SONICWALL Network Security Manager 2.4 User Guide

: August 15, 2024
: SONICWALL

Table of Contents

SONICWALL Network Security Manager 2.4
Specifications
Product Information
Product Usage Instructions
FAQ
Compatibility and Installation Notes
Resolved Issues
SonicWall Support
References
Read User Manual Online (PDF format)
Download This Manual (PDF format)

SONICWALL Network Security Manager 2.4

SONICWALL-Network-Security-Manager-2-4-PRODUCT

Specifications

Product Name: SonicWall Network Security Manager 2.4 On-Premises
Versions: 2.4.4 On-Premises, 2.4.0 On-Premises
Release Date: July 2024 (2.4.4), May 2024 (2.4.0)

Product Information

The SonicWall Network Security Manager (NSM) 2.4 On-Premises is a network security management software that provides centralized control and monitoring of firewall devices.

Supported Browsers: Most popular browsers with a preference for Google Chrome
Account Requirement: MySonicWall account is required
Capacity Requirements:
- VMware: 1-500 firewalls supported, ESXi 7.0, 8.0
- Hyper-V: 500-3000 firewalls supported, Windows 2019, 2022
- KVM: 1-500 firewalls supported, Linux Kernel 5.15 LTS
- Azure: 500-3000 firewalls supported, Standard_D4_v2, Standard_D5_v2

Product Usage Instructions

Upgrade Instructions

To upgrade NSM to version 2.4.4, follow these steps:

Refer to the knowledge base article on upgrading NSM in a closed network environment for detailed instructions.
Create a system backup of the NSM on-premises system before the upgrade.
Upgrade NSM firmware using SWI files.

Importing Backup Files

NSM On-Prem supports importing backup files up to 20 GB in size.
To manage file size, delete device firmware images after upgrading individual firewalls.

FAQ

Q: What are the capacity requirements for NSM On-Premises deployment?
A: The capacity requirements vary based on the platform used, with support for different numbers of firewalls and specific hardware configurations. It is recommended to refer to the compatibility and installation notes for detailed information.

SonicWall Network Security Manager 2.4
On-Premises
Release Notes
These release notes provide information about the SonicWall Network Security Manager (NSM) 2.4 On-premises release.
Versions

Version 2.4.4 On-Premises
Version 2.4.0 On-Premises

Version 2.4.4 On-Premises

July 2024

Important

Refer to the knowledge base article, How to Upgrade SonicCore and NSM in Closed Network for detailed instructions on upgrading NSM in a closed network environment.
Refer to the knowledge base article, Upgrade NSM on-prem via System Update for detailed instructions on a system upgrade. Before the update, you need to create a system backup of the NSM on-premises system in case you need to roll back to the prior version. Refer to Backup and Restore an NSM On-Prem System for detailed instructions.
Refer to the knowledge base article, How to Upgrade On-Prem Network Security Manager firmware for detailed instructions on upgrading NSM firmware using SWI files.
Customers running NSM version 2.4.4-R4 should first upgrade to 2.4.0-R32. For instructions to upgrade to 2.4.0-R32, you can refer the respective release notes.
NSM On-Prem supports importing backup file of size upto 20 GB. To keep backup file size in control we recommend deleting the device firmware image used for upgrading individual firewalls from Home > Firewalls > Inventory > Action > Upgrade firmware upgrade.

Compatibility and Installation Notes

Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
A MySonicWall account is required.
Capacity Requirements: The capacity requirements for an NSM On-Premises deployment have changed:

Platform| Platform Details| Number of Firewalls| Recommended Configuration
---|---|---|---
VMware| Supported versions:| 1-500| 4 Cores, 24 GB RAM
| ESXi 7.0, 8.0| 500-3000| 8 Cores, 48 GB RAM
Hyper-V| Windows 2019, 2022| 1-500| 4 Cores, 24 GB RAM
| | 500-3000| 8 Cores, 48 GB RAM
KVM| Linux Kernel 5.15 LTS| 1-500| 4 Cores, 24 GB RAM
| | 500-3000| 8 Cores, 48 GB RAM
Azure| Standard_D4_v2| 1-500| 8 Cores, 28 GiB RAM
| Standard_D5_v2| 500-3000| 16 Cores, 56 GiB RAM

Upgrade Instructions
NSM can be upgraded using system update or .swi image. The minimum version requirements for upgrading to NSM 2.4.4 are:

