Alerts and notifications are critical aspects of firewall monitoring and management. SOC admins rely on these alerts to detect and remediate issues in their network security environment. But an overabundance of alerts can increase stress levels and contribute to “alert fatigue” — the tendency of workers subjected to constant alerts to become desensitized to them, decreasing the chance that they’ll act quickly in the case of a true emergency.
SonicWall’s Network Security Manager (NSM) allows admins to enable and disable alerts at a central location for all firewalls within a tenant. Admins can pick and choose events for which they want to receive alerts — enabling alerts that are of importance to them and disabling the rest.
NSM alerts are completely customizable, allowing admins to select the priority, recipients and channels for each alert and specify where to send the alert notifications. Alerts can be sent via an email or via SMS through integration with Twilio.
The Alert Center and the notifications in the NSM dashboard provide a central location to view alerts across all firewalls within a tenant, thus reducing time to respond to these alerts. Alert event logs can also be forwarded to an external syslog server, which can then be integrated with an external ticketing system, such as ConnectWise.
The NSM 2.3.5 release provides an extensive list of critical alerts in the following alert categories:
- Device Management Alerts: NSM continuously monitors firewall status and alerts on crucial events that jeopardize the firewall’s health and connectivity. Admins can enable device connectivity alerts, such as interface up/down, to know when a device connection goes down and if it’s locally modified and out of synchronization with NSM. Firmware alerts are also available in NSM. These alerts notify admins when a new firmware is released so that they can upgrade their firewalls to the latest version — ensuring that firewalls are up to date with major enhancements and critical bug fixes.High Availability (HA) and WAN failover alerts are new for NSM 2.3.5, too. Admins can utilize HA failover alerts to quickly discover and investigate why the primary device has failed — all while maintaining continuous IT operations through the help of secondary device, which keeps duplicate configurations of the primary. Similarly, WAN failover alerts notify admins of a WAN connection failure and the rerouting of traffic to an active backup WAN connection.
- Firewall Configuration Alerts: NSM is key for pushing consistent firewall security policies to firewalls in the network. If an error occurs during a configuration push to network firewalls, an alert can be generated for failed commits so that admins can take an action and correct the errors before pushing the configurations again.
- User Authentication Alerts: In MSSP or enterprise environments with multiple users and admins, strict user access controls are required to prevent unauthorized access to the system. NSM can detect when a user logs in or out of the system and issue an alert.
SonicWall NSM has two licensing options: NSM Essential and NSM Advanced. NSM Essential comes with 7-day reporting and offers limited alerts, while the NSM Advanced license offers 365 days of reporting and 30 days of analytics with extensive alerting capability, including Site-to-Site VPN alerts, network usage alerts, etc.
VPN down alerts are important for distributed network environments in which remote locations are connected to branch offices through VPN tunnels. Admins can use these alerts to investigate and fix malfunctioning VPN links and maintain a stable and secure network connectivity.
Taken together, these features represent a significant step forward for SonicWall NSM — one that significantly increases the power and efficiency of your firewall management.
Learn more about SonicWall NSM’s centralized management capabilities, or check out the NSM Admin Guide.