MSS FW Best Practices: 21 Diagnostics

12/10/2024 0 People found this article helpful 9,028 Views

Description

CAUTION: These documents are intended to provide partners with firewall configuration recommendations ONLY. They contain examples and caution should be exercised when making changes to your firewall as unplanned changed could result in downtime based on the complexity of the environment and/or configuration.

MSS Recomended SonicWall Firewall Best Practices Index

Packet Capture

The Packet Monitor Feature on the SonicWall is one of the most powerful and useful tools for troubleshooting a wide variety of issues. Any Packets which pass through the SonicWall can be viewed, examined, and even exported to tools like Wireshark.

For instructions on how to enable, configure, and use the Packet Capture, see: How can I setup and utilize the Packet Monitor feature for troubleshooting? | SonicWall

Please see below for some recommendations & best practices:

Setting Up a Packet Monitor

When performing a new Packet Monitor it's recommended to click the Monitor Default button, this will restore the Packet Monitor to a default state and prevent accidental misconfiguration.

Monitor Filter

Regarding the checkboxes for Forwarded/Consumed/Dropped Packets on the Monitor Filter, these will force the Packet Monitor to collect only traffic which matches those options. By default, these are unchecked, meaning the SonicWall will capture all traffic regardless of Status. This is recommended for most captures. The Monitor Filter impacts only the Captured Packets, so anything configured here will be collected via the Packet Monitor. It is possible to configure the Display Filter to narrow down what is shown on the Packet Monitor Tool, which will be detailed below.
For most Packet Monitor Configurations Ether Type, IP Type, and some combination of Source/Destination IP Address/Port are all that is required. It's recommended to keep the Capture as open as possible without including undesired traffic so as to avoid missing any packets which may contribute to troubleshooting an issue. In some situations, it's helpful to see Ingress/Egress NAT Policies that are being applied to packets. To do so, capture by ONLY Source IP to see the Ingress NATs or capture ONLY by the Destination IP to see Egress NATs.

Display Filter

For most captures it is advised to leave the Display Filter in a default state initially. If you have trouble interpreting the initial Monitor Filter results, then the Display Filter can be of use. Configuring the Display Filter incorrectly can negatively impact the usefulness of the Packet Monitor tool.

Captured Packets, Packet Details, and Hex Dump

Packets that are displayed in Red are being dropped by the SonicWall, look at the Packet Details to find out why.
Examining the Hex Dump for troubleshooting issues relating to LDAP, FTP, and other unencrypted traffic flows can be an excellent way to spot configuration and user errors.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

MSS FW Best Practices: 21 Diagnostics

Description

Packet Capture

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch