System_systemToolsView

System > Diagnostics

The System > Diagnostics page provides several diagnostic tools which help troubleshoot network problems as well as Active Connections, CPU and Process Monitors.

Tech Support Report

The Tech Support Report (TSR) generates a detailed report of the SonicWALL security appliance configuration and status, and saves it to the local hard disk using the Download Report button. This file can then be e-mailed to SonicWALL Technical Support to help assist with a problem.

Tip: : You must register your SonicWALL security appliance on mysonicwall.com to receive technical support.

Before e-mailing the Tech Support Report to the SonicWALL Technical Support team, complete a Tech Support Request Form at https://www.mysonicwall.com. After the form is submitted, a unique case number is returned. Include this case number in all correspondence, as it allows SonicWALL Technical Support to provide you with better service.

Generating a Tech Support Report

1. In the Tech Support Report section, select any of the following report options:
• Print Debug Information in report - specifies whether the downloaded TSR is to contain debug information.

The TSR is organized in an easy-to-read format based off the second level nodes of the GUI menu categories. You control whether or not to include debug information as a category at the end of the report. Debug information contains miscellaneous information that is not used by the average support engineer, but can be useful in certain circumstances.

The Debug information is enclosed by the #Debug Information_START and #Debug Information_END tags.

Note: The TSR sent by DRP always contains debug information, whether or not the Print Debug Information in TSR option is checked.

• SonicPointN Diagnostics – lists log data if the SonicPoint-N experiences a failure and reboots. Note this checkbox is only available if the SonicPoint device is enabled. For more information regarding this feature, refer to the SonicPoint-N Diagnostics Enhancement.
• Current users – lists all currently logged in local and remote users
• Detail of users – lists additional details of user sessions, including timers, privileges, management mode if managing, group memberships, CFS policies, VPN client networks, and other information

Note: For reporting maximum user information, check both Current users and Detail of users.

2. Click Download Report to save the file to your system. When you click Download Report, a warning message is displayed.
3. Click OK to save the file. Attach the report to your Tech Support Request e-mail.
4. To send the TSR, system preferences, and trace log to SonicWALL Engineering (not to SonicWALL Technical Support), click Send Diagnostic Reports. The Status indicator at the bottom of the page displays “Please wait!” while the report is sent, and then displays “Diagnostic reports sent successfully.” You would normally do this after talking to Technical Support.
5. To periodically send the TSR, system preferences, and trace log to MySonicWALL for SonicWALL Engineering, select the Enable Periodic Secure Backup of Diagnostic Reports to MySonicwall checkbox and enter the interval in minutes between the periodic reports in the Time Interval (minutes) field.
6. To include raw data in the TSR report, check Include raw flow table data entries when sending diagnostic report.

Diagnostic Tools

You select the diagnostic tool from the Diagnostic Tool drop-down list in the Diagnostic Tool section of the System > Diagnostics page. The following diagnostic tools are available:

• Check Network Settings
• Connections Monitor
• Multi-Core Monitor
• Core Monitor
• CPU Monitor
• Link Monitor
• Packet Size Monitor
• DNS Name Lookup
• Find Network Path
• Ping
• Core 0 Process Monitor
• Real-Time Black List Lookup
• Reverse Name Resolution
• Connection Limit TopX
• MX Lookup and Banner Check
• Trace Route
• Web Server Monitor
• User Monitor

Check Network Settings

Check Network Settings is a diagnostic tool which automatically checks the network connectivity and service availability of several pre-defined functional areas of SonicOS, returns the results, and attempts to describe the causes if any exceptions are detected. This tool helps administrators locate the problem area when users encounter a network problem.

Specifically, the Check Network Settings tool automatically tests the following functions:

• Default Gateway settings
• DNS settings
• MySonicWALL server connectivity
• License Manager server connectivity
• Content Filter server connectivity

The return data consists of two parts:

• Test Results – Provides a summary of the test outcome
• Notes – Provides details to help determine the cause if any problems exist

The Check Network Settings tool is dependent on the Network Monitor feature available on the Network > Network Monitor page of the SonicOS management interface. Whenever the Check Network Settings tool is being executed (except during the Content Filter test), a corresponding Network Monitor Policy appears on the Network Monitor page, with a special diagnostic tool policy name in the form “diagTestPolicyAuto_<IP_address>_0”.

