Tools

You can view statistics to diagnose connectivity and network issues and test network communication. You can troubleshoot issues such as packet loss, connectivity, and discrepancies in your network.

Pop-out tools

Log viewer
The log viewer opens in a new full-screen browser window. By default, it shows firewall logs. For more information, see Log viewer.
Policy tester
The policy tester opens in a new full-screen browser window. Use the policy tester before and after you edit a rule or policy to verify the applied action. For more information, see Policy tester.

Ping

Ping is the most common network administration utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.

Ping sends ICMP echo requests to test the connectivity to other hosts. The output shows if the response was received, packets transmitted and received, packet loss, and round-trip time. If a host isn't responding, ping shows 100 percent packet loss.

You can specify the following settings:

IP address or hostname
Specify the IP address (IPv4 or IPv6) or fully qualified domain name you want to ping.
IP family
Select the IP version (IPv4 or IPv6).
Interface
Select the interface through which the ICMP echo requests are to be sent.
Size
Specify the ping packet size (in bytes).
Default: 32 bytes
Size range: 1 to 65507

Traceroute

Traceroute is a tool you can use to determine if a packet or communication stream is stopped at the device or is lost on the internet.

Traceroute traces the path taken by a packet from the source system to the destination system. The output shows all the routers through which data packets pass from the source system to the destination system, maximum hops, and total time taken by the packet to return (measured in milliseconds).

You can specify the following settings:

IP address or hostname
Specify the IP address (IPv4 or IPv6) or fully qualified domain name.
IP version
Select the IP version (IPv4 or IPv6).
Interface
Select the interface through which the requests are to be sent.

Name lookup

You can use name lookup to query the domain name service for information about domain names and IP addresses. It sends a domain name query packet to a configured domain name system (DNS) server. If you enter a domain name, the server returns an IP address to which it corresponds, and if you enter an IP address, the server returns a domain name to which it corresponds.

You can specify the following settings:

IP address or hostname
IP address (IPv4 or IPv6) or fully qualified domain name (FQDN) to resolve.
DNS server IP
Select the DNS server to send the query to.
Select Lookup using all configured servers to view all the available DNS servers configured in the device. Selecting this option will also provide information about the time taken by each DNS server to resolve the query. Based on the response time of each server, you can prioritize the DNS server.

Route lookup

If you have routable networks and want to search through which interface the device routes the traffic, you can look up the route. To do this, enter the IP address (IPv4 or IPv6).

Consolidated troubleshooting report

To help the support team debug system problems, you can generate a troubleshooting report, consisting of the system's current status file and log files. The file contains details such as a list of all the processes currently running on the system, and resource usage, in encrypted form.

You can generate and email the saved file to support to diagnose and troubleshoot the issue.

Sophos Firewall generates the file with the name: CTR_<APPKEY>__<MM_DD_YY>_<HH_MM_SS>
  • APPKEY is the device key of the device for which the report is generated.
  • MM_DD_YY is the date (month date year) on which the report is generated.
  • HH_MM_SS is the time (hour minute second) at which the report is generated.
By default, debug mode is turned off for all subsystems. Before generating a log file, turn on debug mode by typing the following command on the command-line interface (CLI):
console> diagnostics subsystems <subsystem name> debug on
Note You can't turn debug mode on if you only want to generate a system snapshot.

You can specify the following CTR settings:

Generate CTR for
Turn on the options for which Sophos Firewall generates the CTR.
System snapshot: Generates snapshots to show the issues in the system.
Log files: Generates log files.
Reason
Specify the reason for generating CTR.

When you generate a log files CTR, the following complete log files are collected:

  • syslog.log
  • postgres.log
  • reportdb.log
  • applog.log

In addition, the last 1,000 lines of all other log files are collected.

Note When generating log files, any *.log.0 files aren't collected.