System/Diagnostics.htm

The System > Diagnostics page provides several diagnostic tools which help troubleshoot network problems as well as Active Connections, CPU and Process Monitors.

Tech Support Report

The Tech Support Report generates a detailed report of the SonicWALL security appliance configuration and status, and saves it to the local hard disk using the Download Report button. This file can then be e-mailed to SonicWALL Technical Support to help assist with a problem.

Before e-mailing the Tech Support Report to the SonicWALL Technical Support team, complete a Tech Support Request Form at <https://www.mysonicwall.com>. After the form is submitted, a unique case number is returned. Include this case number in all correspondence, as it allows SonicWALL Technical Support to provide you with better service.

Generating a Tech Support Report

In the Tech Support Report section, select any of the following four report options:

VPN Keys - saves shared secrets, encryption, and authentication keys to the report.

ARP Cache - saves a table relating IP addresses to the corresponding MAC or physical addresses.

DHCP Bindings - saves entries from the SonicWALL security appliance DHCP server.

IKE Info - saves current information about active IKE configurations.

Click Download Report to save the file to your system. When you click Download Report, a warning message is displayed.

Click OK to save the file. Attach the report to your Tech Support Request e-mail.

Diagnostic Tools

You select the diagnostic tool from the Diagnostic Tools menu in the Diagnostic Tool section of the System > Diagnostics page. The following diagnostic tools are available:

Active Connections Monitor

The Active Connections Monitor displays real-time, exportable (plain text or CSV), filterable views of all connections to and through the SonicWALL security appliance. Click on a column heading to sort by that column.

Active Connections Monitor Settings

You can filter the results to display only connections matching certain criteria. You can filter by Source IP, Destination IP, Destination Port, Protocol, Src Interface, and Dst Interface. Enter your filter criteria in the Active Connections Monitor Settings table.

The fields you enter values into are combined into a search string with a logical AND. For example, if you enter values for Source IP and Destination IP, the search string will look for connections matching:

Check the Group box next to any two or more criteria to combine them with a logical OR. For example, if you enter values for Source IP, Destination IP, and Protocol, and check Group next to Source IP and Destination IP, the search string will look for connections matching:

Click Apply Filter to apply the filter immediately to the Active Connections Monitor table. Click Reset Filters to clear the filter and display the unfiltered results again.

You can export the list of active connections to a file. Click Export Results, and select if you want the results exported to a plain text file, or a Comma Separated Value (CSV) file for importing to a spreadsheet, reporting tool, or database. If you are prompted to Open or Save the file, select Save. Then enter a filename and path and click OK.

CPU Monitor

The CPU Monitor diagnostic tool shows real-time CPU utilization in second, minute, hour, and day intervals (historical data does not persist across reboots).

Note: High CPU utilization is normal during Web-management page rendering, and while saving preferences to flash. Utilization by these tasks is an indication that available resources are being efficiently used rather than sitting idle. Traffic handling and other critical, performance-oriented and system tasks are always prioritized by the scheduler, and never experience starvation.

DNS Name Lookup

The SonicWALL security appliance has a DNS lookup tool that returns the IP address of a domain name. Or, if you enter an IP address, it returns the domain name for that address.

Enter the host name or IP address in the Look up name field. Do not add http to the host name.

The SonicWALL security appliance queries the DNS Server and displays the result in the Result section. It also displays the IP address of the DNS Server used to perform the query.

The DNS Name Lookup section also displays the IP addresses of the DNS Servers configured on the SonicWALL security appliance. If there is no IP address or IP addresses in the DNS Server fields, you must configure them on the Network > Settings page.

Find Network Path

Find Network Path indicates if an IP host is located on the LAN or WAN ports. This can diagnose a network configuration problem on the SonicWALL security appliance. For example, if the SonicWALL security appliance indicates that a computer on the Internet is located on the LAN, then the network or Intranet settings may be misconfigured.

Find Network Path can be used to determine if a target device is located behind a network router and the Ethernet address of the target device. It also displays the gateway the device is using and helps isolate configuration problems.

Packet Trace

The Packet Trace tool tracks the status of a communications stream as it moves from source to destination. This is a useful tool to determine if a communications stream is being stopped at the SonicWALL security appliance, or is lost on the Internet.

To interpret this tool, it is necessary to understand the three-way handshake that occurs for every TCP connection. The following displays a typical three-way handshake initiated by a host on the SonicWALL security appliance LAN to a remote host on the WAN.