To use the Check Network Settings tool, first select it in the Diagnostic Tools drop-down list and then click the Test button in the row for the item that you want to test. The results are displayed in the same row. A green check mark signifies a successful test, and a red X indicates that there is a problem.

To test multiple items at the same time, select the checkbox for each desired item and then click the Test All Selected button.

If there are any failed probes, you can click the blue arrow to the left of the IP Address field of the failed item to jump to the configuration page to investigate the root cause.

Connections Monitor

The Connections Monitor displays real-time, exportable (plain text or CSV), filterable views of all connections to and through the SonicWALL security appliance. Click on a column heading to sort by that column.

Active Connections Monitor Settings

You can filter the results to display only connections matching certain criteria. You can filter by Source IP, Destination IP, Destination Port, Protocol, Src Interface, and Dst Interface. Enter your filter criteria in the Active Connections Monitor Settings table.

The fields you enter values into are combined into a search string with a logical AND. For example, if you enter values for Source IP and Destination IP, the search string will look for connections matching:

Source IP AND Destination IP

Check the Group box next to any two or more criteria to combine them with a logical OR. For example, if you enter values for Source IP, Destination IP, and Protocol, and check Group next to Source IP and Destination IP, the search string will look for connections matching:

(Source IP OR Destination IP) AND Protocol

Click Apply Filter to apply the filter immediately to the Active Connections Monitor table. Click Reset Filters to clear the filter and display the unfiltered results again.

You can export the list of active connections to a file. Click Export Results, and select if you want the results exported to a plain text file, or a Comma Separated Value (CSV) file for importing to a spreadsheet, reporting tool, or database. If you are prompted to Open or Save the file, select Save. Then enter a filename and path and click OK.

Multi-Core Monitor

The Multi-Core Monitor displays dynamically updated statistics on utilization of the individual cores of the SonicWALL security appliances. Core 0 handles the control plane. The control plane processes all web server requests for the SonicOS UI as well as functions like FTP and VoIP control connections. Core 0 usage is displayed in green on the Multi-Core Monitor.

The remaining cores handle the data plane. To maximize processor flexibility, functions are not dedicated to specific cores; instead all cores can process all data plane tasks. Memory is shared across all cores. UTM processing is displayed in grey for the data plane cores, and all other processing is displayed in blue.

Note: High utilization on Core 0 is normal while browsing the Web management interface and applying changes. All Web management requests are processed by Core 0 and do not impact the other cores. Traffic handling and other critical, performance-oriented and system tasks are always prioritized by the scheduler, and will never be impacted by web management usage.

Packet ordering and synchronization is maintained by assigning a unique tag to each unique flow. A flow is defined by five pieces of information: source IP address and port number, destination IP address and port number, and the protocol. To ensure that TCP and UTM states are properly maintained, each flow is processed by a single core. Each core can process a separate flow simultaneously, allowing for up to sixteen flows to be processed in parallel.

Core Monitor

The Core Monitor displays dynamically updated statistics on the utilization of a single specified core on the SonicWALL NSA E-Class series security appliances. The View Style provides a wide range of time intervals that can be displayed to review core usage.

Note: High utilization on Core 0 is normal while browsing the Web management interface and applying changes. All Web management requests are processed by Core 0 and do not impact the other cores. Traffic handling and other critical, performance-oriented and system tasks are always prioritized by the scheduler, and will never be impacted by web management usage.

CPU Monitor

The CPU Monitor diagnostic tool shows real-time CPU utilization in second, minute, hour, and day intervals (historical data does not persist across reboots). The CPU Monitor is only included on single core SonicWALL security appliances. The multi-core appliances display the Multi-Core Monitor instead.

Note: High CPU utilization is normal during Web-management page rendering, and while saving preferences to flash. Utilization by these tasks is an indication that available resources are being efficiently used rather than sitting idle. Traffic handling and other critical, performance-oriented and system tasks are always prioritized by the scheduler, and never experience starvation.

