Troubleshooting Guide
Page 26
... speed 100 duplex half Connectivity issues between the Sensor and the switch. Duplex mismatches A duplex mismatch (for M-series Sensors. Manually setting the speed and duplex to half-or full-duplex. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Setting the management port speed and duplex mode 1 Set the speed of the Management port and whether the port...
... speed 100 duplex half Connectivity issues between the Sensor and the switch. Duplex mismatches A duplex mismatch (for M-series Sensors. Manually setting the speed and duplex to half-or full-duplex. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Setting the management port speed and duplex mode 1 Set the speed of the Management port and whether the port...
Troubleshooting Guide
Page 27
McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Network Security Platform Configuration 10/100/1000 port (Speed/Duplex) Configuration of the link. The show intfport command on both ends of Switch Resulting Resulting...100 Mbps Half-duplex No Link Neither side establishes link, due to speed mismatch Correct configuration Correct Manual Configuration Link is established, but switch does not see any autonegotiation information from McAfee Network Security Platform and defaults to 10 Mbps half-duplex. Link is used for 10/100 Mbps Ethernet (per ...
McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Network Security Platform Configuration 10/100/1000 port (Speed/Duplex) Configuration of the link. The show intfport command on both ends of Switch Resulting Resulting...100 Mbps Half-duplex No Link Neither side establishes link, due to speed mismatch Correct configuration Correct Manual Configuration Link is established, but switch does not see any autonegotiation information from McAfee Network Security Platform and defaults to 10 Mbps half-duplex. Link is used for 10/100 Mbps Ethernet (per ...
Troubleshooting Guide
Page 28
.../port Router(config-if)# speed 100 Router(config-if)# duplex full When troubleshooting Network Security Platform performance issues with Cisco 3750-12S switch Use the following commands to verify fixed interface settings on some... 5, 6, 9, or 10 may be running into this issue, manually configure the switchport to your Sensor: 3, 4, 7, 8, 11, or 12. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Sometimes there are duplex inconsistencies between Network Security Platform and the switch port. To troubleshoot this issue. Cisco IOS®...
.../port Router(config-if)# speed 100 Router(config-if)# duplex full When troubleshooting Network Security Platform performance issues with Cisco 3750-12S switch Use the following commands to verify fixed interface settings on some... 5, 6, 9, or 10 may be running into this issue, manually configure the switchport to your Sensor: 3, 4, 7, 8, 11, or 12. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Sometimes there are duplex inconsistencies between Network Security Platform and the switch port. To troubleshoot this issue. Cisco IOS®...
Troubleshooting Guide
Page 33
... port IP address (IPv4 or IPv6) requires a manual reboot of the Sensor, before updating the signature set version that the signature version number has incremented. Note: A Sensor reboot can use the status command: 1 On the Sensor, type status at the command prompt. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Checking whether a signature or software update was...
... port IP address (IPv4 or IPv6) requires a manual reboot of the Sensor, before updating the signature set version that the signature version number has incremented. Note: A Sensor reboot can use the status command: 1 On the Sensor, type status at the command prompt. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Checking whether a signature or software update was...
Troubleshooting Guide
Page 34
... If you see Configuring IP Settings for IPv4 and IPv6 traffic, IPS Configuration Guide. Upgrading Sensor software requires a manual reboot of Sensor fault messages later in this error, contact Technical Support to boot, try the following : 1 Select / ... in the debug mode. 25 Rebooting a Sensor using the reboot command The reboot command restarts a Sensor. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Certain internal software errors may have a corrupted internal flash. Rebooting a Sensor via the Manager The Reboot Sensor ...
... If you see Configuring IP Settings for IPv4 and IPv6 traffic, IPS Configuration Guide. Upgrading Sensor software requires a manual reboot of Sensor fault messages later in this error, contact Technical Support to boot, try the following : 1 Select / ... in the debug mode. 25 Rebooting a Sensor using the reboot command The reboot command restarts a Sensor. McAfee® Network Security Platform 6.0 Troubleshooting Network Security Platform Certain internal software errors may have a corrupted internal flash. Rebooting a Sensor via the Manager The Reboot Sensor ...
Troubleshooting Guide
Page 47
... corruption. If this does not work , you have a database backup file (and think it . If you may need to manually repair the database. on the Sensor. The Manager's key file is unavailable; Fault Severity Alert update failed Critical Description/Cause Action An... service (certificate) Cannot start control channel service (key store) Critical The Manager's certificate is unavailable and possibly corrupted. Contact McAfee Technical Support. In some cases, the fault does not clear-you must acknowledge or delete it to insufficient database capacity. The...
