SMA (Secure Mobile Access) Appliance Management Console Troubleshooting: Part 4
03/26/2020 10 People found this article helpful 485,305 Views
Description
SMA (Secure Mobile Access) Appliance Management Console Troubleshooting: Part 4
This provides general troubleshooting instructions and discusses the troubleshooting tools available in the Appliance Management Console (AMC). Failure in core networking services (such as DHCP, DNS, or WINS) will cause unpredictable failures.
The User Sessions page in AMC can be used to monitor, troubleshoot or terminate sessions on your appliance or HA pair of appliances. You can sort through the summary of session details and, if needed, display details on how a device was classified, and why. About 24 hours worth of data is kept; even items that have been deleted or modified are displayed. See Viewing User Access and Policy Details in the SMA 11.3 Administration Guide.
SMA (Secure Mobile Access) Appliance Management Console Troubleshooting: Part 4
Topics in Part 4 will cover:
- Troubleshooting Tools in AMC
Resolution
Troubleshooting Tools in AMC
You can monitor, troubleshoot or terminate sessions on your appliance, filtering them by user name, realm (authentication server), community, access agent, traffic load, and so on and then get a quick summary of particular sessions. Several basic network tools are also available, including ping, traceroute, DNS lookup, a routing table viewer, and a way to capture and filter network traces for backend connectivity troubleshooting.
Using DNS Lookup
You can use AMC's Lookup tool to determine how DNS is resolving an IP address or a host name. This tool is useful for troubleshooting various DNS problems (for example, it can determine whether your DNS server is running).
Use a fully qualified domain name or an IP address to specify a host in the Lookup tool. However, you can type a non-qualified host name as long as you have defined one or more default search domains on the Configure Name Resolution page (available from the Network Settings page in AMC). For details on name resolution, see Configuring Name Resolution in the Administration Guide.
To determine how DNS is resolving an IP address or host name
- From the main navigation menu, click Troubleshooting.
- Click the Lookup tab.
- In the Address box, type the IP address or host name of the machine against which you want to issue the command.
- Click Go.
Viewing the Current Routing Table
You can view the current routing table from within AMC.
To view the current routing table
- From the main navigation menu, click Troubleshooting.
- Click the Routes tab.
- Click Go. The routing table is displayed.
Capturing Network Traffic
This network traffic utility, which is based on tcpdump, allows you to capture a packet-by-packet list of the data going in and out of the appliance. If you are new to troubleshooting, you can use this utility to generate a file of network traffic data that can be sent to Technical Support for troubleshooting network issues. If you are familiar with troubleshooting and reading trace files, you can analyze the traffic using a network protocol analyzer, such as Wireshark.
Capturing all network traffic on your appliance can quickly result in files that are too unwieldy to analyze. Where possible, use filters to restrict the traffic to issues you are troubleshooting.
The following sample procedure demonstrates how to filter by host and port (in this example, an Exchange server and Web traffic).
To filter and capture network traffic to a file on the appliance
- From the main navigation menu, click Troubleshooting.
- Click the Network Traffic tab.
- To restrict the capture to traffic coming from or going to your Exchange server, enter the server's full qualified domain name or IPv4 or IPv6 address in the These hosts text box. For example: exchange.mycompany.com.
- To make sure that you are capturing only the HTTP traffic, select Web (HTTP or HTTP/S) from the Common ports list; only traffic to and from the HTTP and HTTPS ports (80, 443, 8080, and 8443) will be captured.
- Click Start to begin capturing traffic. The size limit for a single capture is 500 MB of raw data; when the size of a capture file reaches 100 MB, it "rolls over " into a separate file (large files are difficult to process with packet analysis tools such as Wireshark). If the total size of a single capture reaches 500 MB (five files of 100 MB each), the capture automatically stops. During a capture, the Size column indicates how close you are to the limit.
- Click Stop to stop capturing traffic. The capture file is a .zip file that is stored on the appliance and listed here. (The figure in the Size column indicates how much room the file is using on the appliance; this is the size of the compressed .zip file, not the raw data.) The maximum number of files you can store is ten; as more capture files are added, the oldest ones are dropped from the list.
- To download captured data, click the button corresponding to the file you want to analyze or send to Technical Support, and then click Download. Each capture file is a .zip file containing the captured network traffic (for example, eth0.cap) and a readme text file outlining what filters were used, if any, and when the data was captured.
