KNOWLEDGE DATABASE HOW TO DOWNLOAD, INSTALL AND SET UP SONICWALL ANALYZER DESCRIPTION This article summarizes a step by step procedure for the installation and set up of analyzer with a SonicWall firewall. you have a previous version of Analyzer (e.g., 8.1) and you want to upgrade to the later version, please download the SW 8.2 GMS/Analyzer Windows or GMS/Analyzer Windows (for version 8.3) file. If you are considering a fresh installation, please download either SW 8.2 GMS/Analyzer RV2 Windows or GMS/Analyzer Postgres Windows (for version 8.3) file. While you are in the Download Center, please consider downloading a copy of the Analyzer Administrator Guide, which provides step-by-step instructions for the installation, configuration and administration. RESOLUTION Step1. Download: The Analyzer installation file can be downloaded from your MysonicWall account from the Download Center. Analyzer comes as GMS/Analyzer - Virtual Appliance and GMS/Analyzer Windows distributions (Fig. 1). This article discusses the installation of the Windows version on a Server 2012R2. Windows Operating System requirements for Analyzer 8.6: Windows Server 2012 Standard 64-bit, Windows server 2012R2 Standard 64-bit, Windows server 2012R2 Data Center, Windows 8.1 64-bit. Analyzer uses two separate databases for storing the configurations (e.g., MySQL) and storing the reports (e.g., Infobright). A major improvement in the newer versions of Analyzer is the use of Postgres SQL for storing the reports. This change is reflected in the two types of installation files available under each software version. For example, if 1 Fig. 1. Downloading the Analyzer installation file. Step 2. Installation: Double-clicking the installation file will guide you through the installation procedure. Please make sure you have the IP address of the analyzer installation (e.g., Server 2012R2) and the SonicWall Network Appliance. Installations steps are summarized below with screenshots (Fig. 2).
2
While the installation procedure outlined above is self-explanatory, let us review the following steps in Fig. 2. (5) The IP address can be obtained from Network Connection Details of the host. It is a good idea to install the analyzer in the subnet as the SonicWall Firewall IP address, e.g., 192.168.168.0/24 here. If the Analyzer and SonicWall firewall are in different subnets, one has to make sure that they are communicating with each other. (6) The Analyzer GUI control can be accessed via a web server by typing https://localized:portnumber or https://ip.address:portnumb er. These web protocols use TCP port 80 (HTTP) and TCP port 443 (HTTPs). If you get an error about the ports "... already being used by another Web Server/Application...", change the default ports to a alternative port numbers (as in 7). (8) This is a general notice that informs the user about Windows firewall requirements. It is a good idea to create a firewall exclusion for the Analyzer ports in the Windows firewall. Fig. 2. Installation of Analyzer on a Windows host. (10) Please note that you have to restart the host after the installation for the required services to start. Step 3. First login and Registration: Once the Analyzer is installed, it can be access it via a web browser. Please note for the first time, you will be directed to an HTTP page as in Fig. 3. The default user name is admin and password is password. Once you have registered the installation all subsequent login pages will use HTTPs. One can also access the web GUI by double-clicking the Analyzer Icon. 3
Fig. 3. First time login to Analyzer GUI control. For registration, the host (computer) must be connected to the Internet so that Analyzer can contact the license server (Fig. 4). One will have to present the credentials for the MySonicWall account (4). If you are using a new installation, the default serial number is analyzer (5). If you already have a license the unit will retrieve the information and the license number. It is a good idea to give a friendly name for the Analyzer. Fig. 4. Analyzer registration. Step 4. Deploy Role: Initial configuration for the analyzer involves the Role deployment (Fig. 5), where one has to set a MySQL root password (2) and designate a database configuration user (1). Notice that Analyzer uses the default Syslog port UDP 514 and TCP 3306 for MySQL. During Deployment the Syslog port can be editted but the MySQL port cannot. 4
Fig. 5. Analyzer Role Deployment. Analyzer uses two types of user accounts- (1) and (2) in Fig. 5. Please carefully store passwords after you have updated here. Also notice that the root password setup option is only available during the role deployment A note about Analyzer GUI views. Analyzer presents two views (Fig. 6) - System Interface View (1) and Application Interface View (2). They can be accessed by the Switch button on the top right control button area. After the initial setup,most of the user interaction happens in the Application Interface. Fig. 6. Analyzer GUI views. Step 5. Add a SonicWall Network Security Appliance. Please navigate to Firewall tab and click the button with green arrow on the top left (e.g., 1 in Fig. 7). This will bring 5 more controls (2) as listed in the insert of Fig. 7. The first from the left allows one to add a unit. The Analyzer communicates with the SonicWall Network Security Appliance using HTTPs. Please provide a friendly Unit Name to identify the appliance, its Serial Number, IP address and the admin access information- admin login name, password, and the Management port (e.g., 443). 5
Fig. 7. Adding a SonicWall Firewall to the Analyzer. Step 6. Provision the SonicWall Network Security Appliance: On the firewall, please navigate to Log Analyzer, (1) select Enable Analyzer Settings and (2) click Save. Next (3) click Add to add the Analyzer information such as the IP address of the Analyzer. Rest of the information may be selected as the default. However, if you have used a different Syslog port, please update it here. 6 Fig. 8. Provisioning a SonicWall Network Security Appliance to send logs to an Analyzer. Now that we have established a communication between the Analyzer and the SonicWall Network Security Appliance, its (Network Security Appliance) syslog will forward the logs to the Analyzer. Please refer to the KB that summarizes the portsused. Step 7. Summarize the logs. If you navigate to the Data Usage Timeline in Firewall tab of the Analyzer there will not be any reports. (Fig. 9). The reasons for this is that although the Analyzer has the logs it has not been Summarized. Please navigate to Console Reports Summarizer Summarizer now.
Fig. 10. Enable Syslog Forwarding. Click on the Syslog again and you will see the logs (Fig. 11). Fig. 9. A view of the Data Usage Timeline before Summarization. Step 8: Enable Syslog Forwarding. Navigate to Firewall Global View Real time Viewer Syslog Settings and click Enable syslog forwarding and then Update and Start (Fig. 10). : 7
Fig. 11. Successful Analyzer set up with logs. 8