Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM® Security Network Protection – Troubleshooting the XGS appliance

Published byEthan Hines Modified over 7 years ago

Similar presentations

Presentation on theme: "IBM® Security Network Protection – Troubleshooting the XGS appliance"— Presentation transcript:

1 IBM® Security Network Protection – Troubleshooting the XGS appliance
11/4/2017 IBM® Security Network Protection – Troubleshooting the XGS appliance IBM Security support Open Mic Reminder: You must dial-in to the phone conference to listen to the panelists. The webcast does not include audio. Dial-in numbers: INDIA BANGALORE: MUMBAI: INDIA A: INDIA B: INDIA C: USA Toll-Free: Toll: Participant passcode: Author notes: <please delete these instructions before presenting> This is the IBM Security Default Template for both internal and external use. It’s aspect ratio is 16:10 and measures 10 x 6.25”. This template was created in Microsoft PowerPoint 365 Pro Plus 2016. Template files (saved with the file extension .potx) contain slide designs and customized layouts and are stored in your Microsoft templates folder* To save your new template as your default template for future use: Click “File / Save as” and choose “PowerPoint template (.potx) from the pull down menu” Rename file to, “Blank.potx” and click “Save” (file will then be stored to the default template location) Themes provide a complete slide design that can be applied to your existing presentation, including background designs, font styles, colors, and layouts To save your new template’s theme file; click “View / Slide Master / Themes” On the Themes pull down menu, select, “Save Current Theme” This new Theme file is how you apply the new template design to your existing presentations For more information, visit: Office.com / PowerPoint / Support Copy your existing source slides in slide sorter view Paste special by right-clicking in slide sorter view of destination file or template Select “Keep source formatting” This helps to ensure your slides retain their existing styles Each slide needs to be adjusted by doing the following in “Normal view” Select body content except title and footer by (Control “A”; then select title and footers while holding shift key) Cut remaining selected body content (Control “X”) Reset slide layout using new template layouts Paste slide content back onto slide (Control “V”) Learn more about using templates, visit: Office.com / PowerPoint / Support Slides and additional dial in numbers: NOTICE: By participating in this call, you give your Irrevocable consent to IBM to record any statements that you may make during the call, as well as to IBM’s use of such Recording in any and all media, including for video postings on YouTube. If you object, please do not connect to this call. September 22, 2016

2 Panelists Padmaja Deshmukh - Presenter - L2 Support Engineer
11/4/2017 Panelists Padmaja Deshmukh - Presenter - L2 Support Engineer Prateek Jain - L2 Support Senior Engineer Satish Bhandurge - L2 Support Senior Engineer Tanmay Shah - L2 Support Product Lead Kenji Hamahata - L2 Support Senior Engineer Carlos Hsiao - L3 Support Gary Hsueh - QA Lead Yogesh Talekar – Moderator - Manager, IBM Security - Advanced Threat Support (AP)

3 11/4/2017 Goal of session To provide basic guidelines about how to troubleshoot IBM Security Network Protection appliance XGS

4 Agenda Hardware Troubleshooting phdiag Utility Command Line Interface
11/4/2017 Agenda Hardware Troubleshooting phdiag Utility Command Line Interface Local Management Interface Troubleshooting Update Failures Troubleshooting Traffic Issues

5 Hardware Troubleshooting

6 Hardware Troubleshooting

7 Hardware Troubleshooting
No Power - Check cables. - Check power source. - Check lights on power supply.

8 Hardware Troubleshooting
No Post - Are there any sounds (fans, post beeps, etc.)? - Is there an output on the LCD? - Check terminal connection settings.

9 Hardware Troubleshooting
No Boot Are there any boot messages or errors displayed? ‒ Run phdiag. ‒ Reimage. ‒ Have you installed any new hardware? If so, remove it and try to boot. Make sure you power off the appliance before removing any hardware.

10 Hardware Troubleshooting
Disk Issues ‒ Drive status indicator light. ‒ Run phdiag. ‒ Reseat drive.

11 Hardware Troubleshooting
Network Issues ‒ What type of cabling is used (copper or fiber)? ‒ Is the cable good? ‒ Try plugging the connecting the appliance to another device. ‒ Check the port status to see if it is up. ‒ Check port settings. ‒ Run phdiag with loopback cables. ‒ SFP issues.

12 Hardware Troubleshooting
Network Interface Module ‒ Run system diagnostics. ‒ Swap the NIMs. Make sure to power off the appliance before removing the NIMs. ‒ Make sure the NIMs are enabled in the inspection interface policy.

13 phdiag Utility

14 phdiag utility Platform Hardware Diagnostics Utility (phdiag) – Is used to detect and diagnose hardware issues. To run a test on the network interfaces you will need to connect loopback cables to each of the ports. The Management interfaces M.1 and M.2 will need to be connected. Each of the monitoring ports will need to be connected to its pair.

15 Phdiag utility 1) Connect to the appliance via a serial cable. 2) When you see the GRUB menu hit the UP or DOWN arrow. 3) Once the appliance boots to the diagnostic menu type “phdiag” and hit enter.

16 phdiag utility Optional parameters:
all - run all standard tests (No storage badblocks test -- default) lcd - run LCD tests network - run network port tests (Selftest, Traffic) storage - run storage tests (SMART, FSCK) system - run standard system tests (MTM-Serial, Inventory, PSU, FAN, SEL) badblocks - run storage badblocks Once it is complete you can download it to a usb drive by typing “usbdownload”

17 Command Line Interface

18 Command Line Interface
The command line interface has a hierarchical structure with commands specific to each module. The prompt changes to display the module you are in. The tab key can be used to finish commands. Global commands: back – Return to the previous menu exit – log out of the appliance help – Displays the help menu for a command reboot – Reboot the appliance shutdown – Turn appliance power off top – Return to the top menu

19 Command Line Interface
The following modules are available in the command line interface: analysis – Works with packet analysis feature. certificates – Manage the appliance certificates. firmware – Mange appliance firmware. Create backups of current firmware. Swap active firmware. fixpacks – Install and list fixpacks. license – Install and list licenses. logs – Work with log files. management – Force a heartbeat to SiteProtector. opensig – Display Open signature profiling stats. protection – List and show status of protection interfaces. services – Work with certain system services. session – Lists active logon sessions. snapshots – Create a policy snapshot. Can upload and apply policy snapshots. ssh – work with SSH keys. stats – Lists statistics/status. support – Generate a system support file. Download support file to USB drive. sysinfo – Show system/hardware information. tools – Network tools. updates – Install update, list or roll back updates.

20 Command Line Interface
Under the Tools menu you have the following options: capture – Perform a packet capture. connections – Display the network connections for the appliance. nslookup – Query name servers. ping – Send an echo request to network hosts. telnet – Test connectivity to a port on a host. traceroute – Trace the route to a host.

21 Command Line Interface
Running packet caps on the management interface is just running tcpdump and specifying the filter. You can type tcpdumphelp to get a list of valid filter options. You can also go to the tcpdump manpage to get options.

22 Command Line Interface
To run packet filters on the inspection interfaces you need to create a filter and then run start. Run starthelp from the pinterface module to display the help screen for creating filter. You can filter by interface, source or destination and protocol or port. The example below would filter traffic on interface from with a destination port of 3995.

23 Command Line Interface
You type “start” to start capturing traffic. Click “stop” when finished. When you type “stop” you will see the ID number of the packets you just collected. Then move back up one menu level to the capture module you will see the pcap file listed.

24 Local Management Interface

25 Local Management Interface
The Local Management Interface (LMI) is a browser based user interface for managing all aspects of the appliance. Access the LMI by Troubleshooting tools available through the LMI are: System Graphs – Monitor appliance memory, CPU and Storage use. Network Graphs – Graphs to display traffic patterns by application or user. Can also show traffic patterns for each interface. System Logs – System events, errors and changes in system state are logged to this log file.

