Verifying and Troubleshooting Web Application Firewall

One way to verify the correct configuration of Web Application Firewall is by viewing the Web Application Firewall > Monitoring page. This page displays statistics and graphs for detected/prevented threats over time and top 10 threats. The Local tab also displays Web server status statistics and graphs of the number of requests and the amount of traffic during the selected monitoring period. With normal use and exposure to the Internet, you should begin to see statistics within a day of activation.

You can also find helpful information in both the Log > View page and Web Application Firewall > Log page. This section lists some of the relevant log messages and provides an explanation or suggestions for actions in those cases.

Log > View Messages

The following messages can be viewed from the Log > View page:

Test the connectivity to licensemanager.sonicwall.com from the System > Diagnostics page using the Ping and DNS Lookup diagnostic utilities to ensure that there is connectivity to the backend server.

Test the connectivity to licensemanager.sonicwall.com from the System > Diagnostics page using the Ping and DNS Lookup diagnostic utilities to ensure that there is connectivity to the backend server.

The License Manager server or the signature database server may not have a valid SSL Certificate.

The device licenses have been reset. Navigate to the System > Licenses page to activate, upgrade or renew licenses.

Web Application Firewall > Log and Log > View Messages

The following messages can be viewed from the Web Application Firewall > Log page and the Log > View page:

The download for the database update completed, but no suitable signatures were found in the database.

The timestamp found in the database update from the License Manager is older than what was originally advertised before the download for the update started.

There was a general error in downloading and processing the database update. This is possible if the data in the update does not conform to the signature parser schema.

There was a general error in downloading and processing the database update. This is possible if the data in the update does not conform to the signature parser schema.

Signature database download was successful. The new database contains <num> number of rules. A rule is an internal property which will be used by Dell SonicWALL to determine how many signatures were downloaded.

NOTE: You can select the Apply Signature Updates Automatically option on the Web Application Firewall > Settings page to apply new signatures automatically. If this option is not selected, you must click the Apply button that appears on the Web Application Firewall > Status page after a successful download. After the database has been successfully applied, all of the signatures within the new database can be found on the Web Application Firewall > Signatures page.

The signature database update was applied after the administrator clicked on the Apply button on the Web Application Firewall > Status page.

The Web Application Firewall engine will be using the factory default signature database for traffic inspection. This may imply that no new signatures were found since the firmware update. If an attempt to download is revealed in the logs earlier, then this message could also imply that the update could not be processed successfully due to database errors and as a precautionary measure the factory default database has been used.