TCP received on LAN [SYN]

From 192.168.168.158 / 1282 (00:a0:4b:05:96:4a)

To 204.71.200.74 / 80 (02:00:cf:58:d3:6a)

TCP sent on WAN [SYN]

From 207.88.211.116 / 1937 (00:40:10:0c:01:4e)

To 204.71.200.74 / 80 (02:00:cf:58:d3:6a)

TCP received on WAN [SYN,ACK]

From 204.71.200.74 / 80 (02:00:cf:58:d3:6a)

To 207.88.211.116 / 1937 (00:40:10:0c:01:4e)

TCP sent on LAN [SYN,ACK]

From 204.71.200.74 / 80 (02:00:cf:58:d3:6a)

To 192.168.168.158 / 1282 (00:a0:4b:05:96:4a)

TCP received on LAN [ACK]

From 192.168.168.158 / 1282 (00:a0:4b:05:96:4a)

To 204.71.200.74 / 80 (02:00:cf:58:d3:6a)

TCP sent on WAN [ACK]

From 207.88.211.116 / 1937 (00:40:10:0c:01:4e

To 204.71.200.74 / 80 (02:00:cf:58:d3:6a)

The SonicWALL security appliance forwards the client ACK to the remote host and waits for the data transfer to begin.

When using packet traces to isolate network connectivity problems, look for the location where the three-way handshake is breaking down. This helps to determine if the problem resides with the SonicWALL security appliance configuration, or if there is a problem on the Internet.

Tip: Packet Trace requires an IP address. The SonicWALL security appliance DNS Name Lookup tool can be used to find the IP address of a host.

Enter the IP address of the remote host in the Trace on IP address field, and click Start. You must enter an IP address in the Trace on IP address field; do not enter a host name, such as "www.yahoo.com". The Trace is off turns from red to green with Trace Active displayed.

Contact the remote host using an IP application such as Web, FTP, or Telnet.

Click Refresh and the packet trace information is displayed.

Click Stop to terminate the packet trace, and Reset to clear the results.

The Captured Packets table displays the packet number and the content of the packet, for instance, ARP Request send on WAN 42 bytes.

Select a packet in the Captured Packets table to display packet details. Packet details include the packet number, time, content, source of the IP address, and the IP address destination.

Ping

The Ping test bounces a packet off a machine on the Internet and returns it to the sender. This test shows if the SonicWALL security appliance is able to contact the remote host. If users on the LAN are having problems accessing services on the Internet, try pinging the DNS server, or another machine at the ISP location. If the test is unsuccessful, try pinging devices outside the ISP. If you can ping devices outside of the ISP, then the problem lies with the ISP connection.

Select Ping from the Diagnostic Tool menu.

Enter the IP address or host name of the target device and click Go.

If the test is successful, the SonicWALL security appliance returns a message saying the IP address is alive and the time to return in milliseconds (ms).

Process Monitor

Process Monitor shows individual system processes, their CPU utilization, and their system time.

Real-Time Black List Lookup

The Real-Time Black List Lookup tool allow you to test SMTP IP addresses, RBL services, or DNS servers. Enter an IP address in the IP Address field, a FQDN for the RBL in the RBL Domain field and DNS server information in the DNS Server field. Click Go.

Reverse Name Resolution

The Reverse Name Resolution tool is similar to the DNS name lookup tool, except that it looks up a server name, given an IP address.

Enter an IP address in the Reverse Lookup the IP Address field, and it checks all DNS servers configured for your security appliance to resolve the IP address into a server name.

Trace Route

Trace Route is a diagnostic utility to assist in diagnosing and troubleshooting router connections on the Internet. By using Internet Connect Message Protocol (ICMP) echo packets similar to Ping packets, Trace Route can test interconnectivity with routers and other hosts that are farther and farther along the network path until the connection fails or until the remote host responds.

Type the IP address or domain name of the destination host. For example, type yahoo.com and click Go. A second window is displayed with each hop to the destination host. By following the route, you can diagnose where the connection fails between the SonicWALL security appliance and the destination.

Web Server Monitor

The Web Server Monitor tool displays the CPU utilization of the web server over several periods of time. The time frame of the Web Server Monitor can be changed by selecting one of the following options in the View Style pulldown menu: last 30 seconds, last 30 minutes, last 24 hours, or last 30 days.