Skip to content

Tools

You can view statistics to diagnose connectivity and network issues and test network communication. You can troubleshoot issues such as packet loss, connectivity, and discrepancies in your network.

Pop-out tools

Log viewer

By default, the log viewer shows the firewall logs. It opens in a new full-screen browser window. For more information, see Log viewer.

Policy tester

Use the policy tester before and after you edit a rule or policy to verify the applied action. The policy tester opens in a new browser window. For more information, see Policy tester.

Ping

Ping is the most common network administration utility used to test the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer.

Ping sends ICMP echo requests to test the connectivity to other hosts. The output shows if the response was received, packets transmitted and received, packet loss, and round-trip time. If a host isn't responding, ping shows 100 percent packet loss.

You can specify the following settings:

Setting Description
IP address or hostname Specify the IP address (IPv4 or IPv6) or fully qualified domain name you want to ping.
IP family Select the IP version (IPv4 or IPv6).
Interface Select the interface through which the ICMP echo requests are to be sent.
Size Specify the ping packet size (in bytes).
Default: 32 bytes
Size range: 1 to 65507

Traceroute

Traceroute traces the path taken by a packet from the source system to the destination system. The output shows all the routers through which data packets pass from the source system to the destination system, maximum hops, and total time taken by the packet to return (measured in milliseconds).

Traceroute tool from WebAdmin

  1. Sign in to the web admin console.
  2. Go to Diagnostics > Tools.
  3. Enter the required details under the Traceroute section. You can specify the following settings:

    Setting Description
    IP address or hostname Specify the IP address (IPv4 or IPv6) or fully qualified domain name.
    IP version Select the IP version (IPv4 or IPv6).
    Interface Select the interface through which you want to send the requests.
  4. Click Traceroute to view route information between the device and specified IP address.

Traceroute tool from CLI

  1. Sign in to the web admin console.
  2. Go to admin > Console and press Enter.
  3. Enter your password.
  4. Select 4. Device Console and press Enter.
  5. Run one of the following commands. For more information and syntax options, see Traceroute.

    • IPv4: traceroute <IPv4 ADDRESS>
    • IPv6: traceroute6 <IPv6 ADDRESS>

Name lookup

You can use name lookup to query the domain name service for information about domain names and IP addresses. It sends a domain name query packet to a configured domain name system (DNS) server. If you enter a domain name, the server returns the IP address associated with that domain name, and if you enter an IP address, the server returns the domain name associated with that IP address.

You can specify the following settings:

Setting Description
IP address or hostname IP address (IPv4 or IPv6) or fully qualified domain name (FQDN) to resolve.
DNS server IP Select the DNS server to send the query to.
Select Lookup using all configured servers to view all the available DNS servers configured in the device. Selecting this option will also provide information about the time taken by each DNS server to resolve the query. Based on the response time of each server, you can prioritize the DNS server.

Route lookup

If you have routable networks and want to search through which interface the device routes the traffic, you can look up the route. To do this, enter the IP address (IPv4 or IPv6).

Consolidated troubleshooting report

To help the support team debug system problems, you can generate a troubleshooting report, consisting of the system's current status file and log files. The file contains details such as a list of all the processes currently running on the system, and resource usage, in encrypted form.

You can generate and email the saved file to the support team to diagnose and troubleshoot the issue.

Sophos Firewall generates the file with the name: CTR_<APPKEY>__<MM_DD_YY>_<HH_MM_SS>

  • APPKEY is the device key of the device for which the report is generated.
  • MM_DD_YY is the date (month date year) on which the report is generated.
  • HH_MM_SS is the time (hour minute second) at which the report is generated.

By default, debug mode is turned off for all subsystems. Before generating a log file, turn on debug mode by typing the following command on the command-line interface (CLI):

console> diagnostics subsystems <subsystem name> debug on

Note

You can't turn on debug mode if you only want to generate a system snapshot.

You can specify the following CTR settings:

Setting Description
Generate CTR for Turn on the options for which Sophos Firewall generates the CTR.
System snapshot: Generates snapshots to show the issues in the system.
Log files: Generates log files.
Reason Specify the reason for generating CTR.

When you generate a log files CTR, the following complete log files are collected: - syslog.log - postgres.log - reportdb.log - applog.log

In addition, the last 1,000 lines of all other log files are collected.

Note

When generating log files, the *.log.0 files aren't collected.

Back to top