26 Local Management Interface
System Graphs – Memory Statistics

27 Local Management Interface
Network Graphs – Traffic details by Application

28 Local Management Interface
Logs – System Logs

29 Troubleshooting Update Failures

30 Troubleshooting Updates Failures
Check network connectivity to the update server. If updating from SiteProtector verify that you can ping SiteProtector from the appliance. If updating from the internet, verify that the proper firewall rules are in place. Technote: Check proxy settings. Can the appliance bypass the proxy? Check the licenses for the appliance. Verify that it has proper maintenance. Check your Update Servers policy to verify that all the settings are correct.

31 Troubleshooting Traffic Issues

32 Troubleshooting Traffic Issues
Check Active Quarantine Rule under the Secure Policy Configuration Menu in the LMI to verify that the traffic is not being quarantined. Check Network Access Events and IPS Events under the Monitor Analysis menu in the LMI to verify that the traffic is not generating a block event. Use the packet capture feature to view the traffic that is being passed through the interface. Check your Network Access Policy to see if a rule blocks the traffic. Try creating an accept any rule at the top to see if the traffic is now permitted.

33 Questions for the panel
11/4/2017 Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Press *1 to ask a question over the phone or Type your question into the IBM Connections Cloud Meeting chat To ask a question after this presentation: You are encouraged to participate in the Forum on this topic:

34 Where do you get more information?
11/4/2017 Where do you get more information? Questions on this or other topics can be directed to the XGS forum: More articles you can review: Technotes: Security Network Protection Command Line Interface (CLI) troubleshooting commands Checking the health of Security Network Protection and Security Network IPS sensors Running Platform Hardware Diagnostics utility on the Security Network Protection appliance IBM developerWorks Infrastructure Security Community: curity IBM Security Network Protection in IBM Knowledge Center: Useful links: Get started with IBM Security Support IBM Support Portal | Sign up for “My Notifications” Follow us:

35 Mandatory closing slide with copyright and legal disclaimers.
11/4/2017 Mandatory closing slide with copyright and legal disclaimers.

Download ppt "IBM® Security Network Protection – Troubleshooting the XGS appliance"

Similar presentations

© 2013 Microsoft Corporation. All rights reserved. Schedule a Lync Meeting You can simply schedule an Lync Meeting by using the Outlook add-in for Lync.

© 2013 Microsoft Corporation. All rights reserved. Schedule a Lync Meeting You can simply schedule an Lync Meeting by using the Outlook add-in for Lync.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Troubleshooting Working at a Small-to-Medium Business or ISP – Chapter 9.
Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.

Diagnostics. Module Objectives By the end of this module participants will be able to: Use diagnostic commands to troubleshoot and monitor performance.
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
EPOCH 1000 File Management Data Logging and Reporting

EPOCH 1000 File Management Data Logging and Reporting
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
© 2012 Microsoft Corporation. All rights reserved. Schedule a Lync meeting You can schedule a Lync Meeting by using the Outlook add-in for Lync, if you.

© 2012 Microsoft Corporation. All rights reserved. Schedule a Lync meeting You can schedule a Lync Meeting by using the Outlook add-in for Lync, if you.
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
Ch 11 Managing System Reliability and Availability 1.

Ch 11 Managing System Reliability and Availability 1.
Configuring the MagicInfo Pro Display

Configuring the MagicInfo Pro Display
Tutorial 11 Installing, Updating, and Configuring Software

Tutorial 11 Installing, Updating, and Configuring Software
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Troubleshooting Windows Vista Security Chapter 4.

Troubleshooting Windows Vista Security Chapter 4.
Module 7: Fundamentals of Administering Windows Server 2008.

Module 7: Fundamentals of Administering Windows Server 2008.
Module 10: Monitoring ISA Server 2004. Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Four Windows Server 2008 Remote Desktop Services,

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
1 Installation Training Everything you need to know to get up and running.

1 Installation Training Everything you need to know to get up and running.

Similar presentations

Ads by Google