Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


How do we correctly understand NSM config diff?

Hi Team,

In NSM, before sync firewall. We can review the diff between NSM and firewall local configuration.

NSM will show the configuration by json format. If we remove an object, it will trigger multiple lines differences. But it should be false positive as number order differences. SO how can we focus on the actual difference? How can we find out what is deleted or modified from the DIFF config?

Category: Network Security Manager


  • Options
    LarryLarry All-Knowing Sage ✭✭✭✭

    @Nat this is a "known issue" and an area that the NSM project team leaders are actively reviewing because I raised multiple questions about it.

    I've explained to them that the differences shown make no sense because a small window is trying to work with tens of thousands of lines of code. Plus, there's no way to document the changes, nor save the list to indicate to anyone else what transpired. Unfortunately, the differences window makes it next to impossible to understand what it taking place (and that's primarily because their "difference engine" isn't that good).

    I've been told to trust the process, but even hours after running the update, an extraordinary number of differences remain.

    Bottom line: it is going to be a very long time before any appreciable change is implemented here that will make things easier.

  • Options

    Hi @Larry

    It is good to know they aware of this.

    I don't think they have "difference engine", they just linux "diff" the two json config files LOL.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Issue still exists in 2023. If they aren't going to fix this feature then they should turn it off because it's completely useless in the state it's in.

    We had a firewall lose contact with NSM for a few weeks, during which time no changes were made [per audit log from firewall]. Yet the config diff is 78k lines! Only the first 7 lines are the same.

    Whatever this JSON config format is, is not suited to diffing because it doesn't appear to be in any particular order. At least the CLI config format is structured in such a way that you can compare configs, why didn't they use that?

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Feb 2024 - diff seems to be more useful after an update to NSM. Created an address object, reviewed diff and the diff contains the address object, and the SSO agent key has changed, but I definitely did not touch the SSO settings.

    So it's not perfect, but at least it is not now in random order and completely useless like it was before!

Sign In or Register to comment.