In this session on system maintenance checks we will explore ‘product summary’ and ‘health check’, dashboard, Health Snapshot, guest images, upgrades, updates, backup and restore functions for the appliance. Let’s have a look at the summary screen which can be accessed by clicking the ‘About’ tab from any screen in the Web UI. On an appliance that is operating correctly with the latest software version, security content, guest images and up to date backup as well as no hardware issues, the summary screen will show you one hundred percent green checkmarks. From this screen, you can also check which features are supported by the appliance by clicking ‘Unsupported Features’ tab. In this appliance the features are in two categories; detection and integration. Those in gray are supported but have not been implemented. Those not implemented will need to be set up in a setting section of the Web UI. After making changes to settings it is always good practice to check the summary screen to ensure the feature is showing enabled and in a good state. By clicking on the information icon in any feature block you can see when the feature was released, in which category it resides and the requirement for physical and virtual versions to use this feature. Let’s have a look at the virtual appliance so we can see when a feature is not available. The ‘show unsupported features’ checkbox when activated will show you any features not available to the appliance. In this instance you will see that SSLI is not supported on this virtual machine model. The items that are not supported will vary by model. As you’ve seen the summary screen will give you a quick overview of the current state of supported enabled services. However, if a more in-depth view is required then you need to be looking at the ‘Health Check’ tab. The ‘Health Check’ tab provides a more detailed view of the summary screen. It is divided into seven sections. Let’s take a look at each one of them in turn. We’ll start with the version. The information in this section is more limited than that of a show version command in the CLI.
The points to note are that both software version and content version are showing as okay. Check the installed version and available versions are the same. If they aren’t then an update is available and should be performed.
Finally check the date and the last update to ensure it has contacted the DTI recently. Default is every 15 minutes. Next is the ‘System Information’. Again look for the okay under ‘Product Info’ and check for the licenses to have been installed. This is a good place to check if you want to know how many of the available vans are currently in use. On a virtual appliance this information will not be available as the appliance will be working in sensor mode. Let’s move on to services health. The central core of the appliance health check. This is a great screen to check that the appliance is doing what you think it should be doing all of the services are listed. For each you’re able to see the category they’re listed under and the current status. In the event there’s a critical warning the recovery steps are listed for you to follow. In this services health screen you can see there is a critical issue reported on the network content processing engine along with instructions of what to do next if the issue persists. Here you can see the hardware for both physical appliances in the top of the screen and a virtual appliance at the bottom of the screen. The virtual appliance has no physical disk so no RAID, device state or chaccis information. In this physical appliance, which is from an NX 2550, it’s fitted with two HDDs, Disk O and Disk 1. Both are reporting a healthy state. DTI cloud.
The DTI is the connection to the FireEye dynamic threat intelligence network. This is where the appliance will get all security content updates and share information about threats that have been seen. This screen will give you a visual confirmation of upload and download connections to the cloud. Information about the current status of the support license which is required for the connection to the DTI and details of the time of the last communication with the DTI. The last block in this appliance is because it is a virtual appliance and provides information about the hypervisor and IDs of the appliance. Features.
The ‘Features’ tab will show you at a glance the features that are both available and those that have been enabled on the appliance.
And finally the ‘Interfaces’.
The interfaces screen provides full details of each port and the traffic flowing through them. Refreshing the screen should show the counters increasing. This indicates data is flowing through the appliance.