How to configure Network Monitor probing through a specific path?

05/02/2023 211 People found this article helpful 491,857 Views

Description

This article explains how to configure Network Monitor probe to go through a specific path. This is a useful feature when we configure redundant routes using network probes by default when network probe is configured to probe a target IP with either ICMP or TCP it would use the firewall default route or custom route to reach that destination.

Consider this scenario.

Firewall X0 192.168.168.168 (LAN)

Firewall X1 12.13.14.15 (WAN) -Primary

Firewall X2 21.22.23.24 (WAN)

Failover and load balancing is configured and X1 is primary and X2 is secondary WAN connection. When you configure network probe under Network | Network Monitor for ICMP target google.com, it will always succeed. The reason is that it would use the default route of firewall to reach the destination. When X1 is primary it will probe it through X1 and when it fails, X2 would take over and firewall default route would change to X2 and probe will succeed through X2. This is the default behavior.

But it is not useful in cases where we want to configure a network monitor probe to be used in route which should activate only when primary the WAN goes down.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

There is an option for both ICMP and TCP as ICMP-Explicit route and TCP-Explicit route under network monitoring which when selected can send the probe through the path specified independent of the firewall routing policies.

Click Network in the top navigation menu.
Click Network monitor on the left menu under the System category.
Click ADD on the top right.

Once ICMP-Explicit route or TCP -Explicit route is selected, there will options to select next hop and the outbound interface as can be seen from the screenshot above.
This will be independent on the firewall routing policies and would probe the destination with the path specified.

NOTE:Same can be done with TCP probes.
Now these probes can be selected in static routes to disable the route when probe succeeds or to enable route when the probe succeeds.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

There is an option for both ICMP and TCP as ICMP-Explicit route and TCP-Explicit route under network monitoring which when selected can send the probe through the path specified independent of the firewall routing policies.

Click Investigate in the top navigation menu.
Click Network Probe.
ADD new Policy.

Once ICMP-Explicit route or TCP -Explicit route is selected, there will options to select next hop and the outbound interface as can be seen from the screenshot above.
This will be independent on the firewall routing policies and would probe the destination with the path specified.

NOTE:Same can be done with TCP probes.
Now these probes can be selected in static routes to disable the route when probe succeeds or to enable route when the probe succeeds.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

There is an option for both ICMP and TCP as ICMP-Explicit route and TCP-Explicit route under network monitoring which when selected can send the probe through the path specified independent of the firewall routing policies.

Once ICMP-Explicit route or TCP -Explicit route is selected, there will options to select next hop and the outbound interface as can be seen from the screenshot above.
This will be independent on the firewall routing policies and would probe the destination with the path specified.