SonicOS Core0 Principles and Common Configurations

03/26/2020 124 People found this article helpful 195,500 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

Help in Identification of configuration and/or events that lead to issues on the Control Plane (AKA Core 0).

Resolution

These Issues individually can slightly impact the SonicWall's performance. Core 0 is a major component of SonicWall processing.

Issue 1:  App Control Advance Log Redundancy
    The default Log Redundancy setting for almost all firmware versions, expect for the latest (6.2.3 and 6.2.4), is set to zero. This will heavily impact logging on the SonicWall when all Categories have logging enabled.

Resolution:
Edits of log redundancy filter intervals should only be done on the Log | Settings | Firewall | Application Control screen since doing it in the main App Control Advanced area changes it for both UI and syslog. Suggested values:

• Display Events in Log Monitor: 120 seconds

Issue 2: IKE negotiations
    Site-to-Site VPNs with mismatched network proposals are going to have an effect like a UDP DoS attack.

Resolution:

• Fix any issues with the tunnels
• Reduce the logging level for "VPN IKEv2" and "VPN IKEVPN"
• Disable any unused VPNs

  
Issue 3: Logging 
   SonicWall generating high volumes of Logs

Resolution:

• Enable the checkbox “Main Log Process Reschedule Interval” on diag.html page. Leave the value of the related “Log Entries” setting at 100.
• Configure logging to remove items that are not needed

Issue 4: AppFlow to Local Collector
   AppFlow to Local Collector, which is the SonicWall itself, can cause Core 0 to Spike when under a load.

Resolution:

• Disable it while troubleshooting Core 0 issues.
• If app flow data is really needed send to an appflow/netflow collector.
• Unless this feature is mission critical, turn it off and use it only when needed.

Issue 5: FQDN address Objects And WildcarD FQDN address Objects
    FQDN Address Objects can cause major issues especially when the DNS lookup fails for the object. Wildcard FQDN address objects like *.google.com can cause issues due to the amount of DNS entries that will be returned on the DNS lookup.

Resolution:

• Ensure the SonicWall can resolve the FQDN object
• Delete any Unused FQDN address Objects
• Limit the amount of Wildcard FQDN address Objects or do not use them at all

Issue 6: Log Name Resolution
   This setting is located under Log > Name Resolution. The issue is when it the DNS addresses located here are public DNS servers. This name resolution would then try to go out to those Public DNS servers for every single log to resolve its name.

Resolution:

• Use only Internal DNS servers
• Change to DNS only

Issue 7: Single Sign-On Probing
   Single Sign-On can become an issue when a large amount of IP addresses are not being identified or do not require SSO.

Resolution:

• Add all IP addresses and Subnets that do not require SSO to the SSO Bypass Group
• Ensure all SSO configurations are correct.
• Ensure the Server hosting the SSO software can handle all the lookups.

Related Articles

• Bandwidth usage and tracking in SonicWall
• How to force an update of the Security Services Signatures from the Firewall GUI
• Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

Categories

• Firewalls > SonicWall SuperMassive 9000 Series > Firewall Management UI
• Firewalls > SonicWall NSA Series > Firewall Management UI
• Firewalls > TZ Series > Firewall Management UI