|
|
The System > Diagnostics page provides several diagnostic tools which help troubleshoot network problems as well as CPU and Process Monitors.
The Tech Support Report generates a detailed report of the SonicWALL security appliance configuration and status, and saves it to the local hard disk using the Download Report button. This file can then be e-mailed to SonicWALL Technical Support to help assist with a problem.
Note! You
must register your SonicWALL security appliance on mySonicWALL.com to receive
technical support.
Before e-mailing the Tech Support Report to the SonicWALL Technical Support team, complete a Tech Support Request Form at <https://www.mysonicwall.com>. After the form is submitted, a unique case number is returned. Include this case number in all correspondence, as it allows SonicWALL Technical Support to provide you with better service.
VPN Keys - saves shared secrets, encryption, and authentication keys to the report.
ARP Cache - saves a table relating IP addresses to the corresponding MAC or physical addresses.
DHCP Bindings - saves entries from the SonicWALL security appliance DHCP server.
IKE Info - saves current information about active IKE configurations.
The SonicWALL provides the following built-in tools to help you troubleshoot network problems:
The Active Connections Monitor displays real-time, exportable (plain text or CSV), filterable views of all connections to and through the SonicWALL security appliance.
You can filter the results to display only connections matching certain criteria. You can filter by Source IP, Destination IP, Destination Port, Protocol, Src Interface, and Dst Interface. Enter your filter criteria in the Active Connections Monitor Settings table.
The fields you enter values into are combined into a search string with a logical AND. For example, if you enter values for Source IP and Destination IP, the search string will look for connections matching:
Source IP AND Destination IP
Check the Group box next to any two or more criteria to combine them with a logical OR. For example, if you enter values for Source IP, Destination IP, and Protocol, and check Group next to Source IP and Destination IP, the search string will look for connections matching:
(Source IP OR Destination IP) AND Protocol
Click Apply Filter to apply the filter immediately to the Active Connections Monitor table. Click Reset Filters to clear the filter and display the unfiltered results again.
You can export the list of active connections to a file. Click Export Results, and select if you want the results exported to a plain text file, or a Comma Separated Value (CSV) file for importing to a spreadsheet, reporting tool, or database. If you are prompted to Open or Save the file, select Save. Then enter a filename and path and click OK.
The connections are listed in the Active Connections Monitor table. The table lists:
Click on a column heading to sort by that column.
The CPU Monitor diagnostic tool shows real-time CPU utilization in second, minute, hour, and day intervals (historical data does not persist across reboots).
Note! High
CPU utilization is normal during Web-management page rendering, and while saving
preferences to flash. Utilization by these tasks is an indication that available
resources are being efficiently used rather than sitting idle. Traffic handling
and other critical, performance-oriented and system tasks are always prioritized
by the scheduler, and never experience starvation.
The SonicWALL has a DNS lookup tool that returns the numerical IP address of a domain name or if you enter an IP address, it returns the domain name.
Select DNS Name Lookup from the Select Diagnostic Tool menu.
Enter the host name to lookup in the Look up the name field. Do not add the prefix "http://" to the host name.
Click Go. The SonicWALL then queries the DNS server and displays the result in the Results section. It also displays the IP address of the DNS server used to perform the query.
The DNS Name Lookup section also displays the IP addresses of the DNS servers configured on the SonicWALL. If there are no IP addresses in the DNS Server fields, you must configure them on the Network>Settings page.
The Find Network Path tool indicates if an IP host is located on the WAN, LAN or DMZ. This can diagnose a network configuration problem on the SonicWALL. For example, if the SonicWALL indicates that a computer on the Internet is located on the LAN, then the network or Intranet settings may be misconfigured. Find Network Path can be used to determine if a target device is located behind a network router and the Ethernet address of the target device. It also displays the gateway the device is using and helps isolate configuration problems.
Select Find Network Path from the Select Diagnostic Tool menu.
Enter the IP address of the device in the Find location of this IP address field.
Click Go. The test takes a few seconds to complete. Once completed, the results are displayed in the Tools page.
The Packet Trace tool tracks the status of a communications stream as it moves from source to destination. This is a useful tool to determine if a communications stream is being stopped at the SonicWALL, or is lost on the Internet. The maximum number of packets the Packet Trace tool can capture is 25.
