SonicWall – More Than Just a Firewall

Posted on February 14, 2010 | Leave a comment

In earlier newsletters we have talked about these devices before. Known not simply as ‘firewall’s but rather ‘Unified Threat Management’ (UTM) appliances, they actually do a lot more, particularly in the South African enviroment where bandwidth is both expensive (and therefore usage needs to be controlled) and not always available. Read any ADSL or Wireless broadband contract and you will see wording similar to ‘services provided are best effort’. That means if your ADSL line goes down, there is no guaranteed time frame to have the line repaired. If you want that level of service, you need to pay a hefty premium for Telkom’s Diginet service. While there are many devices and indeed Linux applications that do exactly the same thing as the SonicWall’s, when it comes to overall cost of ownership, Sonic’s in our book offer great value for money.

One of the Sonic’s nice features is their automatic Internet failover feature. For example, your primary Internet line could be ADSL. As a backup, you could have a 3G card or WiMAX bandwidth from Screamer. The Sonic can be setup to automatically change over to the secondary Internet provider, Screamer WiMAX such as if the ADSL line does go down. The device continues to test the primary link and when it does become available, it automatically switches back to it. Using 3G as the backup device has its pro’s and con’s. The biggest for us is the cost. If the device fails over to a 3G device on a Friday afternoon for example, you might be in for a big bill on Monday morning if no one is checking the Sonic logs. Note that the SonicWall TZ 200 unit comes with a USB slot suitable for most 3G USB sticks.

An example of what the Sonic’s log file generates when the unit fails-over to the secondary WAN device:

02/10/2010 14:56:59.752 - Info - Firewall Event - 	Interface IP Assignment : Binding and initializing PPPoE Client			 - 	 - 	
02/10/2010 14:56:59.752 - Info - Firewall Event - 	Interface IP Assignment : Binding and initializing NAT Static IP			 - 	 - 	
02/10/2010 14:56:59.768 - Alert - WAN Availability - 	WLB Resource is now available - 	196.209.88.134, 0, X1 - 	0.0.0.0 - 	 
02/10/2010 14:56:59.768 - Alert - WAN Availability - 	WLB Failover in progress - 	192.168.2.2, 0, X2 - 	196.209.88.134, 0, X1 - 	 
02/10/2010 14:56:59.768 - Warning - WAN Availability - 	The network connection in use is PPPoE Client - 	196.209.88.134, 0, X1 - 	0.0.0.0 - 	 
02/10/2010 14:56:59.768 - Alert - WAN Availability - 	WLB Resource is now available - 	192.168.2.2, 0, X2 - 	0.0.0.0 - 	 
02/10/2010 14:56:59.768 - Alert - WAN Availability - 	WLB Failback initiated by preemption due to a more preferred interface being operational - 	196.209.88.134, 0, X1 - 	192.168.2.2, 0, X2 - 	 
02/10/2010 14:56:59.768 - Warning - WAN Availability - 	The network connection in use is NAT Static IP - 	192.168.2.2, 0, X2 - 	0.0.0.0 - 	 
02/10/2010 14:57:04.064 - Notice - Network Access - 	ICMP packet dropped due to policy - 	196.209.82.103, 768, X1 - 	196.209.88.134, 8, X1 - 	ICMP Echo, Code:   0 
02/10/2010 14:57:05.416 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
02/10/2010 14:57:11.512 - Info - DDNS - 	DDNS Update success for domain 'test.dyndns.org'. Online IP updated. - 	192.168.2.2, 0, X0 - 	0.0.0.0, 0, X0 - 	 
02/10/2010 14:57:19.512 - Notice - Network Access - 	Web management request allowed - 	192.168.1.6, 52323, X0 (admin) - 	192.168.1.1, 80, X0 - 	TCP HTTP
02/10/2010 14:57:27.400 - Debug - Network Access - 	HTTP method detected; examining stream for host header - 	192.168.1.7, 1123, X0 - 	74.201.74.193, 80, X1 - 	TCP HTTP 
02/10/2010 14:57:32.464 - Info - Firewall Event - 	Interface IP Assignment : Binding and initializing NAT Static IP			 - 	 - 	
02/10/2010 14:57:32.464 - Info - Firewall Event - 	Interface IP Assignment : Binding and initializing PPPoE Client			 - 	 - 	
02/10/2010 14:57:32.480 - Alert - WAN Availability - 	WLB Resource is now available - 	196.209.88.134, 0, X1 - 	0.0.0.0 - 	 
02/10/2010 14:57:32.480 - Warning - WAN Availability - 	The network connection in use is PPPoE Client - 	196.209.88.134, 0, X1 - 	0.0.0.0 - 	 
02/10/2010 14:57:32.480 - Alert - WAN Availability - 	WLB Resource is now available - 	192.168.2.2, 0, X2 - 	0.0.0.0 - 	 
02/10/2010 14:58:06.832 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
02/10/2010 14:58:09.416 - Notice - Network Access - 	TCP connection dropped - 	41.203.21.136, 80, X1 - 	192.168.1.6, 37460, X0 - 	TCP Port: 37460 
02/10/2010 14:58:21.128 - Notice - Network Access - 	Web management request allowed - 	192.168.1.6, 52422, X0 (admin) - 	192.168.1.1, 80, X0 - 	TCP HTTP
02/10/2010 14:58:32.704 - Notice - Network Access - 	UDP packet dropped - 	192.168.2.1, 3082, X2 - 	239.255.255.250, 1900 - 	UDP Port:  1900 
02/10/2010 14:59:08.336 - Info - PPP - 	PPP message: LCP Echo Request Received  - 	0.0.0.0 - 	0.0.0.0 - 	 
02/10/2010 14:59:14.272 - Info - PPPoE - 	PPPoE Network Disconnected			 - 	 - 	
02/10/2010 14:59:14.288 - Info - PPPoE - 	PPPoE LCP Link Down			 - 	 -

Note that DynDns.Org is updated with the new IP.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s