CSC Unit Acquisition Fails -- Configuration looks good. What are suggestions to fix?
I am trying to add existing SonicWall TZ-300 with firmware, SonicOS Enhanced 22.214.171.124-89n, to NSM 1.7. The acquisition hangs on Unit Acquisition. What should I look at to diagnose the error?
- Enable Management using GMS
- GMS syslog server port 514
- Send Syslog Message to a Distributed GMS Reporting Server, 126.96.36.199, port 514
- I see the Address Object of 'GMS Address' is created
- The Firewall rules are updated to allow management to 443
- SYSLOG is updated to include sending to cloudgms.sonicwall.com
- Device is defined by name and Serial Number
- IP address is public IP of the SonicWall
- Username and Password are Defined
- Licenses are checked and good
- Packet Monitor does NOT show any traffic to or from cloudgms.sonicwall.com
What do you suggest to fix or troubleshoot the connection?
GMP Newbie ✭
Thank you, Larry
Both of your comments have been dead on.
The licensing is for NSM on my devices. When I started NSM, the popup indicated that migration was in the future, so I continued down the path to NSM 1.7. As it turns out, this advice is misleading.
If I was managing hundreds of devices, I would have SonicWall updated the devices to use NSM, in the background. However, I support 16 SonicWalls. You can upgrade them yourself. Use mysonicwall.com
- Reference: https://www.sonicwall.com/support/knowledge-base/how-to-add-units-to-nsm-2-0-using-zero-touch/200811234509467/
- Define a new Tenant in your organization I started with the name, NSM 2.0, but changed it to be more specific to the company.
- FOR EACH Device, especially those that need to migrate, click on the serial number to bring up the details
- Look for 2 phrases that indicate CSC instead of NSM
- Edit the Cloud setting to On-Box. The CSC MA reference disappears
- Move the device to the new tenant
- Proceed with NSM 2.0
- Also, on each device, you will have to enable Cloud management
The SonicWall automatically creates the rules for management. There is a note in the knowledge base that CSC used only one address cloudgms.sonicwall.com, 188.8.131.52. A range may be used by NSM, 184.108.40.206 - 220.127.116.11. (Check the KBs)
I have done this for a few of the devices. So no guarantee, yet.
My SOP (and it is dated because I have manually migrated everything to NSM) has reference to the following two SW KBs:
You should be able to muddle through them easily enough.
Last step of my SOP:
Troubleshoot with SonicWall Support as needed.
Larry, Thank you for your note.
I recognize the two articles. I went through them and they led me to Manage -- Appliance -- Base Settings -- Advanced Management "Enable management using GMS". Through the articles, I saw the new rules for GMS and the addition to SYSLOG.
I even see a syslog heartbeat to GMS on one system. Still no joy.
Thanks, I am still open to suggestions
@GMP - curious as to what license you have for the device. I learned (the hard way) that if you have an NSM license, you do NOT want to add a device to CSCMA. You must create a new NSM tenant.
Otherwise, I'm afraid you are off to an extended support session...