Server Not Responding Error in CFS 3.0 (Content Filter Service)
03/26/2020 112 15004
The SonicWall checks CFS server status by probing the following CFS servers on UDP Port 2257:
webcfs0x.global.SonicWall.com : x has to be replaced with the CFS server.
The CFS Server used on your SonicWall may vary based on firmware and appliance. To find out which CFS Servers your SonicWall is using, please download the Tech Support Report (TSR) and search for "--SonicWALL CFS Configuration--" or "CFS Filter". The CFS Server will be listed next to "Server Address" and "Secondary Server Address".
At any given instance the IP addresses of two of the above servers can be checked in the following section of the Tech Support Report (TSR):
The error Server Not Responding occurs when the SonicWall is unable to contact any of the above SonicWall CFS Servers.
This article lists the troubleshooting steps to address this issue.
CFS is license based. If a CFS license has been obtained, make sure CFS is being shown as licensed under System | Licenses. If not, synchronize licenses with SonicWall License Manager in the System | Licenses page.
Navigate to System | Diagnostics | Select Check Network Settings under Diagnostic Tool.
Click all the Test buttons.
If Default Gateway is not responding you have to troubleshoot your Internet Connection.
If DNS Server is not responding, please use another one.
If the security management tests fail, check that DNS can resolve the names.
Navigate to System | Diagnostics | DNS Name Lookup. Try to resolve webcfs00.global.SonicWall.com, webcfs01.global.SonicWall.com, webcfs02.global.SonicWall.com, and webcfs03.global.SonicWall.com. If unable to resolve the CFS server names, change DNS servers under Network | DNS.
Navigate to Security Services | Content Filter and enable the CFS Server Failover option WebCFS Server Failover Provides the ability to enable WebCFS server failover, allowing a SonicWall security appliance to contact another server for URL rating information if the local server is unavailable. This ensures performance continuity for Web navigation and Web content filtering functionality.
NOTE: This option is not available on newer firmware (CFS4.0) as it's enabled by default.
If the troubleshooting steps above didn't help, please follow the steps below:
Make sure UDP Port 2257 is not being blocked either in the SonicWall (WAN to WAN access rules) or by an upstream router (ISP). A Packet Capture under System | Packet Monitor for Ether type: IP, IP type: UDP, and Destination Port: 2257 will show if these packets are being sent, and if a response is being received.
NOTE: You will need to check the option "Monitor Firewall Generated Packets" in the "Advanced Monitor Filter" tab.
Make sure the Load Balancing is enabled under Network | Failover & LB, even if you are using only a WAN interface.
Make sure the IP addresses of webcfs0x.global.SonicWall.com is not being blocked either in the SonicWall or by an upstream router.