How to monitor SONICWALL FIREWALL security


Monitor SONICWALL FIREWALL


What is a SonicWall Firewall?

SonicWall is network security company providing a wide range of software or hardware related products such as firewalls, SSL VPNs, SPAM and mail security among many other security related services.

SonicWall next-generation firewalls (NGFW) provide the security, control and visibility needed to maintain an effective cybersecurity posture. SonicWall's top-of-the-line hardware and advanced technology are built into each firewall to give organizations the edge needed on evolving threats. With solutions designed for networks of all sizes, SonicWall firewalls are designed to meet the specific security and usability needs of any organization.

SonicWall Firewall monitoring

This package is designed to monitor a SonicWall Firewall using SNMP.

This package automatically configures the ServicePilot Agent to collect statistics from the SonicWall Firewall in terms of CPU, Memory, Network Interfaces and Security Association Policies (VPN) based on an SNMP collection.

Network Interfaces and Security Association Policies (VPN) will be automatically discovered.

Requirements

  • SNMP service must be installed, configured and started on the targeted SonicWall Firewall (Security: read-only SNMP community and allowed host must be set).

  • Network Flows - It is necessary to ensure network connectivity between ServicePilot and the monitored device.

    • UDP/161 (SNMP): Between ServicePilot Agent and SonicWall Firewall
    • ICMP/Echo Request (Ping): Between ServicePilot Agent and SonicWall Firewall
    • UDP/162 (SNMP Trap): (Optional) Between SonicWall Firewall and ServicePilot Agent

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place.

Follow the documentation to add a resource to ServicePilot.

Key field notes

  1. General tab:
  2. IP address/FQDN: Specify the IP address, host name or FQDN for the SonicWall Firewall, as resolvable by the machine on which ServicePilot Agent is running
  3. Interfaces: Enable automatic interface discovery
  4. Interface Filter: include only network interfaces with network connection names matching this pattern. If the first character of this field is a ! then exclude interfaces instead. The field is a | separated list of interface network connection names with * wildcard characters allowed. If the pattern starts and ends with / then this field is a regular expression instead.
  5. Custom interface speeds (bps) separated with '|': For network interfaces that do not report correct interface speeds (for example, asymmetric interfaces), a | separated list of speed overrides can be specified. Each element of the list consists of an SNMP interface table index or name or alias, an incoming speed and an outgoing speed, comma separated.
  6. Custom interface names separated with '|': To override the name of an interface specify a | separated list of interface index or interface name and new name, comma separated.
  7. Discover only connected interfaces: When looking for new interfaces, ignore all interfaces that are currently disconnected

Note: Each element name in the list is a regular expression as defined by Like Operator (Visual Basic)

  1. Monitoring Options tab:

  2. ICMP Ping: Include ICMP Ping reachability and latency

  3. System: tick to get statistics for all system resources

  4. Security Association Policies tab:

  5. VPN: Set it to get details about Security Association Policies (VPN)

  6. {Optional} Ignored Policies Name separated with '|': Specify name(s) of policy/policies NOT to be monitored

  7. {Optional} Allowed Policies Name separated with '|': Specify name(s) of policy/policies to be monitored

  8. In the Policies tab, specify the policy or policies to apply to the resource

Notes

MIBs Used:

  • SNWL-COMMON-MIB.mib
  • SONICWALL-FIREWALL-IP-STATISTICS
  • RFC1213-MIB2

How to install a sonicwall-firewall resource?

  1. Use your ServicePilot OnPremise installation or a SaaS account.
  2. Add a new sonicwall-firewall resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the sonicwall-firewall package are located in the /prmpackages page of the software.

Benefits

ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology SONICWALL FIREWALL with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore ourplans or contact us to find what works best for you.

Free installation in a few clicks