by
Scott Glew
SonicOS 6.2.7.1-23n firmware has been officially posted as 'feature release' on mysonicwall.com marking the end to the SonicOS 6.2.7 beta program. Affected SonicWall models include:
This latest SonicOS firmware includes some great new features and enhancements such as SSH Decryption, DNS Proxy, and DPI SSL enhancements. You can read the full release notes here: SonicOS 6.2.7.1 Release Notes.
At Fastvue, one of the major features we have been looking forward to is something so small that it didn't even make it into the release notes! The inclusion of Referrer URLs in the 'Syslog Website Accessed' log events.
The Fastvue Reporter platform includes our unique Site Clean engine, to better determine actual websites visited and remove background domains such as advertising servers, content delivery networks (CDNs) and website visitor tracking widgets from our reports. A major input to the Site Clean algorithm is the Referrer URL which is only logged by some firewall vendors.
When Referrer URL is not present in the firewall log files, Fastvue Reporter falls back to a list of known CDNs and Junk URLs collected (and frequently updated) by the Fastvue web crawler, but there are many instances of logged web traffic that can't be 'cleaned' without the Referrer URL.
Now that SonicOS 6.2.7 logs the Referrer URL, the list of websites shown in the 'Clean' section of Fastvue Reporter for SonicWall should be much more reflective of actual web browsing. Once configured (see below), SonicWall will log Referrer URLs when possible into the Note field:
Fastvue Reporter for SonicWall will then utilize this URL in the Site Clean algorithm, and store the actual domains visited into its Origin Domain field. The result is a much cleaner list of sites when viewing web usage Reports and Dashboards..
Referrer URLs are also useful for identifying the actual site someone was browsing when a specific URL was accessed (such as a virus), and for finding the complete list of URLs or domains to whitelist to allow a website to work through a strict firewall configuration.
Log into mysonicwall.com and download SonicOS 6.2.7.1-23n or later.
Note: Earlier generations of SonicWall hardware(below Gen6) do not have access to this firmware.
Once upgraded, change the Syslog Format in Log | Syslog to Enhanced Syslog, and make sure the 'Note (note)' field is selected.
If alarm bells are ringing in your head because you know SonicWall GMS requires the Default syslog format to be set, then don't worry! Another great feature that SonicWall have introduced in 6.2.7.x is the ability to set the Syslog Format per Syslog Server!
Go to Log | Syslog, edit your Fastvue Syslog Server, and set the Syslog Format to Enhanced Syslog. The global Syslog Format option will change to 'mixed' if you have another syslog server defined with a different syslog format.
We added support for importing the Referrer URL in Fastvue Reporter for SonicWall v1.0.1.21 (check your existing build number in Settings | About). You can always download the latest build from our main download page.
Simply run the new installer over the top of your existing installation. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).
As of SonicOS 6.2.7.1-23n, there are a few outstanding issues that you should be aware:
We have reported all of these issues to SonicWall, and we hear a hotfix is on the way for the DPI-SSL issues. We'll keep you posted!
If you have any questions, please let us know in the comments below, or in our Support Portal.
Download our FREE 14-day trial, or schedule a demo and we'll show you how it works.
The Best SonicWall Configuration for Detailed Logging and Reporting
SonicWALL's 'Not Rated' Syslog Bug and Workaround