest version

NOTE: This is the preferred browser for the real-time graphics display on the

Dashboard.

Latest version

Firewall Types and Firmware

The following firewall models can be managed by the Network Security Manager services.

Management Reporting Analytics

Entry Level Firewalls

SOHO W

TZ Series

SOHO W

TZ Series

SOHO W

TZ Series

NSv 10-100

Mid Range Firewalls

High-End Firewalls SuperMassive 9000

Zero Touch Deployment

NSa 2500-6600

NSa 2650-6650

NSv 200-400

12K Series

NSa 9250-9650

NSv 800-1600

SOHO-W with firmware 6.5.2 or later

TZ Series, NSA Series, NSa Series with firmware 6.5.1.1 or later

Not supported for SOHO, NSv Series or SuperMassive Series

NSv 10-100

NSa 2500-6600

NSa 2650-6650

NSv 200-400

On-Premises Analytics can store the logs locally and with management in CSCMA.

NSv 10-100

NSa 2500-6600

NSa 2650-6650

NSv 200-400

On-Premises Analytics can store the logs locally and with management in CSC-MA.

Network Security Manager Getting Started Guide

Overview

Additional requirements include:

l Each firewall needs to be licensed with the Comprehensive/Advanced Gateway Security Suite

(CGSS/AGSS).

l The firewalls in the configuration must be a part of a tenant.

l Each firewall must have HTTPS management enabled.

IMPORTANT: For manually added firewalls, if a firewall is behind a NAT device, the HTTPS

management port must be opened to communicate with the firewall. This does not apply to firewalls that use Zero Touch Deployment.

Network Security Manager Getting Started Guide

Overview

Deploying NSM on KVM

Topics:

l Prerequisites

l Preparing to Install KVM

l Installing KVM

l Deploying the NSM VM in the Virtual Machine Manager

Prerequisites

You have to make sure your Linux machine (hardware) supports KVM and download/copy the image file (e.g. SonicWall_NSM_On-Prem__For_QEMU_VM.img) to your Linux machine.

Preparing to Install KVM

Before installing KVM on Ubuntu, you have to verify if the hardware supports KVM. Availability of CPU virtualization extensions such as AMD-V and Intel-VT is the minimum requirement for installing KVM.

To check whether the Ubuntu system supports virtualization, run the following command. If the outcome is greater than 0, then it implies that virtualization is supported:

$ egrep -c '(vmx|svm)' /proc/cpuinfo

To check if your system supports KVM virtualization, execute the following command:

$ sudo kvm-ok

If the “kvm-ok” utility is not present on your server, you can install it by running the following command:

$ sudo apt install cpu-checker

Now execute the “kvm-ok” command to probe your system:

$ sudo kvm-ok

INFO: /dev/kvm exists

KVM acceleration can be used

The output clearly indicates that you are ready to proceed with the installation of KVM.

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Installing KVM

After confirming that your system can support KVM virtualization, you can start installing KVM. To install KVM, virt-manager, bridge-utils and other dependencies, run the following command:

$ sudo apt install -y qemu qemu-kvm libvirt-daemon libvirt-clients bridge-utils virt-manager

l The qemu package (quick emulator) is an application that allows you to perform hardware

virtualization.

l The qemu-kvm package is the main KVM package.

l The libvritd-daemon is the virtualization daemon.

l The bridge-utils package helps you create a bridge connection to allow other users to access a virtual

machine other than the host system.

l The virt-manager is an application for managing virtual machines through a graphical user interface.

Next, you need to confirm that the virtualization daemon, libvritd-daemon, is running by executing the following command:

$ sudo systemctl status libvirtd

libvirtd.service - Virtualization daemon

Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)

Active: active (running) since Sun 2020-10-18 15:08:34 PDT; 1 months 16 days ago

If you want to start it on boot, you can run this command:

$ sudo systemctl enable --now libvirtd

To check if the KVM modules are loaded, run the following command:

$ lsmod | grep -i kvm

From the output, you can observe the presence of the kvm_intel module. However, this is the case for Intel processors. For AMD CPUs, you will get the kvm_amd output instead:

$ lsmod | grep -i kvm

kvm_intel 282624 0

kvm 663552 1 kvm_intel

Deploying the NSM VM in the Virtual Machine Manager

After installing KVM successfully, you have to create a virtual machine by following any of the two methods.You can create a virtual machine on the command-line or using the KVM virt-manager graphical interface (preferred).

