Kaseya Community

Sonicwall Firewalls and Kaseya Monitoring

This question is answered

More of a general question or guidance question.  We have several clients with Sonicwall firewalls in place and we would like to be able to monitor connectivity up-time, down-time, bandwidth, etc..  Is there a guide on how to best set this functionality up?  Any input or direction would be appreciated.

Mark

Verified Answer
  • It's been a little (We're using a different product for SNMP now) while but this is what I recall the step by step is-

    • Use Discovery to get the assets into KNM, there is a checkbox when you setup a network and scan that you can check as well I believe it says monitor network.
    • In KNM install a gateway on the network you want to monitor, select something that is on all the time
    • For Sonicwall log into the device and turn on SNMP, you will do this in two places.  First in the SNMP section, use v2 not v3.
    • Next on the Sonicwall go into your LAN interface and enable SNMP (LAN since the SNMP requests are coming from a device inside the network)
    • Then find the Sonicwall in KNM (If you want to rename a device so it makes sense I want to say you do that through network discovery under discovered devices) and do a SNMP walk on the device, or apply the Sonicwall template if you're sure it's communicating.  If you're not getting anything back try using https://www.paessler.com/tools/snmptester to test to see if you can get uptime back, if you can't then you have somthing not configured correctly on the Sonicwall.
    • After the walk or template review the monitors you have on the device, some don't make sense.  For instance interfaces you're not using and I would remove those.
    • The report section in SNMP will give you graphical historic views of utilization, CPU, ping, etc.

    Oh one other note if you manually setup your firewall rules for SNMP it seems to not work, you can tell if the interface has the default wizardy check or the check you can toggle.  Just something I noticed when we were setting them up.

All Replies
  • We use Monitor -> External Monitoring -> System Check to ping a public IP from a local server.

    This monitors more than just the firewall. This actually verifies internet access, so it is monitoring the switch, firewall, and ISP. It doesn't really tell us what device is down, but that is pretty easy to figure out once you know something is down.

    Offline alerts on servers do something very similar, except when the site has fail-over internet connections. In this case, we configure static routes on the firewall to force ping to a specific public IP to use a specific WAN connection and a different route to a different public IP out the other WAN connection. Then use two System Check monitors to ping each one of the two public IPs. This will tell us an ISP is down even when the servers and workstations still have internet access.

    A small gotcha we ran into. We originally were configuring a ping check to the WAN interfaces of our client's firewalls from a single server on our network. This was simpler to configure, but we ran into two issues. First, and most important, all alerts then came from our Kaseya group and got parsed into a ticket under our company. Second, and this looks to have changed slightly in the UI, but I believe there used to be an Apply and a Replace button. We had users accidentally click Replace when trying to add a new monitor, which erased the existing monitors. When you have one or two existing ones it may not be hard to reconfigure, but when you have 10+ it becomes a nightmare.

  • If you want something more than ping you need a tool to pick up on snmp

    kaseya had two products which you can use, Traverse and KNM

    You probably already have the KNM module installed in your VSA.

    We use Traverse as the volume of network devices we monitor is growing and we wanted a separate system to our VSA (which can get rather busy at times)

  • Hi Mark.

    My clients all use he built in Network Monitor for this type of information. There's quite a bit you can do with it before having to go outside the box and pay for a more robust third party solution. It's not intuitive at first glance but has quite a bit you can do.

    Feel free to reach out if I can be of any help!

    Gavin

  • Hi Gavin,

    And thanks guys for the input.  Gavin is there any documentation or step-by-step instruction on setting this up, from what I had read a bit before this does look like it will provide the basic info and feature that I'm seeking at this time.  Any help appreciated.

    Thanks, Mark

  • It's been a little (We're using a different product for SNMP now) while but this is what I recall the step by step is-

    • Use Discovery to get the assets into KNM, there is a checkbox when you setup a network and scan that you can check as well I believe it says monitor network.
    • In KNM install a gateway on the network you want to monitor, select something that is on all the time
    • For Sonicwall log into the device and turn on SNMP, you will do this in two places.  First in the SNMP section, use v2 not v3.
    • Next on the Sonicwall go into your LAN interface and enable SNMP (LAN since the SNMP requests are coming from a device inside the network)
    • Then find the Sonicwall in KNM (If you want to rename a device so it makes sense I want to say you do that through network discovery under discovered devices) and do a SNMP walk on the device, or apply the Sonicwall template if you're sure it's communicating.  If you're not getting anything back try using https://www.paessler.com/tools/snmptester to test to see if you can get uptime back, if you can't then you have somthing not configured correctly on the Sonicwall.
    • After the walk or template review the monitors you have on the device, some don't make sense.  For instance interfaces you're not using and I would remove those.
    • The report section in SNMP will give you graphical historic views of utilization, CPU, ping, etc.

    Oh one other note if you manually setup your firewall rules for SNMP it seems to not work, you can tell if the interface has the default wizardy check or the check you can toggle.  Just something I noticed when we were setting them up.

  • Why not just use Sonicwall GMS? www.sonicwall.com/.../sonicwall-gms

  • Certainly an option too, GMS can be pricey depending on the number SonicWALLs but it would give you what you are after and much more.

  • Speaking from a GMS shop: Because the reliance on lousy Java makes GMS a gigantic pain in the rear? :)

    IF you can get Discovery/KNM to do its job, you will be able to get pretty graphs and some alerting on your SonicWALL. We did it, back when we had standalone KNM (thus, a KNM that worked). Good luck!

  • RE: GMS.  Unless you have lots (100+) firewalls, managing GMS can be daunting.   they removed a bunch of Java in the 8.0 release, still a little there, but much better.

    We provide a hosted GMS platform where you can manage and get reporting without the headaches.   If you ever want to try it, you can sign up for a free trial from our website. virtualadministrator.com

    We can even arrange to buy back your existing licenses if you are fed up with it.

  • bctirado,  Awesome thank you for the steps!  I will give this a try and see how it goes.

  • Appreciate everyone else's answers as well!  All the info I can gather will aid in setting up the right solution for our current needs and give me ideas for expansion and improvement down the road!