What information or files are required by Technical Support to troubleshooting an issue with a SonicWall UTM appliance?

03/26/2020 22 12270

DESCRIPTION:
This article describes the files/information needed by Technical Support to be able to successfully troubleshoot an issue.

RESOLUTION:

Please describe the issue in as much detail as possible:

  Is this a new deployment or a productive environment?
  Is the issue occurring after a firmware/hotfix/configuration change?
  Is the issue affecting all or only specific users/machines?
  Is the issue present only with specific security services active?
  Please attach screenshots showing the behavior, if applicable.
  Is the issue present after a reboot?
 Is the issue impacting only specific OS versions?

We require ALL of the following files, none of those contain your main admin password, so there is little security risk.

(Please note: In case of HA environments we need the files to be exported separately from BOTH units as they might need to be compared)

1. Exported the settings of the impacted unit. Those can be downloaded under System | Settings | Export Settings.
   If needed, this file will allow us to recreate the setup in our lab conditions.
    
2. The Technical Support Report of the unit can be downloaded under System | Diagnostics | Download report; please make sure to check all checkboxes prior to exporting and NOT to use the "Send report to Tech Support" button the latter sends the data to an automated statistics engine only.
   This file contains the history of the unit, its updates and possible software-caused reboots.
    
3. The Log file of the system also shows data relevant in the troubleshooting process. To download it, please navigate to System | Log and click the download log button ? exported file format is not relevant, as long as it is readable with standard software, we accept .TXT, .LOG and .CSV. Make sure that the logging level and logged categories are set low enough to show data relevant to the issue.
    
4. In case the issue is related to network access/packet forwarding, please also prepare a packet capture, logging the communication.
   To do so, navigate to System | Packet Monitor. Now click Configure and in the Monitor Filter tab enter the source ip address of the impacted machine, choose proper protocol and port settings and try recreating the issue. PLEASE NOTE to export the data BOTH in .LIBPCAP as well as .HTML file format, as these contain information complimentary to each other and sometimes need to be compared. Below an example for capturing ICMP traffic (ping) to 4.2.2.2.