Moving from Cloud to On-Box
I'm managing a firewall that was bound to NSM, but it isn't used and not needed anymore.
Is there any risk in changing "Managed By:" to "On-Box" in mysonicwall? It shouldn't affect anything on the firewall itself, just remove the reporting data from CSC, right?
Best Answer
-
Larry All-Knowing Sage ✭✭✭✭
You are correct. You can change that setting and it won't affect anything. However, there may be some additional clean-up work on your part. Below is a section from one of my SOPs (standard operating procedure), "Manually remove a SonicWall device from NSM." It was last updated in February 2022, so things may have changed in the interim.
Click the serial number of the appropriate device to expand the Product Details window.
Change the Managed By option by clicking the pencil icon and selecting “on-box” and save the change with the green checkmark.
A confirmation message regarding loss of data will appear. Click Yes to confirm.
You will then receive a success message.
Set the Zero Touch selector to the “off” position.
Close the Product Details window to return to the Products List.
Wait at least 15 minutes!
After 15 minutes have passed, you can check to see if the device has been removed from NSM by doing the following:
· My SonicWall > Services > Available Services > Launch Capture Security Services
· Select the exiting Tenant name > Network Security Manager – the product list should be empty.
· Return to My SonicWall
Next, log on to the physical firewall.
Go to System > Administration
Scroll down to the Advanced Management section and uncheck “Enable management using GMS” to disable it. Click Accept.
<In Gen 7 this is not possible> Click the Configure button to ensure no settings are still checked.
Go to VPN > Settings and delete the existing SGMS-xxxxxx VPN Policy.
This will delete the active VPN Tunnel
Go to Firewall > Access Rules and search for All Rules of All Types containing GMS and delete them.
Go to Firewall > Address Objects and delete all objects that contain GMS. Also check to see if there are any Object Groups (there shouldn’t be any, but just to be safe).
Go to System > Restart > confirm to reboot the device and ensure it is disconnected from NSM.
This is the SonicWall KB that describes their official stance (I had a hand in helping craft this):
1
Answers
Thanks!