Trying to reconcile "Best Practices" and adding device to CSC
In most SonicWall presentations one practice is always stressed: Take a backup (either local, or cloud, or both) and save the current settings. In almost every remote session the technician does that.
What doesn't seem to do that is the Capture Security Center - at least as far as I can determine. When you add a device, it goes in and sets up VPNs, changes GMS Flow values, and adds Address Objects and Access Rules. Does it take a back-up before it begins? I simply don't know.
I'm not even sure these changes appear in the log if you have set "Enable Enhanced Audit Logging."
Is the only way to find out what changed when you add a device is run a TSR before and after, and then compare the files?
Curious to know...
Comments
Hi @Larry,
Thanks for putting that question. That was a great question.
The Capture Security Center will not take any settings back from the firewall once the firewall appliance is added to it. But it is going to replicate the firewall appliance settings on to it once the firewall is acquired successfully. So, the best practice in here is to take settings back manually from the firewall before we put it onto the CSC. This doesn't mean that there is a risk meter involved without a backup but proceeding to add the firewall in CSC. Since the backup doesn't occur automatically, the recommendation is to follow manual mode.
The configuration changes enacted by the CSC on the firewall is reflected in the firewall logs with option "Enable Enhanced Audit Logging" being enabled on the firewall.
Hope this helps.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
If that's the case, then it would behoove SonicWall to update their documentation to include the note to partners (and customers) to perform a manual backup of the configuration and settings - and to ensure that Enable Audit is established - before adding the device to the Capture Security Center.
Nothing as significant as this should be assumed, it should be explicit. (Says a partner who learned that a UTM will reboot when added to CSC because Flow is activated after the fact because it wasn't included in any SonicWall U training...).
Hi @LARRY,
That is a valid point. I would have felt the same way if I were in your place. I'll have this information included in the official documents as per your suggestion.
Thanks again for bringing this tremendous point to our attention.
Have a good one!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services