We want to add our firewalls to NSM. I've already added one of the firewalls, but now we have to synchronize the firewall with NSM. Will the current running configuration of the firewall change if I synchronize with NSM?
The entire premise of NSM is that you will use the cloud-based manager to change your fleet of firewalls. This assumes you have a large fleet and that you do not modify the device directly (locally).
The sync is only required if you feel the urgent need to access the device directly, at which point NSM has no idea of what you've done. Thus, the need to sync. You are provided the opportunity to review the changes that will be committed to NSM.
I just wish NSM had a simple way to copy address objects across firewalls. I only manage a dozen or so devices, but have HUNDREDS of address objects/groups that I have to manually setup on each device. It's why I bought NSM On-Prem, only to find out that it doesn't actually do something useful like being able to copy addresses or services across the units.
Maybe in the far distant future of 3.7.5 (but somehow I doubt it). Every change that is requested for NSM requires someone to indicate how many people will use the feature/function and how much money SonicWall will derive from having it and how much it will cost to include it.
While I am almost certain if they created the "Address Object and Group Transfer Utility," I would probably be willing to pay for it. However, I don't know if there's a large enough population who would say the same.
There are Dynamic External address objects as well, might be useful for you.
But an import/export to CSV tool really would not take much for Sonicwall to implement and would make lives so much easier. They added the ability to export NAT policies/access rules to CSV and then gave up 🙄
Templates are really good. I've a template with content filter objects. Everytime I add a new URL to our content filter blacklist, I apply (Apply All Config) the new template to our firewalls. You have to be careful if you add new things, because it's generating new commits with each change inside the template.
Answers
@SOILL_IT - in short, the answer is "no." Here's the doc center page on this process:
The entire premise of NSM is that you will use the cloud-based manager to change your fleet of firewalls. This assumes you have a large fleet and that you do not modify the device directly (locally).
The sync is only required if you feel the urgent need to access the device directly, at which point NSM has no idea of what you've done. Thus, the need to sync. You are provided the opportunity to review the changes that will be committed to NSM.
As noted in this recent post, https://community.sonicwall.com/technology-and-support/discussion/5222/nsm-details, NSM is designed for a large remotely dispersed fleet of devices. If you only have a handful, then it is probably not worth the aggravation of dealing with its shortcomings.
I just wish NSM had a simple way to copy address objects across firewalls. I only manage a dozen or so devices, but have HUNDREDS of address objects/groups that I have to manually setup on each device. It's why I bought NSM On-Prem, only to find out that it doesn't actually do something useful like being able to copy addresses or services across the units.
Maybe in the far distant future of 3.7.5 (but somehow I doubt it). Every change that is requested for NSM requires someone to indicate how many people will use the feature/function and how much money SonicWall will derive from having it and how much it will cost to include it.
While I am almost certain if they created the "Address Object and Group Transfer Utility," I would probably be willing to pay for it. However, I don't know if there's a large enough population who would say the same.
Yeah, you're right. Probably time to look at other vendors who do address object-export/import right on the firewall itself.
You can use the CLI to do this, today.
There are Dynamic External address objects as well, might be useful for you.
But an import/export to CSV tool really would not take much for Sonicwall to implement and would make lives so much easier. They added the ability to export NAT policies/access rules to CSV and then gave up 🙄
You can also use the Template feature in NSM to perform this type of configuration across all devices.
Unfortunately, there is no easy method to copy the configuration that already exists on a NSM managed firewall.
However, when configured via Templates you must only configure the objects one time and apply to all firewalls.
Templates are really good. I've a template with content filter objects. Everytime I add a new URL to our content filter blacklist, I apply (Apply All Config) the new template to our firewalls. You have to be careful if you add new things, because it's generating new commits with each change inside the template.