Network Security Manager 2.4 On Premises Release Notes

Version 2.4.0 On-Premises

May 2024

Important

  • Refer to the knowledge base article, How to Upgrade SonicCore and NSM in Closed Network for detailed instructions on upgrading NSM in closed network environment.
  • Refer to the knowledge base article, Upgrade NSM on-prem via System Update for detailed instructions on a system upgrade. Prior to update, you need to create a system backup of the NSM on-premises system in case you need to roll back to the prior version. Refer to Backup and Restore an NSM On-Prem System for detailed instructions.
  • Refer to knowledge base article, How to Upgrade On-Prem Network Security Manager firmware for detailed instructions on upgrading NSM firmware using SWI files.

  • Customers running NSM version 2.3.4-6-R15 should first upgrade to 2.3.4-6-R17 by mandatorily following steps mentioned in https://www.sonicwall.com/support/knowledge-base/taking-backup-of-nsm-on-premise-before-upgrade/230628174823577/.

  • NSM 2.4.0-R32 is only supported for upgrade from NSM 2.3.5-1-R30.

    Customers running NSM version 2.3.4-6-R17 should upgrade to 2.3.5-1-R30 using SWI upgrade.

  • In user creation workflow, NSM allows to specify primary emails. Users can login into NSM using username and primary email id only.

    The user interface option to specify secondary email id while creating new user or existing user is removed from NSM 2.4.0 release.

  • NSM On-Prem supports importing backup file of size upto 20 GB. To keep backup file size in control we recommend to delete device firmware image used for upgrading individual firewalls from Home > Firewalls > Inventory > Action > Upgrade firmware upgrade.

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.
  • Capacity Requirements: The capacity requirements for an NSM On-Premises deployment have changed:
    PlatformPlatform DetailsNumber of FirewallsRecommended Configuration
    VMware

    Supported versions:

    ESXi 7.0, 8.0

    1-500

    500-3000

    4 Cores, 24 GB RAM

    8 Cores, 48 GB RAM

    Hyper-VWindows 2019, 2022

    1-500

    500-3000

    4 Cores, 24 GB RAM

    8 Cores, 48 GB RAM

    KVMLinux Kernel 5.15 LTS

    1-500

    500-3000

    4 Cores, 24 GB RAM

    8 Cores, 48 GB RAM

    Azure

    Standard_D4_v2

    Standard_D5_v2

    1-500

    500-3000

    8 Cores, 28 GiB RAM

    16 Cores, 56 GiB RAM

  • Upgrade Instructions:

    NSM can be upgraded using system update or .swi image. The minimum version requirements for upgrading to NSM 2.4.0 are:

    Platform Minimum Required Version
    VMWare, Hyper-V, KVM, Azure 2.3.5-1

    For KVM users,

    • Before upgrading to NSM 2.4.0-R32, make sure the VM disk attached to NSM is SCSI. If the attached disk is VirtIO, follow the steps mentioned under KB article to convert it to SCSI.

    • After upgrade to NSM 2.4.0-R32, network settings might be lost temporary (just once). On encountering this, navigate to the SonicCore Management Console (orange screen) and reconfigure the network IP, subnet and gateway settings. Refer to Installing NSM on KVM section in NSM On-Premises Getting Started Guide.


What's New

  • NSM on-prem 2.4.0 can manage firewall running SonicOS 7.1.1. New features of SonicOS 7.1.1 can be managed in both template and firewall view. SonicOS 7.1.1 contains the following major features:

    • DNS Filtering: DNS security service inspects the DNS traffic in real time and provides an ability to block threats before they reach the network.

    • Content Filtering (CFS) 5.0: Content filtering blocks users from loading questionable websites or network resources and restricts the user access to certain types of content on the internet. Customers can use DNS Filtering feature to block, allow, and/or track visits to certain websites and network resources.

    • NAC support: NAC ability provide visibility, device profiling, policy enforcement, and access management. Customers can exercise granular control on policy enforced on the devices connecting to the network

    Please refer to the SonicOS 7.1 release notes for more detailed information on all the SonicOS 7.1.1 features.

  • Now customer can install NSM on-prem on Hyper-V running on Windows server 2019 and 2022 and VMWare ESXi 8.0

  • NSM is upgraded to kernel version 5.15 LTS to provide better performance and security.

  • NSM disk usage is optimized by reducing backup size by 30% and auto deletion of unreferenced group firmware upgrade files.

  • NSM scalability is enhanced to support up to 500 firewalls in a tenant.

  • Overall Improvement in TSR files for better troubleshooting and support.

  • Feature enhancement to enable download of access rules from NSM in CSV format is added for better visibility and manageability.

  • Several important bug fixes and internal application upgrades.

  • Auto-firmware upgrade feature in SonicOS 7.1.1 is disabled in both firewall view and template view in NSM since single/group firmware upgrades can be done through the Inventory page in NSM.

  • GMS will not support SonicOS 7.1.1 features.

Resolved Issues

Issue ID Description
NSM-23850 Customer unable to manage VPN policies on few of their firewalls.
NSM-23243 Unable to edit backup schedule.
NSM-23234 Unable to use template to set Geo-IP.
NSM-23232 Customer is unable to lookup an IP from Geo-IP diagnostics under Firewall view of NSM.
NSM-22225 Alerts for devices in custom tenants are also seen in global default tenant.
NSM-21972 Importing certificate to NSM fails with error.
NSM-21419 Schedule Backup throws error while importing large backup file.
NSM-21371 Radius authentication using MSCHAP or MSCHAPv2 fails with error.
NSM-21338 Sort by IP Address column is not working on Inventory page.
NSM-21026 NSM On-Prem HA goes out of sync and needs manual sync option.

Known Issues

Issue ID Description
NSM-23947 Set time automatically using NTP option reverts to disable after clicking on accept.
NSM-23905 Backup file exported from NSM Web UI in normal mode does not have .enc suffix.
NSM-23867 Support for VirtIO disk for KVM.
NSM-23720 IP, netmask and gateway fields not retained after upgrade in KVM deployments.

Additional References

NSM-23514, NSM-22877, NSM-22150, NSM-22074, NSM-21965, NSM-21870, NSM-21598, NSM-21370, NSM-21337.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden