The examples shown in the Tasklist section on the next few pages utilize IP addressing information from a demo setup – please make sure and replace any IP addressing information shown in the examples with the correct addressing information for your setup. Also note that the interface names may be different.
To enable logging and alerting, log into the firewall’s Management GUI, go to Log > Categories, choose Debug from the drop-down next to Logging Level, chose All Categories from the drop-down next to View Style, check the boxes in the title bar next to Log and Alerts to capture all categories, and click on the Apply button in the upper right hand corner to save and activate the changes. For an example, see the screenshot below. Debug logs should only be used for initial configuration and troubleshooting, and it is advised that once setup is complete, you set the logging level to a more appropriate level for your network environment.
|
1
|
Go to Log > Name Resolution.
|
|
2
|
|
3
|
Click the Accept button in the upper left hand corner to save and activate the changes.
|
|
a
|
Go to the Network > Address Objects page.
|
|
a
|
Click on the Address Groups tab.
|
|
b
|
Create an address group named www_group.
|
|
a
|
|
4
|
|
a
|
On the Advanced tab of the NAT policy configuration control, you can specify that the object (or group of objects, or group of groups) be monitored via ICMP ping or by checking for TCP sockets opened. For this example, we are going to check to see if the server is up and responding by monitoring TCP port 80 (which is good, as that is what people are trying to access).
|
|
b
|
Click the Add button to save and activate the changes.
|
|
NOTE: Before you go any further, check the logs and the status page to see if the resources have been detected and have been logged as online. Two alerts will appear as Firewall Events with the message Network Monitor: Host 192.160.200.220 is online (with your IP addresses). If you do not see these two messages, check the steps above.
|
|
c
|
Click the Close button.
|
|
NOTE: If you wish to load balance one or more SonicWALL SRA Appliances, repeat Step 1 through Step 7, using HTTPS instead as the allowed service.
|
If the Web servers do not seem to be accessible, go to the Firewall > Access Rules page and mouseover the Statistics icon.
You can also check the Firewall > NAT Policies page and mouseover the Statistics icon. If the policy is configured incorrectly you will not see any Rx or TX Bytes; if it is working, you will see these increment with each successful external access of the load balanced resources.