• SonicWall Network Security Manager 2.4 On-Premises
  • Version 2.4.0 On-Premises
  • SonicWall Support
    • About This Document

Version 2.4.0 On-Premises

May 2024

Important

• Refer to the knowledge base article, How to Upgrade SonicCore and NSM in Closed Network for detailed instructions on upgrading NSM in closed network environment.
• Refer to the knowledge base article, Upgrade NSM on-prem via System Update for detailed instructions on a system upgrade. Prior to update, you need to create a system backup of the NSM on-premises system in case you need to roll back to the prior version. Refer to Backup and Restore an NSM On-Prem System for detailed instructions.

• Refer to knowledge base article, How to Upgrade On-Prem Network Security Manager firmware for detailed instructions on upgrading NSM firmware using SWI files.

• Customers running NSM version 2.3.4-6-R15 should first upgrade to 2.3.4-6-R17 by mandatorily following steps mentioned in https://www.sonicwall.com/support/knowledge-base/taking-backup-of-nsm-on-premise-before-upgrade/230628174823577/.

• NSM 2.4.0-R32 is only supported for upgrade from NSM 2.3.5-1-R30.

  Customers running NSM version 2.3.4-6-R17 should upgrade to 2.3.5-1-R30 using SWI upgrade.

• In user creation workflow, NSM allows to specify primary emails. Users can login into NSM using username and primary email id only.

  The user interface option to specify secondary email id while creating new user or existing user is removed from NSM 2.4.0 release.

• NSM On-Prem supports importing backup file of size upto 20 GB. To keep backup file size in control we recommend to delete device firmware image used for upgrading individual firewalls from Home > Firewalls > Inventory > Action > Upgrade firmware upgrade.

Compatibility and Installation Notes

• Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
• A MySonicWall account is required.
• Capacity Requirements: The capacity requirements for an NSM On-Premises deployment have changed:

  Platform	Platform Details	Number of Firewalls	Recommended Configuration
  VMware	Supported versions: ESXi 7.0, 8.0	1-500 500-3000	4 Cores, 24 GB RAM 8 Cores, 48 GB RAM
  Hyper-V	Windows 2019, 2022	1-500 500-3000	4 Cores, 24 GB RAM 8 Cores, 48 GB RAM
  KVM	Linux Kernel 5.15 LTS	1-500 500-3000	4 Cores, 24 GB RAM 8 Cores, 48 GB RAM
  Azure	Standard_D4_v2 Standard_D5_v2	1-500 500-3000	8 Cores, 28 GiB RAM 16 Cores, 56 GiB RAM

• Upgrade Instructions:

  NSM can be upgraded using system update or .swi image. The minimum version requirements for upgrading to NSM 2.4.0 are:

  Platform	Minimum Required Version
  VMWare, Hyper-V, KVM, Azure	2.3.5-1

  For KVM users,

  • Before upgrading to NSM 2.4.0-R32, make sure the VM disk attached to NSM is SCSI. If the attached disk is VirtIO, follow the steps mentioned under KB article to convert it to SCSI.

  • After upgrade to NSM 2.4.0-R32, network settings might be lost temporary (just once). On encountering this, navigate to the SonicCore Management Console (orange screen) and reconfigure the network IP, subnet and gateway settings. Refer to Installing NSM on KVM section in NSM On-Premises Getting Started Guide.

What's New

• NSM on-prem 2.4.0 can manage firewall running SonicOS 7.1.1. New features of SonicOS 7.1.1 can be managed in both template and firewall view. SonicOS 7.1.1 contains the following major features:

  • DNS Filtering: DNS security service inspects the DNS traffic in real time and provides an ability to block threats before they reach the network.

  • Content Filtering (CFS) 5.0: Content filtering blocks users from loading questionable websites or network resources and restricts the user access to certain types of content on the internet. Customers can use DNS Filtering feature to block, allow, and/or track visits to certain websites and network resources.

  • NAC support: NAC ability provide visibility, device profiling, policy enforcement, and access management. Customers can exercise granular control on policy enforced on the devices connecting to the network

  Please refer to the SonicOS 7.1 release notes for more detailed information on all the SonicOS 7.1.1 features.

• Now customer can install NSM on-prem on Hyper-V running on Windows server 2019 and 2022 and VMWare ESXi 8.0

• NSM is upgraded to kernel version 5.15 LTS to provide better performance and security.

• NSM disk usage is optimized by reducing backup size by 30% and auto deletion of unreferenced group firmware upgrade files.

• NSM scalability is enhanced to support up to 500 firewalls in a tenant.

• Overall Improvement in TSR files for better troubleshooting and support.

• Feature enhancement to enable download of access rules from NSM in CSV format is added for better visibility and manageability.

• Several important bug fixes and internal application upgrades.

• Auto-firmware upgrade feature in SonicOS 7.1.1 is disabled in both firewall view and template view in NSM since single/group firmware upgrades can be done through the Inventory page in NSM.

• GMS will not support SonicOS 7.1.1 features.

Resolved Issues

Issue ID	Description
NSM-23850	Customer unable to manage VPN policies on few of their firewalls.
NSM-23243	Unable to edit backup schedule.
NSM-23234	Unable to use template to set Geo-IP.
NSM-23232	Customer is unable to lookup an IP from Geo-IP diagnostics under Firewall view of NSM.
NSM-22225	Alerts for devices in custom tenants are also seen in global default tenant.
NSM-21972	Importing certificate to NSM fails with error.
NSM-21419	Schedule Backup throws error while importing large backup file.
NSM-21371	Radius authentication using MSCHAP or MSCHAPv2 fails with error.
NSM-21338	Sort by IP Address column is not working on Inventory page.
NSM-21026	NSM On-Prem HA goes out of sync and needs manual sync option.

Known Issues

Issue ID	Description
NSM-23947	Set time automatically using NTP option reverts to disable after clicking on accept.
NSM-23905	Backup file exported from NSM Web UI in normal mode does not have .enc suffix.
NSM-23867	Support for VirtIO disk for KVM.
NSM-23720	IP, netmask and gateway fields not retained after upgrade in KVM deployments.

Additional References

NSM-23514, NSM-22877, NSM-22150, NSM-22074, NSM-21965, NSM-21870, NSM-21598, NSM-21370, NSM-21337.