-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to add firewall to Flow Based On-Prem Analytics
01/12/2024 
16 People found this article helpful
312,316 Views
Description
This article provides instruction on how to add the firewall to On-Prem Analytics after the server has been installed. We will also go over the firewall settings that need to be enabled for the flow reporting to work.
Adding a firewall to your flow Analytics server include two steps, First to add the firewall to the Analytics server. Second is to point the flow settings properly on the firewall to point to new server. This article goes over those steps.
Resolution
Pre-requisite:
Must have On-Prem Analytics server installed licensed and configured
Firewall/s must have App Visualization licensed and enabled
Adding a firewall to your flow Analytics server include two steps, First to add the firewall to the Analytics server. Second is to point the flow settings properly on the firewall to point to new server. This article goes over those steps.
STEP 1:
To add your firewall to Analytics, click the plus icon on the top left corner of your screen.
-In the Popup "Add Firewall" window you will need to add the a name for the firewall its Serial Number (Serial number of the Primary if using HA).
-The drop down options for Model are listed is as such. Choose the best option for the firewall you will be adding.
SOHO/NSv Low
TZ/NSv Med
NSA/NSv High
SM/NSv
(SM is short for SuperMassive, but can also include current NSsp Large Enterprise firewall models)
-Once filled out click OK.
-Your firewall is now added to On-Prem Flow Analytics.
STEP 2:
The second step is to point your firewall to the On-Prem Analytics Server IP for flow reporting to work.
1. Login to the Firewall and Click Device / AppFlow / Flow Reporting then click on the AppFlow Agent Tab.
2. Next, Toggle on the following options
Send AppFlow To SonicWall AppFlow Agent [*]
Send Real-Time Data To SonicWall AppFlow Agent
Report On Connection CLOSE
3. Now go to Device / AppFlow / AppFlow Agent page and enter following info and click ‘Accept’
AppFlow server Address (This would be IP address of On-Prem Analytics server)
Source IP to use over VPN tunnel (Required only in case of Site to Site VPN tunnel to the AppFlow Server)
NOTE: Make sure that the Firewall is able to access the On-Prem Analytics flow server on UDP 2055 and UDP 9060
4. Once done, click the ‘Synchronize Server’ button to get it synced with your Analytics server and pull latest signature / Application names.
Note: This is Important for viewing Signature and Application names, otherwise only the ID numbers will show up.
Similar Gen6 flow instructions can be found in the article below.
https://www.sonicwall.com/support/knowledge-base/gms-flow-server-configuration-settings-on-firewall/190205194634363/
Related Articles
- Threat name in NSM SaaS/NSM On-Prem/Analytics
- Using GMS 9.3 to upgrade firmware on a group of firewalls
- On-Prem Analytics release version and build number correspondence table
YES
NO