Network Sensor is displayed as Failsafe¶
The Network Sensor is displayed as Failsafe in the Node management or Sensor management.
The Network Sensor periodically sends a UDP keepalive packet to the Policy Server, which will reply in the same session with an acknowledgement. If there is a Policy update, the Policy Server will notify the Sensor in the acknowledgement.
If the Sensor is made aware of new policy information, it will attempt to start a TCP session with the Policy server over HTTPS on port 443. If this TCP session fails to initiate 5 times, the Sensor status will display as Failsafe.
- Verify communication path between policy server and network sensor on port 443. Ensure necessary exceptions on firewalls or other appliances.
- Through SSH on the Policy Server and Network Sensor, inspect traffic from the other component using the command:
tcpdump -i eth0 host [source IP]
Check Network Sensor Interface Status¶
- Through SSH on the Network Sensor, enter the command:
show interface eth[#]
- Default interface is eth0.
Check Policy Server / Network Sensor Debug¶
Using SSH on the Policy Server and Network Sensor follow the steps below:
genian> en genian# @shell Genians$ Cat /disk/data/logs/system/centerd | grep ” ERRMSG=SOAP” > network_err Genians$ Cat ./network_err | grep [Policy Server or Network Sensor IP Address] 443