CSC Unit Acquisition Fails -- Configuration looks good. What are suggestions to fix?
GMP
Newbie ✭
I am trying to add existing SonicWall TZ-300 with firmware, SonicOS Enhanced 6.5.4.8-89n, to NSM 1.7. The acquisition hangs on Unit Acquisition. What should I look at to diagnose the error?
TZ-300
- Enable Management using GMS
- cloudgms.sonicwall.com,
- GMS syslog server port 514
- Send Syslog Message to a Distributed GMS Reporting Server, 4.16.47.168, port 514
- I see the Address Object of 'GMS Address' is created
- The Firewall rules are updated to allow management to 443
- SYSLOG is updated to include sending to cloudgms.sonicwall.com
CSC
- Device is defined by name and Serial Number
- IP address is public IP of the SonicWall
- Username and Password are Defined
- Licenses are checked and good
- Packet Monitor does NOT show any traffic to or from cloudgms.sonicwall.com
What Next?
What do you suggest to fix or troubleshoot the connection?
Thank you
'
Best Answers
-
CORRECT ANSWERGMP
Newbie ✭
Thank you, Larry
Both of your comments have been dead on.
The licensing is for NSM on my devices. When I started NSM, the popup indicated that migration was in the future, so I continued down the path to NSM 1.7. As it turns out, this advice is misleading.
If I was managing hundreds of devices, I would have SonicWall updated the devices to use NSM, in the background. However, I support 16 SonicWalls. You can upgrade them yourself. Use mysonicwall.com
- Reference: https://www.sonicwall.com/support/knowledge-base/how-to-add-units-to-nsm-2-0-using-zero-touch/200811234509467/
- Define a new Tenant in your organization I started with the name, NSM 2.0, but changed it to be more specific to the company.
- FOR EACH Device, especially those that need to migrate, click on the serial number to bring up the details
- Look for 2 phrases that indicate CSC instead of NSM
- Edit the Cloud setting to On-Box. The CSC MA reference disappears
- Move the device to the new tenant
- Proceed with NSM 2.0
- Also, on each device, you will have to enable Cloud management
The SonicWall automatically creates the rules for management. There is a note in the knowledge base that CSC used only one address cloudgms.sonicwall.com, 4.16.47.168. A range may be used by NSM, 4.16.47.160 - 4.16.47.169. (Check the KBs)
I have done this for a few of the devices. So no guarantee, yet.
Thanks !
0
Answers
@GMP
My SOP (and it is dated because I have manually migrated everything to NSM) has reference to the following two SW KBs:
https://www.sonicwall.com/support/knowledge-base/troubleshooting-unit-acquisition-in-capture-security-center-csc/180820203752765/
https://www.sonicwall.com/support/knowledge-base/how-can-i-provision-and-add-units-in-cloud-gms/171018113027424/
You should be able to muddle through them easily enough.
Last step of my SOP:
Troubleshoot with SonicWall Support as needed.
Good luck
Larry, Thank you for your note.
I recognize the two articles. I went through them and they led me to Manage -- Appliance -- Base Settings -- Advanced Management "Enable management using GMS". Through the articles, I saw the new rules for GMS and the addition to SYSLOG.
I even see a syslog heartbeat to GMS on one system. Still no joy.
Thanks, I am still open to suggestions
Greg
@GMP - curious as to what license you have for the device. I learned (the hard way) that if you have an NSM license, you do NOT want to add a device to CSCMA. You must create a new NSM tenant.
Otherwise, I'm afraid you are off to an extended support session...