sonicwall

How To Receive an Alert when SonicWall's WAN Interface Link Goes Down

by

Scott Glew

Scott Glew

You can configure SonicWall and Fastvue Reporter for SonicWall to send you alerts every time your SonicWall's WAN interface goes down (such as an ISP failure).

This can be especially useful for monitoring remote SonicWall networks, and getting on top of an issue before the support calls start flooding in.

In this article, I'll take you through how to configure SonicWall's Interface probe settings, along with the appropriate log events, and then show you how to create an alert in Fastvue Reporter for SonicWall to send an email every time your SonicWall's WAN interface goes down.

Step 1. Configure SonicWall's Interface Probe Settings

The steps below may vary slightly depending on the version of SonicOS firmware you are using. I'm using SonicOS 6.5.2.0-9n (Beta).

  1. In your SonicWall's web interface, go to Network | Failover & Load Balancing
  2. Under the Groups section, click the Configure button next to your WAN interface. This launches the Probe Settings dialog.
  3. Select the Logical/Probe Monitoring enabled radio button
  4. Select Probe succeeds when either Main Target or Alternate Target responds. There are other options here. Select the one that makes the most sense for you. You can also customize the Main and Alternative targets. By default, they are both set to the same url - responder.global.sonicwall.com.
  5. Click OK and then click Accept to save the changes.

SonicWall WAN X1 Interface Probe Settings

Configure SonicWall's Logging Settings

Now that Interface probing has been configured, you need to configure SonicWall to send log messages to the Fastvue Reporter for SonicWall server indicating when the interface is down or up.

  1. In your SonicWall's web interface, go to Log Settings | Base Setup and expand Network | Interfaces.

  2. Check the Syslog checkboxes for the Multi-Interface Link Down and Multi-Interface Link Up events.

    SonicWall Multi-Interface Link Events

  3. Click the Configure button for these events and ensure the Report Events via Syslog option is checked and the Frequency Filter Interval is set to 0. Also ensure the Event Priority is set to Alert. Also make sure the Display Events in Log Monitor option is checked so you can test these events in SonicWall's log monitor interface (see below)

    SonicWall Report Link Events Via Syslog

    Note: You will receive a warning message when saving with the Frequency Filter Interval set to 0, as this can have performance effects on your SonicWall for very chatty event types. As these events will not occur very frequently, setting it to 0 will be fine in this case.

  4. Click Accept to save the changes.

Step 3. Test the Link Up/Down log events in SonicWall's Log Monitor

At this stage, it is a good idea to ensure you're seeing the log events appear in SonicWall's log monitor.

  1. If you're still on the Log Settings | Base Setup page, click the View Logs button at the top of the page, otherwise navigate to Investigate | Event Logs.

  2. Click the + button next to Filter View and select Priority = Alert and Category = Network and click Accept.

    Filtering SonicWall

  3. Bring down your WAN interface by unplugging the WAN interface's network cable. Click the Refresh button on the Log Monitor and you should see an event with the message Interface X1 Link Is Down

    SonicWall X1 Interface Is Down

  4. Bring your WAN interface backup by plugging the network cable back in. Click the Refresh button again, and you should see another event indicating the interface is backup.

    SonicWall Interface X1 Link Is Up

Great!

Step 4. Create an Alert in Fastvue Reporter for SonicWall

Now that interface probing is configured and you've verified that SonicWall is logging the Interface is Down/Up events, you can create an Alert in Fastvue Reporter for SonicWall that hooks into the Event Message field.

  1. In Fastvue Reporter for SonicWall, go to Settings | Alerts and click **Add Alert

    SonicWall Alert - Add Alert

    **

  2. Name the alert WAN Link Down and click Add and Configure Alert. A new alert will be added to the bottom of the list, and expanded ready for you to configure it.

  3. In the Alert Criteria section, select Event Message 'Contains', then in the Values box, type Link Is and hit enter. You could use Link Is Down, but I want this alert to also include messages when the link comes back up, so I'm using the more inclusive Link Is.

    SonicWall WAN Link Down Alert - Alert Criteria

  4. In the Alert Properties section, change the Alert Key to Source Interface. Leave the priority set as High if desired.

    SonicWall WAN Link Down Alert - Alert Properties

  5. In the Alert Evidence section, you can define which fields you want to see when the alert is triggered. In this case, I've selected Event Category, Event Message and Source Interface.

    SonicWall WAN Link Down Alert - Alert Evidence

  6. In the Alert Notifications section, enter the email address or distribution list you'd like these alerts to be emailed to.

    SonicWall WAN Link Down Alert - Alert Notifications

  7. Click Save Alert then Dismiss Existing Alerts and Save.

  8. Toggle the On/Off button to On to enable the Alert.

Step 5. Test the WAN Link Down Alert

Now that everything has been set up, let's test the Alert works!

  1. In Fastvue Reporter for SonicWall, go to the Alerts tab

  2. Again, bring down the WAN Interface by pulling the network cable.

  3. A few seconds later, you should see a new alert on the Alerts tab.

    SonicWall WAN Link Is Down Alert

  4. Bring the WAN Link back up, and a few seconds later you should see another message added to the alert:

    SonicWall WAN Link Is Down and Up again

  5. Check your inbox, and you should also have the alert information in an email.

    SonicWall WAN Link Down Alert via Email

Summary

The above steps are just one example of the types of alerts you can create with Fastvue Reporter for SonicWall. I've shown you how to configure interface probing so SonicWall can detect when the WAN link is not available, how to configure the logging for these events, check they are working in SonicWall's Log Monitor, and then create an alert for the 'Link is Down' events in Fastvue Reporter for SonicWall.

By hooking into the Event Message field, you can use the techniques above to trigger alerts for any type of SonicWall firewall event. You may like to have a scroll through SonicWall's event log reference guide to get ideas on other types of useful alerts you can create.

If you haven't tried Fastvue Reporter for SonicWall yet, you can download the free 30-day trial.

Take Fastvue Reporter for a test drive

Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.

  • Share this story
    facebook
    twitter
    linkedIn

How to Enable Dark Mode in Fortinet FortiGate (FortiOS 7.0)

This article describes how to enable dark mode in Fortinet FortiGate FortiOS 7.0.
Fortinet

Sophos XG - How to Block Searches and URLs with Specific Keywords

This article describes how to use Sophos XG to block searches that contain specific keywords.
Sophos