Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Firewall is Down and SonicWall Analytics is not receiving any syslogs.

Occasionally the green Firewall light comes on but the status light is always red.

We can see logs but we suspect that it is not showing us all the data. 

Are the lights telling the truth? 

I mean, is it correct that it is saying that the firewall and sonicwall connection is not working? 


Category: Firewall Management and Analytics
Reply

Best Answer

  • CORRECT ANSWER
    dpreshawdpreshaw SonicWall Employee
    Answer ✓

    Hello,

    In a syslog based Analytics system, if syslogs are not being received, the unit will show the Red status icon.

    You may notice at times, such as immediately following login to the application, the indicator is Green while the unit status is verified.

    The specific syslog message monitored for the firewall status is the Connection Closed message (ID number 537).

    This is also the syslog responsible for the reports listed under the Data Usage category.

    If you are viewing the reports under Data Usage (Timeline, Initiators/Responders, Services, etc) and there is no information listed, this can help confirm that the Connection Closed message is not being received.

    If you have already added the syslog configuration to the firewall required for Analytics reporting, you will need to check the following (this configuration is found on the Device tab under Log>Syslog>Syslog Servers):

    -On the Device panel of the firewall, under Log>Settings, first confirm the Logging Level is set to Inform


    -If this is already in place, then check the configuration for the Connection Closed message under categories Network>Network Access

    The Priority of the Connection Closed message must be set to Inform or higher and have the Syslog option enabled.

    One final check for this particular syslog message is to click the edit on the Connection Closed message and verify the setting for the Syslog Frequency Filter Interval. This should be set to 0 for proper reporting of this specific message.


    I hope this answers your concern and helps correct the status of the firewall within Analytics.

Answers

  • DataticaDatatica Newbie ✭

    Sometimes the firewall indicator is set to green but the other box is still red. What makes me doubt is that there is data that can be visualized through analytics but nevertheless the communication is always red. 


    Do you know why? 

    Should I take this into consideration?

    Also, in the SonicWal Analytics lol, it only reports this information every 10 minutes or so.

  • Martinmtz1Martinmtz1 Newbie ✭

    Good afternoon, I have a similar problem, except that I do not see information from the web activity sites. Previously, I could see them, but in the last two months this information has not been reflected.

    What could I check in these cases?

Sign In or Register to comment.