Comment: Internal interface, hosts: exchange.mycompany.com, selected ports
Internal interface (eth0): enabled
External interface (eth1): disabled
Protocol:
Hosts: exchange.mycompany.com
Ports: 80,443, 8080, 8443
Start time: Wed Aug 15 2007 17:56:52 GMT
Stop time: Wed Aug 15 2007 17:58:31 GMT
NOTE: Captured network traffic is not encrypted and may contain passwords and other sensitive information. If you have security concerns about storing a downloaded capture or sending it over an unsecured Internet connection, use Snapshot Tool in AMC instead. You can make a partial snapshot that includes only network captures, and then choose to encrypt the results. See Snapshot Tool on page 586 for more information.
You can capture network traffic on either of the appliances in a high-availability pair (the master node or the slave node).
Logging Tools for Network Tunnel Clients
To capture a session during which a user is running either of the network tunnel clients, have users follow these steps and email you the results. The Windows procedure differs from the one for Macintosh and Linux users.
To run ngutil on a Windows client computer
- Go to a command prompt: Click Start > Run, and then type cmd in the Open box; if you are using Windows Vista, Click Start, and then type cmd in the Start Search box.
- At the command prompt, clear the event log and set the severity level by typing the following command:
ngutil -reset -severity=debug - Start the network tunnel client and perform any actions the system administrator wants captured in the log.
- At the command prompt, type ngutil > log.txt to write the buffered log messages to a file named log.txt in the current directory.
- Send the log.txt file to the administrator.
- Alternatively, you can run ngutil -poll to see real-time logging on the client computer. (Press Ctrl-C to stop logging.)
NOTE: You can also have users type the ngutil -tail=1000>client-log.txt command; this sends the most recent 1000 lines in the client log to a file named client-log.txt in plain text.
For more information on the syntax for the ngutil command, type ngutil -help at the command prompt.
To save session information on a client computer (Macintosh or Linux)
- Start the network tunnel client and perform any actions the system administrator wants captured in the log.
- On the client device, locate the files AvConnect.log and AvConnectUI.log and send them to the administrator.
Ping Command
Use the ping command to verify a network connection. When you issue the ping command, it sends an ICMP ECHO_REQUEST packet to a target host and waits to see if the host answers.
To issue a ping command
- From the main navigation menu, click Troubleshooting.
- In the Address box on the Ping page, type the IPv4 or IPv6 address or host name of the machine you want to ping.
- Click Go. AMC issues the ping command. After about five seconds, the results appear in the large box at the bottom of the page. If the ping command cannot reach the host, it returns results resembling the following:
Traceroute Command
Use the traceroute command to see the sequence of gateways through which an IP packet travels to reach its destination. This can help you find a network failure point.
To issue a traceroute
- From the main navigation menu, click Troubleshooting.
- In the Address box on the Ping page, type the IP address or host name of the machine against which you want to issue the traceroute command.
- Select the Use traceroute check box.
- Click Go. Traceroute returns a list of hosts, starting with the first gateway and ending with the destination.
Snapshot Tool
A "snapshot " of your configuration can help Technical Support or other IT professionals diagnose any problems you are having with the appliance. This file, especially if it includes core dump files, can be quite large (the File Download dialog box in the final step will tell you how large).
To save a configuration snapshot
- From the main navigation menu, click Troubleshooting.
- Click the Snapshot tab.
- Select a full or partial snapshot.
- Specify whether you will include all system logs, or just the four most recent ones.
- Click Save snapshot. The files are saved in a zip archive named snapshot.tgz.
- If you plan to send the file to Technical Support, you should select Encrypt file to keep sensitive information secure. Technical Support will need the password you assigned to this archive so that they can decrypt the file. Make sure you send it in such a way that it meets your internal security requirements (over the phone or by secure email, for example).
- Click the Download link to save the compressed file locally.
Using CEM Extensions
Technical Support may ask you to use Secure Mobile Access Configuration Extension Mechanism (CEM) advanced URL extensions.
These CEM extensions are used to access advanced AMC pages and should only be used when instructed to do so by Technical Support. For additional information, see Knowledge Base article at: https://support.sonicwall.com/sonicwall-e-class-sra-series/kb/sw10061
CEM Advanced Features
The Configuration Extension Mechanism (CEM) is a generic mechanism to allow simple configuration to be done for features that appear in maintenance releases or hotfixes. The CEM page allows the configuration of arbitrary key-value pairs for enabling advanced functionality. These key-value pairs are read from the extension config file by each service that has a patch generated for it (custom drop, hotfix, or maintenance release).
Advanced features should be used only under Support supervision. Please contact Support for additional instructions at:
Contact Support page at https://support.sonicwall.com/sonicwall-e-class-sra-series/ kb?k=Configuration+Extension Mechanism
Contact Support page at https://support.sonicwall.com/sonicwall-e-class-sra-series/ex9000
Related Articles
Categories