How can I get internet connection status from TZ470?
Best Answers
-
Jaime SonicWall Employee
I think there are probably better methods of determining WAN connectivity or link status that may be more reliable or polished as a product. Some examples are:
- Using the built-in logs and email alerting (if you have an internal email server that can alert you to a down interface).
- Using SNMP or NetFlow/IPFIX collectors. These utilities usually have some level of reporting and alerting. These often include other forms of monitoring such as ICMP, TCP, etc.
- Using the built-in Network Monitor Probes feature can also report connectivity issues (again, alerts would require an accessible email server or watching logs).
- Syslog servers may be able to provide some kind of alerting/reporting for certain events.
That's just what I can think of right off the top of my head. But to answer your question specifically, you can use SonicOS API to get the link status.
The general steps:
- Authenticate to SonicOS API (POST to /api/sonicos/auth).
- Get the IPv4 interface status of all interfaces (GET to /api/sonicos/reporting/interfaces/ipv4/status). This will return JSON data with the interface information, including link status.
- Alternatively, you can get the status of a specific interface by name (GET to /api/sonicos/reporting/interfaces/ipv4/status/name/X1)
- If getting the status of all interfaces, you can loop through the entries in the returned JSON data to return just the name and link status if that's all you're looking for.
The response JSON will look like this (note there are differences in the response between the two endpoints provided above):
[ ... { "name": "X1", "zone": "WAN", "type": "Wire", "ip_mode": "DHCP", "ip_address": "111.222.111.222", "subnet_mask": "255.255.255.0", "connected": null, "status": "1 Gbps Full Duplex", "link_settings": "Auto Negotiate", "link_isgigabit": 1000, "link_ability_bmp_low": 3590324271, "link_ability_bmp_high": 0, "group": " Default LB Group", "enabled": true, "configurable": true, "deletable": false, "comment": "Default WAN" }, ... ]
Hope this helps!
0 -
Jaime SonicWall Employee
Is it possible to get the interface X1 status from the router without logging in from a system connected on the LAN side? Or I always have to login with a username and password?
As ARKWRIGHT mentioned, yes, you will always need to log in to get information from the firewall. How you login depends on the method you use to get information from it. Perhaps you do this programmatically and store credentials locally, or you maybe manually log in and check it.
I have a standalone system that uses the router for internet access, I have no email servers or monitoring.
Also, is it possible to setup the sonicwall such that it can notify of a status change to a system on the LAN side?
Given this is a standalone host with no method of receiving a notification such as an email service, syslog service, SNMP service, etc., you will either have to trigger the check yourself (run a script that fetches the information you want via SonicOS API) or use scheduling/cron to automatically run a script that checks and somehow reports it back to you.
Ultimately, as I mentioned earlier, you will want to look at running some sort of service(s) that can provide the notification you're looking for.
0
Answers
From experience its rarely a physical interface that change of the WAN if there is an internet outage.
Thank you this helps. I have a standalone system that uses the router for internet access, no email servers or monitoring. Accessing the router through API is what I know of. I will look into the other methods you mentioned.
Is it possible to get the interface X1 status from the router without logging in from a system connected on the LAN side? Or I always have to login with a username and password? I have a standalone system that uses the router for internet access, I have no email servers or monitoring.
Also, is it possible to setup the sonicwall such that it can notify of a status change to a system on the LAN side?
If you want to ask the firewall the state of the connection, then yes, you will always have to authenticate one way or another.
If you want the firewall to push a message to you instead…
Configure Failover & LB to probe something reliable on the internet [eg pinging 8.8.4.4]. Configure the logging category for this to send traps or syslogs
Log > Settings > Network > Failover & Load Balancing
You will then get a syslog message when something happens.
Just to be clear…when you say "the router" are you referring to the Sonicwall? Or an upstream router?
Yes, I mean the Sonicwall firewall/router.
Maybe also worth mentioning the FLB member status API endpoint in case you want to monitor multiple WAN lines. (Note the space character before "Default LB Group")
https://{{firewall_fqdn}}/api/sonicos/reporting/failover-lb/status/members/name/ Default LB Group
{
"group_name": " Default LB Group",
"member_name": "X1",
"link_status": "Link Down",
"lb_status": "Failover",
"probe_status": "Logical - Only main target is required ",
"main_target_status": "Target Unavailable",
"alternate_target_status": "Not required",
"group_name": " Default LB Group",
"member_name": "X6",
"link_status": "Link Up",
"lb_status": "Available",
"probe_status": "Logical - Only main target is required ",
"main_target_status": "Default Target Alive",
"alternate_target_status": "Not required",
"group_name": " Default LB Group",
"member_name": "U0",
"link_status": "Link Down",
"lb_status": "Failover",
"probe_status": "Logical - Only main target is required ",
"main_target_status": "Target Unavailable",
"alternate_target_status": "Not required"
}