Monitor connections on the SonicWall firewall

Description

Each different model of SonicWall firewall family can support different maximum number for network connections, while this number may also be affected when enabling certain functions on the firewall. One thing should be noted. Once the current number of connections for the firewall reaches or gets close to the maximum number, the system will keep too busy to reboot automatically. Thereby, select a firewall model with suitable capability for processing the network connections is vitally important.  However, this article does not discuss how to select a firewall but about how to monitor the network connections to troubleshoot unexpected number of network connections.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Check the maximum connections of your firewall.

  • Navigate to Home at the top of the page.
  • Navigate to Dashboard | System | Device at System Information area displays the maximum number of network connections the SonicWall security appliance can support, the peak number of concurrent connections and the current number of connections.

Image

Functions Options may affect the maximum connections that your firewall can process.

  • Click the question icon besides the Max (Max: 375000) number of connections. A table will be displayed, which shows you how the maximum connection number of your appliance is determined.

Image

According to the table, besides the model of your firewall, the maximum connection number is also determined by function AppFlow, External Collector and Packet Inspection service. In this case, function AppFlow is enabled, External Collector is disabled and DPI Connections is selected, so the maximum connections is 375000.

  • Click Visualization, UI will redirect to Device | Flow Reporting | AppFlow . Function AppFlow and External Collector can be configured in this page.
  • Click button Maximum Connections,  UI will redirect to Network | Firewall | Advanced . Options for packet inspection service can be selected in this page.
     NOTE: There is a trade-off between function option selection and the number of maximum connections. For example, in this case, change the inspection service from DPI Connections to Maximum DPI Connections will increase the maximum connections while reduce the performance of security services protection.


Monitor and flush the connections by tool Connection Monitor.

Sometimes, if you are aware the current number of connections is abnormal, you can use SonicWall firewall tool Connection Monitor to diagnose.

  • Navigate to Monitor option at the top of the page.
  • Navigate to Tools & Monitors| Connections all active connections to the SonicWall security appliance will be displayed.

Image

  • You can filter the results to display only connections matching certain criteria (Source IP, Destination IP, Destination Port, Src Interface, Dst Interface, Protocol and Flow Type).

Image

  • You can export all filtered result to a file for further analysis or Flush All filtered entries.
  • Click Export button. The result can be exported to a plain text file, or a comma-separated-value (CSV) file.  

 NOTE: Flush the connections may cease unexpected connections but it may also generate the same number re-sync packets, which means if you intend to flush thousands of TCP entries, the CPU  of the firewall may have to deal with thousands of sync packets later.

Image

Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Check the maximum connections of your firewall.

  • Navigate to Monitor at the top of the page.
  • Navigate to Current Status | System Status, line Connections at System Information area displays the maximum number of network connections the SonicWall security appliance can support, the peak number of concurrent connections and the current number of connections.
     Image

Functions Options may affect the maximum connections that your firewall can process.

  • Click the question icon besides the Max (Max: 375000) number of connections. A table will be displayed, which shows you how the maximum connection number of your appliance is determined.
    Image  
    According to the table, besides the model of your firewall, the maximum connection number is also determined by function AppFlow, External Collector and Packet Inspection service. In this case, function AppFlow is enabled, External Collector is disabled and DPI Connections is selected, so the maximum connections is 375000.
  • Click Visualization, UI will redirect to Logs & Reporting | AppFlow Settings | Flow reporting. Function AppFlow and External Collector can be configured in this page.
  • Click button Maximum Connections,  UI will redirect to Security Configuration | Firewall Settings | Advanced Settings . Options for packet inspection service can be selected in this page.
    NOTE: There is a trade-off between function option selection and the number of maximum connections. For example, in this case, change the inspection service from DPI Connections to Maximum DPI Connections will increase the maximum connections while reduce the performance of security services protection.

   

Monitor and flush the connections by tool Connection Monitor.

Sometimes, if you are aware the current number of connections is abnormal, you can use SonicWall firewall tool Connection Monitor to diagnose.

  • Navigate to Investigate option at the top of the page.
  • Navigate to Logs | Connection Logs ; all active connections to the SonicWall security appliance will be displayed.Image
  • You can filter the results to display only connections matching certain criteria (Source IP, Destination IP, Destination Port, Src Interface, Dst Interface, Protocol and Flow Type).
      Image
  • You can export all filtered result to a file for further analysis or Flush All filtered entries.Image
  • Click Export Results button at page Connections Monitor. The result can be exported to a plain text file, or a comma-separated-value (CSV) file.  Image
  • Click the X button to flush the connections.

    NOTE: Flush the connections may cease unexpected connections but it may also generate the same number re-sync packets, which means if you intend to flush thousands of TCP entries, the CPU  of the firewall may have to deal with thousands of sync packets later.

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
Firewall Management
Firewalls
SonicWall NSA Series
Firewall Management UI
Firewalls
SonicWall SuperMassive 9000 Series
Firewall Management UI
Firewalls
TZ Series
Firewall Management UI
not finding your answers?
Ask the Community