... corruption. If this does not work , you have a database backup file (and think it . If you may need to manually repair the database. on the Sensor. The Manager's key file is unavailable; Fault Severity Alert update failed Critical Description/Cause Action An... service (certificate) Cannot start control channel service (key store) Critical The Manager's certificate is unavailable and possibly corrupted. Contact McAfee Technical Support. In some cases, the fault does not clear-you must acknowledge or delete it to insufficient database capacity. The...
Troubleshooting Guide
Page 49
...of between the the Sensor's operating status Manager and the McAfee® to Controller and Fail Open bypass the Sensor. Database backup Critical failed Database System Critical Integrity A manual attempt to create a Restart the Manager. Can be the...in Manager > Maintenance. Delete unnecessary alerts, such as alerts older than a specific number of the backup file. McAfee® Network Security Platform 6.0 System Fault Messages Fault DB Connectivity Problems Severity Critical Description/Cause Problems Communicating To Database Action Please check if ...
...of between the the Sensor's operating status Manager and the McAfee® to Controller and Fail Open bypass the Sensor. Database backup Critical failed Database System Critical Integrity A manual attempt to create a Restart the Manager. Can be the...in Manager > Maintenance. Delete unnecessary alerts, such as alerts older than a specific number of the backup file. McAfee® Network Security Platform 6.0 System Fault Messages Fault DB Connectivity Problems Severity Critical Description/Cause Problems Communicating To Database Action Please check if ...
Troubleshooting Guide
Page 51
McAfee® Network Security Platform 6.0 System Fault Messages Fault Illegal In-line, failopen configuration of that the Sensor is online and in -line-fail open mode. Severity Critical Description/Cause ... to make them conform to operate in in good health. 42 Bring up the Custom Attack Editor (IPS Settings > Advanced Policies > Custom Attack Editor) and manually performing the edit / validation. Check the Sensor status to see that nature to Sensors running in in-line mode with the current signature set. This...
McAfee® Network Security Platform 6.0 System Fault Messages Fault Illegal In-line, failopen configuration of that the Sensor is online and in -line-fail open mode. Severity Critical Description/Cause ... to make them conform to operate in in good health. 42 Bring up the Custom Attack Editor (IPS Settings > Advanced Policies > Custom Attack Editor) and manually performing the edit / validation. Check the Sensor status to see that nature to Sensors running in in-line mode with the current signature set. This...
Troubleshooting Guide
Page 57
Check to take effect. Action You must manually clear this fault. User-configured SSL decryption settings for SSL decryption configuration change Sensor rediscovery failure Critical Critical Description/Cause An internal ...This fault occurs as described in the Sensor CLI command reference, perform a Diagnostic Trace as a second part to the "Sensor discovery failure" fault. McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor internal configuration error Severity Critical Sensor reboot required for a particular Sensor changed, requiring a Sensor reboot.
Check to take effect. Action You must manually clear this fault. User-configured SSL decryption settings for SSL decryption configuration change Sensor rediscovery failure Critical Critical Description/Cause An internal ...This fault occurs as described in the Sensor CLI command reference, perform a Diagnostic Trace as a second part to the "Sensor discovery failure" fault. McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor internal configuration error Severity Critical Sensor reboot required for a particular Sensor changed, requiring a Sensor reboot.
Troubleshooting Guide
Page 68
McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor reports that the alert channel is down , but the physical channel is actually up. Sensor discovery Error failure Unable ... Check to Network Security Platform. If this message. it must be additional text of -range configuration Error Sensor configuration update failed Error Description/Cause Action This fault indicates that the Sensor is reporting that the alert channel is down Severity Error Sensor reports an out-of the message cleared manually. Contact McAfee Technical Support ...
McAfee® Network Security Platform 6.0 System Fault Messages Fault Sensor reports that the alert channel is down , but the physical channel is actually up. Sensor discovery Error failure Unable ... Check to Network Security Platform. If this message. it must be additional text of -range configuration Error Sensor configuration update failed Error Description/Cause Action This fault indicates that the Sensor is reporting that the alert channel is down Severity Error Sensor reports an out-of the message cleared manually. Contact McAfee Technical Support ...
Troubleshooting Guide
Page 75
...is needed. the backup file may be too big. "..." days have passed since the last database tuning. Unable to manually back up the database backup has failed. Database Tuning is insufficient disk space on the Manager server; The database archival ...process successfully completes. Informational The Data dump retrieval from peer Manager is in progress Action Wait for user information. McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Data dump retrieval is in progress Informational Description/Cause...
...is needed. the backup file may be too big. "..." days have passed since the last database tuning. Unable to manually back up the database backup has failed. Database Tuning is insufficient disk space on the Manager server; The database archival ...process successfully completes. Informational The Data dump retrieval from peer Manager is in progress Action Wait for user information. McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Data dump retrieval is in progress Informational Description/Cause...