To interpret this tool, it is necessary to understand the three-way handshake that occurs for every TCP connection. The following displays a typical three-way handshake initiated by a host on the SonicWALL LAN to a remote host on the WAN.
From 192.168.168.158 / 1282 (00:a0:4b:05:96:4a)
To 204.71.200.74 / 80 (02:00:cf:58:d3:6a)
The SonicWALL receives SYN from LAN client.
From 207.88.211.116 / 1937 (00:40:10:0c:01:4e)
To 204.71.200.74 / 80 (02:00:CF:58:d3:6a)
The SonicWALL forwards SYN from LAN client to remote host.
From 204.71.200.74 / 80 (02:00:CF:58:d3:6a)
To 207.88.211.116 / 1937 (00:40:10:0c:01:4e)
The SonicWALL receives SYN,ACK from remote host.
From 204.71.200.74 / 80 (02:00:CF:58:d3:6a)
To 192.168.168.158 / 1282 (00:a0:4b:05:96:4a)
The SonicWALL forwards SYN,ACK to LAN client.
From 192.168.168.158 / 1282 (00:a0:4b:05:96:4a)
To 204.71.200.74 / 80 (02:00:CF:58:d3:6a)
Client sends a final ACK, and waits for start of data transfer.
From 207.88.211.116 / 1937 (00:40:10:0c:01:4e
To 204.71.200.74 / 80 (02:00:CF:58:d3:6a)
The SonicWALL forwards the client ACK to the remote host and waits for the data transfer to begin.
When using packet traces to isolate network connectivity problems, look for the location where the three-way handshake is breaking down. This helps to determine if the problem resides with the SonicWALL configuration, or if there is a problem on the Internet.
Tip! Packet
Trace requires an IP address. The SonicWALL DNS Name Lookup tool
can be used to find the IP address of a host.
Select Packet Trace from the Select Diagnostic Tool menu.
Enter the IP address of the remote host in the Trace on IP address field. You must enter an IP address in the Trace on IP address field; do not enter a host name, such as “www.yahoo.com”.
Click Start.
Contact the remote host using an IP application such as Web, FTP, or Telnet.
Click Refresh and the packet trace information is displayed.
The Captured Packets table displays the packet number and the content of the packet; for example, ARP Request send on WAN 42 bytes.
Select a packet in the Captured Packets table to display packet details. Packet details include the packet number, time, content, source of the IP address, and the IP address destination.
The Ping test bounces a packet off a machine on the Internet and returns it to the sender. This test shows if the SonicWALL is able to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the DNS server, or another machine at the ISP location. If this test is unsuccessful, try pinging devices outside the ISP. If you can ping devices outside of the ISP, then the problem lies with the ISP connection.
Select Ping from the Select Diagnostic Tool list.
Enter the IP address or host name of the target device to ping in the Ping host or IP address field.
Click Go. The test takes a few seconds to complete. If the test is successful, the SonicWALL returns a message saying the IP address is alive and the time to return in milliseconds.
Process Monitor shows individual system processes, their CPU utilization, and their system time.
The Real-Time Black List Lookup tool allows you to test SMTP IP addresses, RBL services, or DNS servers. Enter an IP address in the IP Address field, a FQDN for the RBL in the RBL Domain field and DNS server information in the DNS Serverfield. Click Go. This diagnostic tool allows you to test spam sources for adding to your Spam filter on the Security Services > RBL Filter page.
The Reverse Name Resolution tool is similar to the DNS name lookup tool, except that it looks up a server name, given an IP address.
Enter an IP address in the Reverse Lookup the IP Address field, and it checks all DNS servers configured for your security appliance to resolve the IP address into a server name.
Trace Route is a diagnostic utility to assist in diagnosing and troubleshooting router connections on the Internet. By using Internet Connect Message Protocol (ICMP) echo packets similar to Ping packets, Trace Route can test interconnectivity with routers and other hosts that are farther and farther along the network path until the connection fails or until the remote host responds.
Type the IP address or domain name of the destination host. For example, type yahoo.com and click Go.
A second window is displayed with each hop to the destination host.
By following the route, you can diagnose where the connection fails between the SonicWALL security appliance and the destination.