Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

How long am I expected to wait for NSM to deploy minor changes to firewall?

LarryLarry Cybersecurity Overlord ✭✭✭
edited June 2 in Network Security Manager

I want to provide feedback to Mozilla about the Firefox 89 release (specifically that the chrome no longer matches the default colors of Windows).

To do that, I have to create a Crowdicity account. The confirmation link takes me to an Amazon site in the UK. I have GeoBlocking enabled for the UK, so I can't get there.

I logged into NSM, created the Address Object, updated the Address Group, and then issued the Commit.

I'm now at 5 minutes waiting for these instructions to update the device.

How much longer am I expected to wait?

Category: Network Security Manager


  • LarryLarry Cybersecurity Overlord ✭✭✭

    Updated to ask the following:

    Where do I go to determine what caused this to fail?

    Am I now forced to go back to "normal" and update the device directly (and usurp the Config mode)?

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    If you go back to Manager View in NSM then Config Management \ Commits you can drill down to failures. If NSM does not deploy the change it does not mean you have to go back to 'normal' management if you can wait for support to figure out what went wrong. If you have to implement ASAP I would suggest usurping NSM to get the change done. You can then force NSM to sync from the firewall.

    That would be done in Manager View \ Firewalls \ Inventory. The firewall will show as 'unmanaged', open the [=] menu and select Synchronize Firewall.

    FYI, one failure related to an IP address change on the X0 interface via NSM took support months to supposedly fix. I haven't tried that operation again yet though.

  • LarryLarry Cybersecurity Overlord ✭✭✭

    I don't normally look at the Comit process. I just kick it off and close the browser. I expect the process to continue to work in the background.

    But I looked at the list of "sync" discrepancies between NSM and Local and it seems that this hasn't been working for a long time, which is probably why this commit failed.

    I'm guessing (because there is no solid documentation on this) that I have to remove the firewall from NSM, make sure all of my changes are backed up, then add it back to NSM and force the sync.

    Because the last thing in the world I want to do is sync up and find that the process didn't MERGE the differences, but that the cloud settings completely overwrote the local settings.

    Now to spend an hour (or two) with Support to see if that's the case.

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    I don't think you have to remove the firewall from NSM. Make a backup in local management, then go to NSM and force the sync. I had to do this recently after making a local change to an NSM managed device. As described the device was listed in NSM as unmanaged, so I forced the sync and everything was back to normal. NSM sync'd from the device.

    Agreed, documentation is not clear.

    I do have complaints about what NSM considers as configuration differences. Sometimes a device will become unmanaged because the config difference is a discrepency between the last known uptime, boot time, etc. A variable and has nothing to do with the actual configuration!

  • LarryLarry Cybersecurity Overlord ✭✭✭

    Unfortunately my device is listed as "Managed" and the list of discrepancies is HUGE!

    Opened Case 43705127 to see if someone knows the best means of getting this resolved.

  • LarryLarry Cybersecurity Overlord ✭✭✭

    Just by way of an update, the case is in "Waiting on Engineering" status.

    Following several discussions with NSM project managers, the entire sync process is going to be reviewed, and hopefully be revamped in a future release. I pointed out that there's no telling exactly what discrepancies exist (the compare is awful) and there's no available report of actions taken which most sites would want as documentation (in case of fallback).

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    @EnaBev a little help here wouldn't hurt

  • EnaBevEnaBev Administrator

    Hi @TKWITS,

    Thanks for reaching out.

    This has been raised with our Engineering team. Any updates will appear on the support case.

    Let me know if you have any other questions.

    Ena Bevrnja

    SonicWall Community Manager

Sign In or Register to comment.