Platform Minimum Required Version

VMWare, Hyper-V, KVM, Azure 2.4.0

Resolved Issues

Issue ID Description

NSM-24927 A security regression CVE-2024-6387.
NSM-24648 There is an issue in the checkbox to select all devices in the firewall schedule backup.
NSM-24643 Incorrect data is showing on the NSM firewall address objects list.
NSM-24639 Guided wizard displayed for first-time user login does not close on hitting ‘x’ button, even after multiple attempts.
NSM-24504 Sort by IP Address column is not working on the Inventory page.
NSM-24286 Golden Template objects fail with the “Schema validation error: property ‘range’ redefined” error message.
NSM-24251 Previous job status is not correct for EXP schedule backup.
NSM-23477 Group Firmware upgrade failed for NSV in a batch of 10 firewalls.

Known Issues

There are no known issues in this release.

Additional References

NSM-24528, NSM-24516, NSM-24308, NSM-24307, NSM-24300, NSM-24298, NSM-24290, NSM-24288, NSM- 24285, NSM-24284, NSM-24283, NSM-24282, NSM-24281.

Version 2.4.0 On-Premises
May 2024
Important

Refer to the knowledge base article, How to Upgrade SonicCore and NSM in Closed Network for detailed instructions on upgrading NSM in a closed network environment.
Refer to the knowledge base article, Upgrade NSM on-prem via System Update for detailed instructions on a system upgrade. Before the update, you need to create a system backup of the NSM on-premises system in case you need to roll back to the prior version. Refer to Backup and Restore an NSM On-Prem System for detailed instructions.
Refer to the knowledge base article, How to Upgrade On-Prem Network Security Manager firmware for detailed instructions on upgrading NSM firmware using SWI files.
Customers running NSM version 2.3.4-6-R15 should first upgrade to 2.3.4-6-R17 by mandatorily following the steps mentioned in https://www.sonicwall.com/support/knowledge-base/taking-backup-of-nsm-onpremise-before-upgrade/230628174823577/.
NSM 2.4.0-R32 is only supported for upgrade from NSM 2.3.5-1-R30.
Customers running NSM version 2.3.4-6-R17 should upgrade to 2.3.5-1-R30 using SWI upgrade.
In user creation workflow, NSM allows to specification of primary emails. Users can log into NSM using the username and primary email id only.

NOTE: The user interface option to specify a secondary email id while creating new user or existing user is removed from the NSM 2.4.0 release.

NSM On-Prem supports importing backup file of size upto 20 GB. To keep backup file size in control we recommend deleting the device firmware image used for upgrading individual firewalls from Home > Firewalls > Inventory > Action > Upgrade firmware upgrade.

Compatibility and Installation Notes

Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
A MySonicWall account is required.
Capacity Requirements: The capacity requirements for an NSM On-Premises deployment have changed:

Platform| Platform Details| Number of Firewalls| Recommended Configuration
---|---|---|---
VMware| Supported versions:| 1-500| 4 Cores, 24 GB RAM
| ESXi 7.0, 8.0| 500-3000| 8 Cores, 48 GB RAM
Hyper-V| Windows 2019, 2022| 1-500| 4 Cores, 24 GB RAM
| | 500-3000| 8 Cores, 48 GB RAM
KVM| Linux Kernel 5.15 LTS| 1-500| 4 Cores, 24 GB RAM
| | 500-3000| 8 Cores, 48 GB RAM
Azure| Standard_D4_v2| 1-500| 8 Cores, 28 GiB RAM
| Standard_D5_v2| 500-3000| 16 Cores, 56 GiB RAM

Upgrade Instructions:
NSM can be upgraded using system update or .swi image. The minimum version requirements for upgrading to NSM 2.4.0 are:

Platform Minimum Required Version

VMWare, Hyper-V, KVM, Azure 2.3.5-1

For KVM users,

Before upgrading to NSM 2.4.0-R32, make sure the VM disk attached to NSM is SCSI. If the attached disk is VirtIO, follow the steps mentioned under KB article to convert it to SCSI.
After upgrading to NSM 2.4.0-R32, network settings might be lost temporarily (just once). On encountering this, navigate to the SonicCore Management Console (orange screen) and reconfigure the network IP, subnet and gateway settings. Refer to the Installing NSM on KVM section in the NSM On-Premises Getting Started Guide.

