SonicWall NSM FQDN And IP List
Description
When a firewall is added manually to NSM (Network Security Manager) the firewall acquisition fails on NSM with ‘Network down or Unit cannot be reached’ error as WAN IP used by NSM back-end is not the same as the resolved NSM fully qualified domain name (FQDN).
Cause
There is a WAN |WAN rule created on the firewall which allows HTTPS management access to the firewall from NSM. In many cases customer may lock down the access rule to NSM IP only which may prevent firewall acquisition on NSM.
Resolution
Allow access to the following NSM FQDN / IPs based on the CSC location to resolve the firewall acquisition issue.
For Oregon AWS Colo:
- FQDN: nsm-uswest-syslog.sonicwall.com (Use it in GMS settings under Administration Page)
- Zero Touch FQDN: nsm-uswest-zt.sonicwall.com (Use it in ZeroTouch Settings under Diag page)
- Zero Touch FQDN: nsm-uswest-iczt.sonicwall.com (Use it in ZeroTouch Settings under Diag page for Instant Connect)
Add the below-listed IP addresses in the firewall WAN-WAN HTTPS Management access rule.
52.39.29.75
34.211.180.196
44.227.248.206
34.216.63.240
52.39.174.250
34.209.67.243
44.244.82.94
52.13.143.228
52.10.238.248
52.36.113.220
Oregon AWS Colo VPN Source IPs
52.13.119.206
52.41.180.72
34.208.12.181
52.42.109.76
54.201.203.171
52.24.194.217
For AWS-FRA Colo:
- FQDN: nsm-eucentral-syslog.sonicwall.com (Use it in GMS settings under Administration Page)
- Zero Touch FQDN: nsm-eucentral-zt.sonicwall.com (Use it in ZeroTouch Settings under Diag page)
- Zero Touch FQDN: nsm-eucentral-iczt.sonicwall.com (Use it in ZeroTouch Settings under Diag page for Instant Connect)
Add the below-listed IP addresses in the firewall WAN-WAN HTTPS Management access rule.
13.227.130.70
13.227.130.69
13.227.130.15
13.227.130.92
18.156.16.24
18.157.240.148
3.127.176.56
3.76.145.52
63.177.215.117
AWS-FRA Colo VPN Source IPs
3.124.73.120
18.157.50.179
3.69.66.58