Troubleshooting blocked/dropped ports on Sonicwall firewalls

firewall troubleshooting sonicwall
251

According to SonicWALL's Log Event Reference Guide, the UTM only logs up to 32k and then flush the logs.

Log Persistence

SonicOS currently allocates 32K to a rolling log buffer. When the log becomes full, it can be emailed to a defined recipient and flushed, or it can simply be flushed. Emailing provides a simple version of logging persistence, while GMS provides a more reliable and scalable method. By offering the administrator the option to deliver logs as either plain-text or HTML, the administrator has an easy method to review and replay events logged.

So, If you wan't to gather enough data to troubleshoot blocked/dropped ports issues you will need to setup either a GMS/Analyzer (Which displays lots of information in a graphical console), or your favorite syslog daemon in a server.

The procedure to enable a syslog server is the same as adding an GMS/Analyzer appliance: https://support.software.dell.com/kb/sw10097

Update:

To get that level of detail with SonicWALL, you definitely will have to deploy a Syslog server. If you don't want to see anything else besides dropped/blocked packets reports, make sure to go to Log > Categories and uncheck all the fields except Network Access.

To have an idea of what kind of information you can expect to find in your syslog server, take a look at this filter:

enter image description here

Share:
251
safex
Author by

safex

Updated on September 18, 2022

Comments

  • safex
    safex over 1 year

    This post shows how to filter a panda dataframe for length of strings in a column. I am looking for a solution that implements this using query().

    df = pd.DataFrame({'A': ['aa','bbb','aaaaa']})
#df.query("len(A) >2")

    should drop the first row.

    • SpacemanSpiff
      SpacemanSpiff over 9 years
      What version of SonicOS? There are built-in graphs and reporting to show this.
    • Alex
      Alex over 9 years
      SonicOS Enhanced 6.1.1.7-24n--CFS-3n
  • Alex
    Alex over 9 years
    Hi Gabriel, I have mentioned trying Analyzer in the question text. The problem is, I do not see where in Analyzer shows blocked ports. I found blocked sites and blocked intrusion attempts but not blocked (dropped) ports.
  • Alex
    Alex over 9 years
    @Gabrial, which report in the analyzer shows the dropped packets/sessions, either due to policy or other?
  • Alex
    Alex over 9 years
    Apologies @Gabriel, name misspelled
  • Gabriel Talavera
    Gabriel Talavera over 9 years
    @Alex, try going to Analyzers > Log Analyzer and find a filter that suits your need, it's very limited though.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Sonicwall resetting connections (For no apparent reason)
Global VPN Client Can't Acquire IP Address
Handshake violation when trying to access one website
sonicwall-multiple IP's for same interface
Firewall has begun dropping SSH response
Advice for configuring a SonicWALL NSA 2400 to use two subnets and L2 Bridge Mode
Connect from one LAN to another LAN through SonicWALL
Configure multiple lan interfaces for same subnet on sonicwall
How can I setup a Firewall without NAT?
How to configure remote access to multiple subnets behind a SonicWALL NSA 2400