What’s New

NSM on-prem 2.4.0 can manage the firewall running SonicOS 7.1.1. New features of SonicOS 7.1.1 can be managed in both template and firewall view. SonicOS 7.1.1 contains the following major features:
DNS Filtering: DNS security service inspects the DNS traffic in real-time and provides the ability to block threats before they reach the network.
Content Filtering (CFS) 5.0: Content filtering blocks users from loading questionable websites or network resources and restricts the user access to certain types of content on the internet.
Customers can use DNS Filtering feature to block, allow, and/or track visits to certain websites and network resources.
NAC support: NAC’s ability to provide visibility, device profiling, policy enforcement, and access management. Customers can exercise granular control on policies enforced on the devices connecting to the network
NOTE: Please refer to the SonicOS 7.1 release notes for more detailed information on all the SonicOS 7.1.1 features.
Now customers can install NSM on-prem on Hyper-V running on Windows server 2019 and 2022 and VMWare ESXi 8.0
NSM is upgraded to kernel version 5.15 LTS to provide better performance and security.
NSM disk usage is optimized by reducing the backup size by 30% and auto-deletion of unreferenced group firmware upgrade files.
NSM scalability is enhanced to support up to 500 firewalls in a tenant.
Overall Improvement in TSR files for better troubleshooting and support.
Feature enhancement to enable the download of access rules from NSM in CSV format is added for better visibility and manageability.
Several important bug fixes and internal application upgrades.
Auto-firmware upgrade feature in SonicOS 7.1.1 is disabled in both the firewall view and template view in NSM since single/group firmware upgrades can be done through the Inventory page in NSM.
GMS will not support SonicOS 7.1.1 features.

Resolved Issues

Issue ID Description

NSM-23850 Customer unable to manage VPN policies on few of their firewalls.
NSM-23243 Unable to edit the backup schedule.
NSM-23234 Unable to use the template to set Geo-IP.
NSM-23232 Customer is unable to lookup an IP from Geo-IP diagnostics under the Firewall view of NSM.
NSM-22225 Alerts for devices in custom tenants are also seen in the global default tenant.
NSM-21972 Importing certificate to NSM fails with an error.
NSM-21419 Schedule Backup throws an error while importing the large backup file.
NSM-21371 Radius authentication using MSCHAP or MSCHAPv2 fails with an error.
NSM-21338 Sort by IP Address column is not working on the Inventory page.
NSM-21026 NSM On-Prem HA goes out of sync and needs a manual sync option.

Known Issues
Issue ID Description

NSM-23947 Set time automatically using the NTP option reverts to disable after clicking on accept.
NSM-23905 Backup file exported from NSM Web UI in normal mode does not have a .enc suffix.
NSM-23867 Support for VirtIO disk for KVM.
NSM-23720 IP, netmask, and gateway fields were not retained after the upgrade in KVM deployments.

Additional References
NSM-23514, NSM-22877, NSM-22150, NSM-22074, NSM-21965, NSM-21870, NSM-21598, NSM-21370, NSM- 21337.

SonicWall Support

Technical support is available to customers who have purchased SonicWall products with a valid maintenance contract.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year.
The Support Portal enables you to:

View Knowledge Base articles and Technical Documentation
View and participate in the Community Forum discussions
View Video Tutorials
Access MySonicWall
Learn about SonicWall Professional Services
Review SonicWall Support services and warranty information
Register at SonicWall University for training and certification

About This Document
NOTE: A NOTE icon indicates supporting information.
IMPORTANT: An IMPORTANT icon indicates supporting information.
TIP: A TIP icon indicates helpful information.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.

Network Security Manager Release Notes
Updated – July 2024
232-006132-00 Rev B
Copyright © 2024 SonicWall Inc. All rights reserved.
The information in this document is provided in connection with SonicWall and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of products.
EXCEPT AS OUTLINED IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no representations or warranties concerning the accuracy or completeness of the contents of this document and reserve the right to make changes to specifications and product descriptions at any time without notice. and/or its affiliates do not make any commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.

End User Product Agreement
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/legal/end-user-product-agreements/.

Open Source Code
SonicWall Inc. can provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, and AGPL when applicable per license requirements. To obtain a complete machine-readable copy, send your written requests, along with a certified check or money order in the amount of USD 25.00 payable to “SonicWall Inc.”, to: