Troubleshooting Your Virtual Appliance Deployment
This chapter provides information about the most common setup issues, as well as where to submit questions or obtain assistance:
Time Synchronization
If your health monitor indicates that the clock setup for your virtual appliance is not synchronized, check your system policy time synchronization settings. Cisco recommends that you synchronize your virtual appliances to a physical NTP server. Do not synchronize your managed devices (virtual or physical) to a Virtual Defense Center. To ensure your time synchronization is set up correctly, see Synchronizing Time in the FireSIGHT System User Guide. After you determine that the clock setup for your virtual appliance is correct, contact your ESXi host administrator and ensure that the server’s time configuration is correct.
Performance Issues
If you are having performance issues, remember that there are several factors that affect your virtual appliance. See Virtual Appliance Performance for a list of the factors that may affect your performance. To monitor ESXi host performance, you can use your vSphere Client and the information found under the Performance tab.
Connectivity Issues
You can view and confirm connectivity for the management and sensing interfaces using VMware vCloud Director Web Portal and vSphere Client.
Using VMware vCloud Director Web Portal
You can use VMware vCloud Director web portal to view and confirm that the management connection and sensing interfaces are properly connected.
Step 1 Select My Cloud > VMs, hover over the virtual appliance you want to view, and right-click.
Step 2 On the Actions window, click Properties.
The Virtual Machine Properties window appears.
Step 3 On the Hardware tab, view the NICs for the management and sensing interfaces to confirm connectivity.
Using vSphere Client
You can use vSphere Client to confirm that the management connection and sensing interfaces are properly connected.
Management Connection
During initial setup, it is important to ensure that network adapter connects at power on. If you do not, the initial management connection setup cannot properly complete and ends with the message:
To ensure that the management connection is connected:
Step 1 Right-click the name of the virtual appliance in the vSphere Client and select Edit Settings from the context menu that appears. Select Network adapter 1 in the Hardware list and make sure the Connect at power on check box is selected.
When the initial management connection completes properly, check the /var/log/messages
directory for this message:
Sensing Interfaces
During initial setup, it is important to ensure that sensing interfaces connect at power on.
To ensure that the sensing interfaces connect at power on:
Step 1 Right-click the name of the virtual device in the vSphere Client and select Edit Settings from the context menu that appears. Select Network adapter 2 and Network adapter 3 in the Hardware list. Make sure the Connect at power on check box is selected for each adapter in use.
You must connect your virtual device sensing interfaces to a virtual switch or virtual switch group that accepts promiscuous mode traffic. If it is not, your device can detect only broadcast traffic. To ensure your sensing interfaces detect all exploits, see Configuring Virtual Device Sensing Interfaces.
Inline Interface Configurations
You can verify that your inline interfaces are symmetrical and that traffic is flowing between them. To open the VMware console to your virtual device, use either VMware vCloud Director web portal or vSphere Client.
To ensure that the inline sensing interfaces are configured properly:
Step 1 At the console, log in as a user with CLI Configuration (Administrator) privileges.
Step 2 Type expert
to display the shell prompt.
Step 3 Enter the command: cat /proc/sf/sfe1000.*
A text file appears with information similar to this example:
Note that the number of packets received on eth1
matches those sent from eth2
and those sent from eth1
match those received on eth2
.
Step 4 Log out of the virtual device.
Step 5 Optionally, and if direct routing to the protected domain is supported, ping the protected virtual appliance where the inline interface of the virtual device is connected.
Pings return to indicate there is connectivity through the inline interface set of the virtual device.
For Assistance
Thank you for using Cisco products.
If you have any questions or require assistance with the FireSIGHT virtual device or virtual Defense Center, please contact Sourcefire Support:
- Visit the Sourcefire Support Site at https://support.sourcefire.com/.
- Email Sourcefire Support at support@sourcefire.com.
- Call Sourcefire Support at 1.410.423.1901 or 1.800.917.4134.
If you have any questions or require assistance with the Cisco ASA appliances, please contact Cisco Support:
- Visit the Cisco Support Site at http://www.cisco.com/cisco/web/support/index.html.
- Email Cisco Support at tac@cisco.com.
- Call Cisco Support at 1.408.526.7209 or 1.800.553.2447.