SonicWall NSM FQDN And IP List
Description
When a firewall is added manually to NSM (Network Security Manager) the firewall acquisition fails on NSM with ‘Network down or Unit cannot be reached’ error as WAN IP used by NSM back-end is not the same as the resolved NSM fully qualified domain name (FQDN).
Cause
There is a WAN |WAN rule created on the firewall which allows HTTPS management access to the firewall from NSM. In many cases customer may lock down the access rule to NSM IP only which may prevent firewall acquisition on NSM.
Resolution
Allow access to the following NSM FQDN / IPs based on the NSM location to resolve the firewall acquisition issue.
For US West Colo:
- Zero Touch FQDN: nsm-uswest-iczt.sonicwall.com
- Zero Touch FQDN for load balancing: nsm-uswest-zt.sonicwall.com or cscmatt.global.sonicwall.com
Add the below-listed IP addresses in the firewall WAN-WAN HTTPS Management access rule.
44.244.82.94
44.233.105.101
52.13.143.228
52.10.238.248
52.36.113.220
34.216.63.240
34.209.67.243
52.39.174.250
34.211.180.196
44.227.248.206
52.39.29.75
Allow inbound US West Colo VPN Source IPs:
52.42.109.76
52.13.119.206
54.201.203.171
52.41.180.72
52.24.194.217
34.208.12.181
Whitelist following for outbound for US West Colo Syslog server:
FQDN: nsm-uswest-syslog.sonicwall.com
100.21.90.251
35.161.242.151
44.240.121.254
35.155.116.136
For Europe Central Colo:
- Zero Touch FQDN: nsm-eucentral-iczt.sonicwall.com
- Zero Touch FQDN for load balancing: nsm-eucentral-zt.sonicwall.com or cscmatt.global.sonicwall.com
Add the below-listed IP addresses in the firewall WAN-WAN HTTPS Management access rule.
3.76.145.52
3.127.176.56
63.177.215.117
3.73.201.246
3.71.237.173
3.124.67.180
52.39.29.75
44.227.248.206
34.211.180.196
18.157.50.179
3.124.73.120
3.69.66.58
Allow inbound Europe Central Colo VPN Source IPs:
18.157.50.179
3.124.73.120
3.69.66.58
Whitelist following for outbound for Europe Central Colo Syslog server :
FQDN : nsm-eucentral-syslog.sonicwall.com
18.195.248.198
52.29.247.40
3.68.37.197