Network Sensor is displayed as Failsafe
=======================================

Symptom
-------

The Network Sensor is displayed as Failsafe in the Node management or Sensor management.

Cause
-----

The Network Sensor periodically sends a UDP keepalive packet to the Policy
Server, which will reply in the same session with an acknowledgement. If there
is a Policy update, the Policy Server will notify the Sensor in the
acknowledgement.

If the Sensor is made aware of new policy information, it will attempt to start
a TCP session with the Policy server over HTTPS on port 443. If this TCP
session fails to initiate 5 times, the Sensor status will display as
Failsafe.

Resolution
----------

Check Connectivity
''''''''''''''''''


- Verify communication path between policy server and network sensor on port 443.
  Ensure necessary exceptions on firewalls or other appliances. 
- Through SSH on the Policy Server and Network Sensor, inspect traffic from the other component using the command: ``tcpdump -i eth0 host [source IP]``

Check Network Sensor Interface Status
'''''''''''''''''''''''''''''''''''''

- Through SSH on the Network Sensor, enter the command: ``show interface eth[#]``

 - Default interface is eth0.

Check Policy Server / Network Sensor Debug
''''''''''''''''''''''''''''''''''''''''''

Using SSH on the Policy Server and Network Sensor follow the steps below:

.. code-block:: bash

 genian> en

 genian# @shell

 Genians$ Cat /disk/data/logs/system/centerd | grep ” ERRMSG=SOAP” > network_err

 Genians$ Cat ./network_err | grep [Policy Server or Network Sensor IP Address] 443