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Creating a Virtual Machine via Command Line

The virt-install command-line tool is used for creating virtual machines on the terminal. A number of parameters are required when creating a virtual machine. To create a virtual machine execute the following command(replace the image file path with the appropriate file):

$ sudo virt-install --name nsm --vcpus 4 --memory 16384 --import --disk

/home/ghan/Downloads/SonicWall_NSM_On-Prem__For_QEMU_VM.img --os-variant generic

l The “--name” option specifies the name of the new virtual machine.

l The “--vcpus” option indicates the CPU cores, which in this case is set to 4 cores.

l The “--memory” indicates the RAM capacity, which is 16 GB. Note that this requires your host to have

a large memory for the best working experience.

l The “--import” option specifies that the virtual machine will be imported from the virtual disk image

specified by the “--disk” option which points to the image file path.

l The “--os-variant” option is set to “generic” in this case.

Immediately after executing the command, the virtual machine will boot up and the installer will be launched ready for the installation of the virtual machine.

Creating a Virtual Machine via virt-manager

You can create a virtual machine through by using the virtual machine manager application. This application can be opened by either running the virt manager command, $ virt-manager, or by opening it through your system:

If you have access to the console, you can open the virtual machine manager under Applications > System > Virtual Machine Manager.

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Click the monitor icon to start creating a virtual machine.

On the pop-up window, choose “Import existing disk image”. Next, click the "Forward" button to continue.

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Browse your local directory and locate the image file, and then type in ‘Generic default’ in the operating system field. Next, click "Forward".

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Next, set the memory to 16 (GB), and CPU to 4 (cores). Click "Forward".

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Set the VM name, choose the network option (default is NAT), and then click "Finish". You can access the NSM UI from the host system only if the Network selection is in NAT mode. For the public access, please configure the Network to "Bridge" mode.

Once it's done, you should see the Management Console. You can navigating to the "Network Interface" section to get the IPv4 address of VM and access the NSM UI by using it.

Network Security Manager Getting Started Guide

Deploying NSM on KVM

Network Security Manager Getting Started Guide

Deploying NSM on KVM

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.

The Support Portal enables you to:

l View knowledge base articles and technical documentation

l View and participate in the Community forum discussions at

https://community.sonicwall.com/technology-and-support.

l View video tutorials

l Access https://mysonicwall.com

l Learn about SonicWall professional services

l Review SonicWall Support services and warranty information

l Register for training and certification

l Request technical support or customer service

To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.

Network Security Manager Getting Started Guide

SonicWall Support

About This Document

NOTE: A NOTE icon indicates supporting information.

IMPORTANT: An IMPORTANT icon indicates supporting information.

TIP: A TIP icon indicates helpful information.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if

instructions are not followed.

WARNING: A WARNING icon indicates a potential for property damage, personal injury, or

death.

Network Security Manager on KVM Getting Started Guide Updated - March 2021 232-005626-00 Rev A

The information in thisdocument is provided in connection withSonicWall and/or its affiliates’products. No license, express or implied, byestoppel or otherwise, to any intellectualproperty right is granted bythisdocument or in connection with the sale of products. EXCEPT AS SET FORTH IN THE T ERMS AND CONDITIONS ASSPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWalland/or itsaffiliates make no representations or warranties with respect to the accuracy or completeness of the contents ofthis document and reservesthe right to make changes to specificationsand product descriptions at any time without notice. and/or its affiliatesdo not make any commitment toupdate the information contained in thisdocument.

For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement

To view the SonicWallEnd User Product Agreement, go to: https://www.sonicwall.com/legal/end-user-product-agreements/.

Open Source Code

SonicWall Inc. is able to providea machine-readable copy of open source code with restrictive licensessuch asGPL, LGPL, AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money order inthe amount of USD 25.00 payable to “SonicWallInc.”, to:

General Public License Source Code Request Attn: Jennifer Anderson 1033 McCarthy Blvd Milpitas, CA95035

Network Security Manager Getting Started Guide

SonicWall Support

SonicWall Network Security Manager on KVM Getting Started Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Overview

About NSM

System Requirements

Browsers Levels

Firewall Types and Firmware

Deploying NSM on KVM

Prerequisites

Preparing to Install KVM

Installing KVM

Deploying the NSM VM in the Virtual Machine Manager

Creating a Virtual Machine via Command Line

Creating a Virtual Machine via virt-manager

Related Documents

SonicWall Support

About This Document