Troubleshooting Guide
Page 76
... progress Informational Informational Database tuning successful Informational Deleted Network Security Informational Central Manager Attack filter is applied on resource(s). McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Database backup is in use and try again 67 Do not attempt to complete A manual or scheduled database backup process is applied on...
... progress Informational Informational Database tuning successful Informational Deleted Network Security Informational Central Manager Attack filter is applied on resource(s). McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Database backup is in use and try again 67 Do not attempt to complete A manual or scheduled database backup process is applied on...
Troubleshooting Guide
Page 77
... same Manager software version. software version installed. Secondary Manager is action required. Creating clone before delete. An Network Security This message is applied on resources. Secondary Manager has latest version Network Security Platform- MDR manual switch over successful; McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Deleted Central Manager Policy is applied on...
... same Manager software version. software version installed. Secondary Manager is action required. Creating clone before delete. An Network Security This message is applied on resources. Secondary Manager has latest version Network Security Platform- MDR manual switch over successful; McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in progress Severity Informational Deleted Central Manager Policy is applied on...
Troubleshooting Guide
Page 78
...has successfully action required. Secondary Manager is now in control of the Sensors. Manager Disaster This message is for user information, no a manual switchover. This message is completed via user information, no action required. 69 Once it online again. retrieved configuration information from Primary Manager ...automatic switchover has been completed; Manager Disaster This message is for Recovery functionality has user information, no action required. McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in control of Sensors.
...has successfully action required. Secondary Manager is now in control of the Sensors. Manager Disaster This message is for user information, no a manual switchover. This message is completed via user information, no action required. 69 Once it online again. retrieved configuration information from Primary Manager ...automatic switchover has been completed; Manager Disaster This message is for Recovery functionality has user information, no action required. McAfee® Network Security Platform 6.0 System Fault Messages Fault Alert archival in control of Sensors.
Troubleshooting Guide
Page 88
... configuration for a given Sensor. Alternatively, a manual approach can use the InfoCollector tool to provide you to collect the latest log information. This file is configured by McAfee. InfoCollector can use this information to investigate and diagnose issues you may ask you with McAfee® Network Security Platform-related log information. McAfee can also be used both by...
... configuration for a given Sensor. Alternatively, a manual approach can use the InfoCollector tool to provide you to collect the latest log information. This file is configured by McAfee. InfoCollector can use this information to investigate and diagnose issues you may ask you with McAfee® Network Security Platform-related log information. McAfee can also be used both by...
Troubleshooting Guide
Page 90
The Manager Watchdog monitors the Manager process on page 82) Introduction The Manager Watchdog feature is a manual service; Caution 1: You can instead change the Manager service setting from restarting Manager automatically. 81 If Manager Watchdog detects that the Manager has gone down ... in an MDR configuration (on page 82) Tracking Manager Watchdog activities (on the Manager server periodically for Manager Watchdog. you wish the service to "Manual," (during a polling period, it waits 30 seconds and then restarts the Manager service automatically. This will exit.
The Manager Watchdog monitors the Manager process on page 82) Introduction The Manager Watchdog feature is a manual service; Caution 1: You can instead change the Manager service setting from restarting Manager automatically. 81 If Manager Watchdog detects that the Manager has gone down ... in an MDR configuration (on page 82) Tracking Manager Watchdog activities (on the Manager server periodically for Manager Watchdog. you wish the service to "Manual," (during a polling period, it waits 30 seconds and then restarts the Manager service automatically. This will exit.
Troubleshooting Guide
Page 91
...manually. it does not monitor services like MySQL or Apache. Tracking Manager Watchdog activities The Manager Watchdog logs all controlled activities in an MDR configuration When using Manager Watchdog on an Manager that is Active and if so, remains as standby. Caution: Manager Watchdog monitors only the "Network Security... service. Double-click Administrative Tools, and then double-click Services. 2. Log files can occur. McAfee® Network Security Platform 6.0 Automatically restarting a failed Manager with the filename convention wdout_.log A sample log file entry follows: 82
...manually. it does not monitor services like MySQL or Apache. Tracking Manager Watchdog activities The Manager Watchdog logs all controlled activities in an MDR configuration When using Manager Watchdog on an Manager that is Active and if so, remains as standby. Caution: Manager Watchdog monitors only the "Network Security... service. Double-click Administrative Tools, and then double-click Services. 2. Log files can occur. McAfee® Network Security Platform 6.0 Automatically restarting a failed Manager with the filename convention wdout_.log A sample log file entry follows: 82