Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

High Availability

1173

SonicOS 5.8.1 Administrator Guide

Additional Parameters in TSR

You can tell that Active/Active UTM is correctly configured on your Stateful HA pair by

generating a Tech Support Report on the System > Diagnostics page. The following

configuration parameters should appear with their correct values in the Tech Support Report:

• Enable Active/Active UTM

• HA Data Interface configuration

To generate a TSR for this purpose:

Step 1 Log into the Stateful HA pair using the shared IP address.

Step 2 Navigate to the System > Diagnostics page.

Step 3 Under Tech Support Report, click Download Report.

Responses to DPI UTM Matches

Responses, or actions, are always sent out from the active unit of the Stateful HA pair running

Active/Active UTM when DPI UTM matches are found in network traffic. Note that this does not

indicate that all the processing was performed on the active unit.

Deep Packet Inspection discovers network traffic that matches virus attachments, IPS

signatures, Application Firewall policies, and other malware. When a match is made, SonicOS

Enhanced performs an action such as dropping the packet or resetting the TCP connection.

Some DPI match actions inject additional TCP packets into the existing stream. For example,

when an SMTP session carries a virus attachment, SonicOS sends the SMTP client a “552”

error response code, with a message saying “the email attachment contains a virus.” A TCP

reset follows the error response code and the connection is terminated.

These additional TCP packets are generated as a result of the DPI UTM processing on the idle

firewall. The generated packets are sent to the active firewall over the HA data interface, and

are sent out from the active firewall as if the processing occurred on the active firewall. This

ensures seamless operation and it appears as if the DPI UTM processing was done on the

active firewall.

Logging

If DPI UTM processing on the idle firewall results in a DPI match action as described above,

then the action is logged on the active unit of the Stateful HA pair, rather than on the idle unit

where the match action was detected. This does not indicate that all the processing was

performed on the active unit.

previous next