SonicOS Core0 Principles and Common Configurations

03/26/2020 201 People found this article helpful 483,923 Views

Description

Help in Identification of configuration and/or events that lead to issues on the Control Plane (AKA Core 0).

Resolution

These Issues individually can slightly impact the SonicWall's performance. Core 0 is a major component of SonicWall processing.

Issue 1: App Control Advance Log Redundancy
The default Log Redundancy setting for almost all firmware versions, expect for the latest (6.2.3 and 6.2.4), is set to zero. This will heavily impact logging on the SonicWall when all Categories have logging enabled.

Resolution:
Edits of log redundancy filter intervals should only be done on the Log | Settings | Firewall | Application Control screen since doing it in the main App Control Advanced area changes it for both UI and syslog. Suggested values:

Display Events in Log Monitor: 120 seconds

Issue 2: IKE negotiations
Site-to-Site VPNs with mismatched network proposals are going to have an effect like a UDP DoS attack.

Resolution:

Fix any issues with the tunnels
Reduce the logging level for "VPN IKEv2" and "VPN IKEVPN"
Disable any unused VPNs

Issue 3: Logging
SonicWall generating high volumes of Logs

Resolution:

Enable the checkbox “Main Log Process Reschedule Interval” on diag.html page. Leave the value of the related “Log Entries” setting at 100.
Configure logging to remove items that are not needed

Issue 4: AppFlow to Local Collector
AppFlow to Local Collector, which is the SonicWall itself, can cause Core 0 to Spike when under a load.

Resolution:

Disable it while troubleshooting Core 0 issues.
If app flow data is really needed send to an appflow/netflow collector.
Unless this feature is mission critical, turn it off and use it only when needed.

Issue 5: FQDN address Objects And WildcarD FQDN address Objects
FQDN Address Objects can cause major issues especially when the DNS lookup fails for the object. Wildcard FQDN address objects like *.google.com can cause issues due to the amount of DNS entries that will be returned on the DNS lookup.

Resolution:

Ensure the SonicWall can resolve the FQDN object
Delete any Unused FQDN address Objects
Limit the amount of Wildcard FQDN address Objects or do not use them at all

Issue 6: Log Name Resolution
This setting is located under Log > Name Resolution. The issue is when it the DNS addresses located here are public DNS servers. This name resolution would then try to go out to those Public DNS servers for every single log to resolve its name.

Resolution:

Use only Internal DNS servers
Change to DNS only

Issue 7: Single Sign-On Probing
Single Sign-On can become an issue when a large amount of IP addresses are not being identified or do not require SSO.

Resolution:

Add all IP addresses and Subnets that do not require SSO to the SSO Bypass Group
Ensure all SSO configurations are correct.
Ensure the Server hosting the SSO software can handle all the lookups.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

SonicOS Core0 Principles and Common Configurations

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch