About Network Security Management

NSM Workflows > Governing Centrally
Table of Contents

Governing Centrally

NSM with a complete API-ready architecture, helps customers to do the following for governing centrally:

Step 1: Set the parameters required in MSW

  1. Set up License: Use MSW to license your site, activate or purchase licenses, to further set up your tenants or groups and access other security solutions.
  2. Set up Tenants: You can create Tenants in MSW before you start working with NSM. When you bring your infrastructure under NSM, the tenants you have created in MSW are updated automatically in NSM.

    The Tenants option gives you access to any other tenants. You can also view the tenants from Firewall View alternatively.

MSW also offers embedded provide assistance where needed.

Step 2: Register your new or existing devices

You can enable a two-factor authentication code when registering your firewall. Get the serial number and activation key to get the through the firewall. As you register and configure the firewall devices, enable the Zero Touch option for your devices.

Step 3: Create Device Groups

When the devices are first passed to NSM, all the devices appear in the Unassigned group by default. You can leave them unassigned, but the ease of management come from grouping those with similar policy or management requirements and applying changes to the group. You can define groups based on geography, functions or other business requirement.

Step 4: Add Devices to the Device Groups

You can select the tenants from the Manager View. NSM allows multiple nesting inside your device groups. You can move a device from an unassigned firewall default group to your desired group from the NSW interface.

Step 5: Create, Commit, and Deploy Templates

Now certain common rules are to be implemented to the firewalls and this can be easily done with the help of creating a template. By defining a template you can set configuration for multiple devices. You can create a new template, or clone or select an existing one.

As soon as you create a new template, or clone or select one existing template, the Template View is selected. You search for an existing template by going to the Template Inventory option to view the list of templates from which view the detailed information of each templates using the expand option.

While creating a template, NSM enables you to do the following:

  • Add, Delete or Modify Address Objects: When you create a template globally, you can add Address Objects required for the template. You can manually add, delete, or modify the address objects. This include the options which may be highly crucial for your business operations, like adding multiple geographical zones, or a global root group. You can also have subgroups with devices nested under it with a parent-child configuration setup. Click the global Template Pane to view the breakdown of all the configurations you have made to the template. You can view the current template definition, tweak the attributes, or modify the parameters further as required.

  • MSSP configuration changes: MSSP can enforce certain basic requirements or rules in place for all customers, or variations for individual clients. NSM provides unified management experience for MSSP through an API-driven architecture. Templates can also be created at tenant level. The API option in Manage View helps you to automate your tasks on daily basis.

  • Create a template for multiple tenants: You can create a template and apply the changes globally for multiple tenants. For instance, you can divide your tenants according to the location (for example, North America, Asia, and so on), and set different rules and definitions for each of them.

The types of template you should create include the following:

  • Zero Touch (ZT) Templates: Though you can manage devices manually, a ZT template is always a suggested best practice to onboard the ZT managed devices with standard configuration. If you configure ZT option for a firewall in MSW, the changes are automatically pushed to the once you login to NSM.

  • Configure Templates for multiple branches: Templates help build flexibility and efficiencies into the process of applying policies to your devices:

    • Create configuration templates for multiple branches with different policy requirements.
    • Create, clone, or select an existing template for each group of devices or independent device.
    • Create a global template and assign an address object to it, including names and zones.
    • Create variables for subgroups or particular IP addresses and deploy that to multiple firewalls used within a distributed enterprise.
  • Commit the changes in a scheduled time: The changes you defined in the templates are still in NSM but are not deployed yet. Committing the changes is rather locking or saving them, or just scheduling it. You have to push these changes to firewall to deploy them. You can either commit them to deploy right away, or you can either schedule time for it too.
  • Push: After you save, validate, and approve the committed configuration options, you may need to push the configuration template manually to all ZT managed devices. Click the Commit and Deploy option to implement the changes in effect. You can also view the Pending Configuration Changes before you push the commit.