SonicWALL TZ 190 Manuale Utente
Network > WAN Failover & Load Balancing
187
SonicOS Enhanced 4.0 Administrator Guide
upstream. If your ISP is experiencing problems in its routing infrastructure, a successful ICMP
ping of their router causes the SonicWALL security appliance to believe the line is usable, when
in fact it may not be able to pass traffic to and from the public Internet at all.
ping of their router causes the SonicWALL security appliance to believe the line is usable, when
in fact it may not be able to pass traffic to and from the public Internet at all.
To perform reliable link monitoring, you can choose ICMP or TCP as monitoring method, and
can specify up to two targets for each WAN port. TCP is preferred because many devices on
the public Internet now actively drop or block ICMP requests. If you specify two targets for each
WAN interface, you can logically link the two probe targets such that if either one fails the line
will go down, or that both must fail for the line to be considered down. Using the latter method,
you can configure a sort of ‘deep check’ to see if the line is truly usable – for instance, you could
set first probe target of your ISP’s router interface using ICMP (assuming they allow this), and
then do a secondary probe target of a DNS server on the public Internet using TCP Port 53.
With this method, if the ICMP probe of the ISP’s router fails but the farther upstream continues
to respond, the SonicWALL security appliance assumes the link is usable and continue to send
traffic across it.
can specify up to two targets for each WAN port. TCP is preferred because many devices on
the public Internet now actively drop or block ICMP requests. If you specify two targets for each
WAN interface, you can logically link the two probe targets such that if either one fails the line
will go down, or that both must fail for the line to be considered down. Using the latter method,
you can configure a sort of ‘deep check’ to see if the line is truly usable – for instance, you could
set first probe target of your ISP’s router interface using ICMP (assuming they allow this), and
then do a secondary probe target of a DNS server on the public Internet using TCP Port 53.
With this method, if the ICMP probe of the ISP’s router fails but the farther upstream continues
to respond, the SonicWALL security appliance assumes the link is usable and continue to send
traffic across it.
Configuring WAN Probe Monitoring
To configure WAN probe monitoring, follow these steps:
Step 1
On the Network > WAN Failover & Load Balancing page, under the WAN Interface
Monitoring heading, check the Enable Probe Monitoring box.
Monitoring heading, check the Enable Probe Monitoring box.
Step 2
Check the Respond to Probes box to have the SonicWALL security appliance respond to
SonicwALL TCP probes received on any of its WAN ports. Do not check this box if the
SonicWALL security appliance should not respond to TCP probes.
SonicwALL TCP probes received on any of its WAN ports. Do not check this box if the
SonicWALL security appliance should not respond to TCP probes.
Step 3
Check the Any TCP-SYN to Port box to instruct the SonicWALL security appliance to respond
to TCP probes to the specified port number without validating them first. The Any TCP-SYN to
Port box should only be checked when receiving TCP probes from SonicWALL security
appliances running SonicOS Standard or older, legacy SonicWALL security appliances.
to TCP probes to the specified port number without validating them first. The Any TCP-SYN to
Port box should only be checked when receiving TCP probes from SonicWALL security
appliances running SonicOS Standard or older, legacy SonicWALL security appliances.