Link Monitor

The Link Monitor displays bandwidth utilization for the interfaces on the SonicWALL security appliance. Bandwidth utilization is shown as a percentage of total capacity. The Link Monitor can be configured to display inbound traffic, outbound traffic or both for each of the physical interfaces on the appliance.

Packet Size Monitor

The Packet Size Monitor displays sizes of packets on the interfaces on the SonicWALL security appliance. You can select from four time periods, ranging from the last 30 seconds to the last 30 days. The Packet Size Monitor can be configured to display inbound traffic, outbound traffic or both for each of the physical interfaces on the appliance.

1. Select one of the following from the View Style drop-down list:
• Last 30 Seconds
• Last 30 Minutes
• Last 24 Hours
• Last 30 Days
2. Select the physical interface to view from the Interface Name drop-down list.
3. In the Direction drop-down list, select one of the following:

• Both – Select for packets traveling both inbound and outbound
• Ingress – Select for packets arriving on the interface
• Egress – Select for packets departing from the interface

The packets are displayed in the Average Packet Size graph, where the X axis specifies when the packets crossed the interface and the Y axis specifies the average packet size at that time. Ingress packets are displayed in green, and egress packets are displayed in red.

DNS Name Lookup

The SonicWALL security appliance has a DNS lookup tool that returns the IP address of a domain name. Or, if you enter an IP address, it returns the domain name for that address.

1. Enter the host name or IP address in the Look up name field. Do not add http to the host name.
2. The SonicWALL security appliance queries the DNS Server and displays the result in the Result section. It also displays the IP address of the DNS Server used to perform the query.

The DNS Name Lookup section also displays the IP addresses of the DNS Servers configured on the SonicWALL security appliance. If there is no IP address or IP addresses in the DNS Server fields, you must configure them on the Network > Settings page.

Find Network Path

Find Network Path indicates if an IP host is located on the LAN or WAN ports. This can diagnose a network configuration problem on the SonicWALL security appliance. For example, if the SonicWALL security appliance indicates that a computer on the Internet is located on the LAN, then the network or Intranet settings may be misconfigured.

Find Network Path can be used to determine if a target device is located behind a network router and the Ethernet address of the target device. It also displays the gateway the device is using and helps isolate configuration problems.

Ping

The Ping test bounces a packet off a machine on the Internet and returns it to the sender. This test shows if the SonicWALL security appliance is able to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the DNS server, or another machine at the ISP location. If the test is unsuccessful, try pinging devices outside the ISP. If you can ping devices outside of the ISP, then the problem lies with the ISP connection.

1. Select Ping from the Diagnostic Tool menu.
2. Enter the IP address or host name of the target device and click Go.
3. In the Interface pulldown menu, select which WAN interface you want to test the ping from. Selecting ANY allows the appliance to choose among all interfaces—including those not listed in the pulldown menu.
4. If the test is successful, the SonicWALL security appliance returns a message saying the IP address is alive and the time to return in milliseconds (ms).

Core 0 Process Monitor

The Core 0 Process Monitor shows the individual system processes on core 0, their CPU utilization, and their system time. The Core 0 process monitor is only available on the multi-core NSA E-Class appliances.

Real-Time Black List Lookup

The Real-Time Black List Lookup tool allows you to test SMTP IP addresses, RBL services, or DNS servers. Enter an IP address in the IP Address field, a FQDN for the RBL in the RBL Domain field and DNS server information in the DNS Server field. Click Go.

Reverse Name Resolution

The Reverse Name Resolution tool is similar to the DNS name lookup tool, except that it looks up a server name, given an IP address.

Enter an IP address in the Reverse Lookup the IP Address field, and it checks all DNS servers configured for your security appliance to resolve the IP address into a server name.

Connection Limit TopX

The Connection Limit TopX tool lists the top 10 connections by the source and destination IP addresses. Before you can use this tool, you must enable source IP limiting and/or destination IP limiting for your appliance. If these are not enabled, the page displays a message to inform you that you can enable them on the Firewall > Advanced page.

Check GEO Location and BOTNET Server Lookup

The Geo-IP and Botnet Filtering feature allows administrators to block connections to or from a geographic location based on IP address, and to or from Botnet command and control servers. Additional functionality for this feature is available on the Security Services > Geo-IP and Botnet Filter page. For full details, see Security Services > Geo-IP and Botnet Filter.

MX Lookup and Banner Check

The MX Lookup and Banner Check tool allows you to look up a domain or IP address. Your configured DNS servers are displayed in the DNS Server 1/2/3 fields, but are not editable. After you type a domain name, such as “google.com” into the Lookup name or IP field and click Go, the output is displayed under Result. The results include the domain name or IP address that you entered, the DNS server from your list that was used, the resolved email server domain name and/or IP address, and the banner received from the domain server or a message that the connection was refused. The contents of the banner depends on the server you are looking up.

Trace Route

Trace Route is a diagnostic utility to assist in diagnosing and troubleshooting router connections on the Internet. By using Internet Connect Message Protocol (ICMP) echo packets similar to Ping packets, Trace Route can test interconnectivity with routers and other hosts that are farther and farther along the network path until the connection fails or until the remote host responds.

1. Select Trace Route from the Diagnostic Tool menu.
2. Type the IP address or domain name of the destination host in the TraceRoute this host or IP addres field.
3. In the Interface pulldown menu, select which interface you want to test the trace route from. Selecting ANY allows the appliance to choose among all interfaces—including those not listed in the pulldown menu.
4. Click Go.

A second window is displayed with each hop to the destination host. By following the route, you can diagnose where the connection fails between the SonicWALL security appliance and the destination.

Path MTU Discovery

Path MTU Discovery is a diagnostic tool that determines the maximum transmission unit (MTU) on the network path between the SonicWALL security appliance and a remote host. It is used to avoid IP fragmentation of traffic between the two hosts.

For IPv4 packets, Path MTU Discovery works by setting the "Don't Fragment" (DF) option bit in the IP headers of outgoing packets. When the DF option bit is set for a packet, and the packet traverses a device with an MTU smaller than the packet size, the device drops the packet and sends back an ICMP Fragmentation Needed message containing its MTU, allowing the source host to reduce its Path MTU appropriately. The process repeats until the MTU is small enough to traverse the entire path without fragmentation. IPv6 functions similarly, but the DF option bit is not required. IPv6 devices automatically send an ICMPv6 Packet Too Big message if the packet exceeds the devices MTU size.

By determining the MTU size on a network path and configuring the MTU for your SonicWALL security appliance below the path MTU size, you avoid the potential delay caused by negotiation of the MTU size and other MTU-related network issues.

To configure Path MTU Discovery, perform the following tasks:

1. On the System > Diagnostics page, select PMTU Discovery for the Diagnostic Tool.
2. In the Path MTU Discovery to this host or IP address, enter the IP address or host name that you want to measure the Path MTU for. This can be either an IPv4 or IPv6 address.
3. Optionally, in the Interface pulldown menu, you can select one of the configured WAN interfaces on the appliance to check the Path MTU for that interface. When the Interface pulldown menu is set to ANY, the appliance chooses among all of its interfaces.
4. Click Go. The Path MTU Discovery results are displayed in a pop-up window.

Note: If you do not see this window, check that your browser allows pop-ups for the SonicWALL GUI.

The following example shows the Path MTU Discovery for the route between 192.168.168.168 and 58.63.236.236. The smallest MTU is 1492 bytes between 9.9.9.8 and 10.103.48.1.

Web Server Monitor

The Web Server Monitor tool displays the CPU utilization of the Web server over several periods of time. The time frame of the Web Server Monitor can be changed by selecting one of the following options in the View Style pulldown menu: last 30 seconds, last 30 minutes, last 24 hours, or last 30 days.

User Monitor

The User Monitor tool displays details on all user connections to the SonicWALL security appliance.

The following options can be configured to modify the User Monitor display:

• View Style – Select whether to display the Last 30 Minutes, the Last 24 Hours, or the Last 30 Days.
• Vertical Axis – Select whether the scale of the vertial axis should be set for 500 Users or 50 Users.
• Show – Select whether to show All Users, Remote Users with GVC/L2TP Client, or Users Authenticated by Web Login.