To add a network monitor policy on the SonicWALL security appliance, perform these steps:
|
Step 1
|
From the
Network > Network Monitor
page, click the Add
button. The Add Network Monitor
Policy
window is displayed.
|
|
|
•
|
Name
- Enter a description of the Network Monitor policy.
|
|
|
•
|
Probe Target
- Select the Address Object or Address Group to be the target of the policy. Address Objects may be Hosts, Groups, Ranges, or FQDNs object. Objects within a Group object may be Host, Range, or FQDN Address Objects. You can dynamically create a new address object by selecting Create New Address Object
.
|
|
|
•
|
Probe Type
- Select the appropriate type of probe for the network monitor policy:
|
|
|
–
|
Ping (ICMP)
- This probe uses the route table to find the egress interface and next-hop for the defined probe targets. A Ping echo-request is sent out the egress interface with the source IP address of the egress interface. An echo response must return on the same interface within the specified Response Timeout time limit for the ping to be counted as successful.
|
|
|
–
|
TCP
- This probe uses the route table to find the egress interface and next-hop for the defined probe targets. A TCP SYN packet is sent to the probe target with the source IP address of the egress interface. A successful response will be counted independently for each probe target when the target responds with either a SYN/ACK or RST via the same interface within the Response Timeout time window. When a SYN/ACK is received, a RST is sent to close the connection. If a RST is received, no response is returned.
|
|
|
–
|
Ping (ICMP) - Explicit Route
- This probe bypasses the route table and uses the source IP address of the interface specified in the Outbound Interface pulldown menu to send a Ping to the targets. If a Next Hop Gateway is not specified, the probe assumes that the targets are directly connected to the Outbound Interface's network.
|
|
|
–
|
TCP - Explicit Route
- This probe bypasses the route table and uses the source IP address of the interface specified in the Outbound Interface pulldown menu to send a TCP SYN packet to the targets. If a Next Hop Gateway is not specified, the probe assumes that the targets are directly connected to the Outbound Interface's network. When a SYN/ACK is received, a RST is sent to close the connection. If a RST is received, no response is returned.
|
|
|
–
|
Next Hop Gateway
- Manually specifies the next hop that is used from the outbound interface to reach the probe target. This option must be configured for Explicit Route policies. For non-Explicit Route policies, the probe uses the appliance’s route table to determine the egress interface to reach the probe target.If a Next Hop Gateway is not specified, the probe assumes that the targets are directly connected to the Outbound Interface's network.
|
|
|
•
|
Outbound Interface -
Manually specifies which interface is used to send the probe. This option must be configured for Explicit Route policies. For non-Explicit Route policies, the probe uses the appliance’s route table to determine the egress interface to reach the probe target.
|
|
|
•
|
Port
- Specifies the destination port of target hosts for TCP probes. A port is not specified for Ping probes.
|
|
|
•
|
Probe hosts every
- The number of seconds between each probe. This number cannot be less than the Reply time out
field.
|
|
|
•
|
Reply time out
- The number of seconds the Network Monitor waits for a response for each individual probe before a missed-probe will be counted for the specific probe target. The Reply time out cannot exceed the Probe hosts every
field.
|
|
|
•
|
All Hosts Must Respond
- Selecting this checkbox specifies that all of the probe target Host States must be UP before the Policy State can transition to UP. If not checked, the Policy State is set to UP when any of the Host States are UP.
|
|
Step 5
|
Click
Add
to submit the Network Monitor policy.
|
When configuring a static route, you can optionally configure a Network Monitor policy for the
route. When a Network Monitor policy is used, the static route is dynamically disabled or enabled, based on the state of the probe for the policy. For more information, see “Probe-Enabled Policy Based Routing Configuration”
.