by
Scott Glew
You can configure SonicWall and Fastvue Reporter for SonicWall to send you alerts every time your SonicWall's WAN interface goes down (such as an ISP failure).
This can be especially useful for monitoring remote SonicWall networks, and getting on top of an issue before the support calls start flooding in.
In this article, I'll take you through how to configure SonicWall's Interface probe settings, along with the appropriate log events, and then show you how to create an alert in Fastvue Reporter for SonicWall to send an email every time your SonicWall's WAN interface goes down.
The steps below may vary slightly depending on the version of SonicOS firmware you are using. I'm using SonicOS 6.5.2.0-9n (Beta).
Now that Interface probing has been configured, you need to configure SonicWall to send log messages to the Fastvue Reporter for SonicWall server indicating when the interface is down or up.
In your SonicWall's web interface, go to Log Settings | Base Setup and expand Network | Interfaces.
Check the Syslog checkboxes for the Multi-Interface Link Down and Multi-Interface Link Up events.
Click the Configure button for these events and ensure the Report Events via Syslog option is checked and the Frequency Filter Interval is set to 0. Also ensure the Event Priority is set to Alert. Also make sure the Display Events in Log Monitor option is checked so you can test these events in SonicWall's log monitor interface (see below)
Note: You will receive a warning message when saving with the Frequency Filter Interval set to 0, as this can have performance effects on your SonicWall for very chatty event types. As these events will not occur very frequently, setting it to 0 will be fine in this case.
Click Accept to save the changes.
At this stage, it is a good idea to ensure you're seeing the log events appear in SonicWall's log monitor.
If you're still on the Log Settings | Base Setup page, click the View Logs button at the top of the page, otherwise navigate to Investigate | Event Logs.
Click the + button next to Filter View and select Priority = Alert and Category = Network and click Accept.
Bring down your WAN interface by unplugging the WAN interface's network cable. Click the Refresh button on the Log Monitor and you should see an event with the message Interface X1 Link Is Down
Bring your WAN interface backup by plugging the network cable back in. Click the Refresh button again, and you should see another event indicating the interface is backup.
Great!
Now that interface probing is configured and you've verified that SonicWall is logging the Interface is Down/Up events, you can create an Alert in Fastvue Reporter for SonicWall that hooks into the Event Message field.
In Fastvue Reporter for SonicWall, go to Settings | Alerts and click **Add Alert
**
Name the alert WAN Link Down and click Add and Configure Alert. A new alert will be added to the bottom of the list, and expanded ready for you to configure it.
In the Alert Criteria section, select Event Message 'Contains', then in the Values box, type Link Is and hit enter. You could use Link Is Down, but I want this alert to also include messages when the link comes back up, so I'm using the more inclusive Link Is.
In the Alert Properties section, change the Alert Key to Source Interface. Leave the priority set as High if desired.
In the Alert Evidence section, you can define which fields you want to see when the alert is triggered. In this case, I've selected Event Category, Event Message and Source Interface.
In the Alert Notifications section, enter the email address or distribution list you'd like these alerts to be emailed to.
Click Save Alert then Dismiss Existing Alerts and Save.
Toggle the On/Off button to On to enable the Alert.
Now that everything has been set up, let's test the Alert works!
In Fastvue Reporter for SonicWall, go to the Alerts tab
Again, bring down the WAN Interface by pulling the network cable.
A few seconds later, you should see a new alert on the Alerts tab.
Bring the WAN Link back up, and a few seconds later you should see another message added to the alert:
Check your inbox, and you should also have the alert information in an email.
The above steps are just one example of the types of alerts you can create with Fastvue Reporter for SonicWall. I've shown you how to configure interface probing so SonicWall can detect when the WAN link is not available, how to configure the logging for these events, check they are working in SonicWall's Log Monitor, and then create an alert for the 'Link is Down' events in Fastvue Reporter for SonicWall.
By hooking into the Event Message field, you can use the techniques above to trigger alerts for any type of SonicWall firewall event. You may like to have a scroll through SonicWall's event log reference guide to get ideas on other types of useful alerts you can create.
If you haven't tried Fastvue Reporter for SonicWall yet, you can download the free 30-day trial.
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
How to Enable Dark Mode in Fortinet FortiGate (FortiOS 7.0)
Sophos XG - How to Block Searches and URLs with Specific Keywords