In this installment of the Tips and Insights series, Matt Beyhl discusses the deployment and health check for our FireEye Network Security (NX) tool.
Hi my name is Matt Beyhl. I’m a Senior Systems Engineer here at FireEye and today I’m going to be talking about the deployment and health check for our network security tool. So here, to be able to go and check the network capability of the network health and the device health we want to go choose “ABOUT”. And so when we do this, this is really helpful especially with if you’ve made any sort of modifications to the device or made any sort of network changes to the device, it’s always good to perform this. So after we’ve clicked “ABOUT” on our networked device we see the first tab that we’re looking at here it says “Health Check”. This gives us the version information. This gives us the information so we are knowing that this device is up to date. Then we can check out the guest images. Making sure they’re running the images that we’re expecting them to run. Next we can get the systems information. So making sure that it sees itself as the correct device that we are expecting it to see. Next is the DTI cloud information. This is really important in being able to find out making sure that the device is communicating out to DTI cloud our Dynamic Threat Intelligence and then from there being able to get that information back and so that’s really important. So you want to make sure that this is enabled and everything is up and working and all right. Lastly we’re going to be checking out the features and this is essentially going through the feature functionality that the device can perform. For example IPS capability, advanced threat intel, riskware and so forth. And going and making sure those individual features are either enabled or disabled as we would have expected them to be. After you’ve gone through all of that we can then go through the deployment check. The deployment check is really important especially if you’ve made any sort of network changes or network modifications. So from here we can go in and we can do synthetic alert’s. Those synthetic alert’s are really helpful for us to be able to make sure you set up your new device you’ve got your new device up and running. I want to make sure that those alerts are popping up on the screen. As we scroll down to the bottom. We can choose the reinitiate the deployment check or the network check. And from here we’ll get data around that network health. So we’ll find out if there’s any sort of out of order packets that would be there, any sort of packets that if they’ve been malformed or if there’s asymmetrical traffic. So that’s really important as the network device needs to see that information coming in and leaving. It needs to see that bidirectional traffic. So if you see a significant amount of asymmetrical traffic you know that we’re not utilizing this network device as it should be and that there should be changes to that network traffic. So then you’ll also see if there’s any sort of duplicate of acknowledgments within the packets and re-transmission and so forth. And that gives you that overall view of the network health for the device. That is how you perform a network and security deployment and health check. Check back here for tips and insights into FireEye products.