Troubleshooting steps for unit down status issues in GMS
03/26/2020 1067 12208
This article describes the troubleshooting steps for unit down status issues in GMS.
GMS determines the firewall status up/blue or down/red based on the heartbeat syslogs sent by the unit every one minute. By default GMS is configured to mark the unit as down after 3 missed heartbeat syslogs which means that the unit status will be changed to down after 3 minutes of potential firewall or communication failure.
Step 1: Verify that SonicWall unit sends heartbeats messages to GMS.
Change GMS settings to "Send heartbeats messages only".
If you see packets generated by SonicWall in the packet capture for UDP 514 it means that the firewall is sending heartbeats.
NOTE: Heartbeat message is sent every 60 seconds.
Step 2: Set logging level to Inform in Firewall.
NOTE: If it is set to anything higher than "Inform" heartbeats probably are not sent as logging level is to shallow.
Step 3: Verify that GMS receives syslogs from this unit.
Follow KB: https://www.sonicwall.com/en-us/support/knowledge-base/170502803883459
NOTE: You can also type "Sersial number of the firewall and m=96 in "Filter" Field.
Example: SN=0017c5qwerty AND m=96. In case of a distributed setup with multiple Agent servers, login to the specific Agent Server and check for Syslog messages under GMSVP\syslogs folder, for a Virtual appliance the location is /opt/GMSVP/syslogs
Step 4: If GMS doesn't receive heartbeats and device sends them this is probably some kind of networking issue or an issue with Windows fifrewall or any other security sotftware running on GMS server blocking UDP 514 traffic.
Step 5: If GMS receives heartbeats and still marks unit as down wait some time and try restarting GMS services. If issue persists, contact SonicWall Technical Support Team.
How to change threshold interval of the missing heartbeats syslogs on the GMS