Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

CSC Unit Acquisition Fails -- Configuration looks good. What are suggestions to fix?

I am trying to add existing SonicWall TZ-300 with firmware, SonicOS Enhanced 6.5.4.8-89n, to NSM 1.7. The acquisition hangs on Unit Acquisition. What should I look at to diagnose the error?

TZ-300

  • Enable Management using GMS
  • cloudgms.sonicwall.com,
  • GMS syslog server port 514
  • Send Syslog Message to a Distributed GMS Reporting Server, 4.16.47.168, port 514
  • I see the Address Object of 'GMS Address' is created
  • The Firewall rules are updated to allow management to 443
  • SYSLOG is updated to include sending to cloudgms.sonicwall.com

CSC

  • Device is defined by name and Serial Number
  • IP address is public IP of the SonicWall
  • Username and Password are Defined
  • Licenses are checked and good
  • Packet Monitor does NOT show any traffic to or from cloudgms.sonicwall.com

What Next?

What do you suggest to fix or troubleshoot the connection?

Thank you

'

Category: Web Application Firewall
Reply

Best Answers

  • CORRECT ANSWER
    GMPGMP Newbie ✭
    Accepted Answer

    Thank you, Larry

    Both of your comments have been dead on.

    The licensing is for NSM on my devices. When I started NSM, the popup indicated that migration was in the future, so I continued down the path to NSM 1.7. As it turns out, this advice is misleading.


    If I was managing hundreds of devices, I would have SonicWall updated the devices to use NSM, in the background. However, I support 16 SonicWalls. You can upgrade them yourself. Use mysonicwall.com

    • Edit the Cloud setting to On-Box. The CSC MA reference disappears
    • Move the device to the new tenant
    • Proceed with NSM 2.0
    • Also, on each device, you will have to enable Cloud management

    The SonicWall automatically creates the rules for management. There is a note in the knowledge base that CSC used only one address cloudgms.sonicwall.com, 4.16.47.168. A range may be used by NSM, 4.16.47.160 - 4.16.47.169. (Check the KBs)

    I have done this for a few of the devices. So no guarantee, yet.

    Thanks !

  • CORRECT ANSWER
    LarryLarry Cybersecurity Overlord ✭✭✭
    Accepted Answer

    @GMP Sorry I didn't include the full SOP for the manual migration earlier.

    But - for anyone else that is interested in spending an hour, rather than waiting for SonicWall - here you go.


Answers

Sign In or Register to comment.