Viewing Critical Devices
Description
There are a number of built-in Critical Devices, and the Administrator can define additional Critical Devices.
When a Critical Device reports its state as a "problem", the Cluster Member reports its state as "DOWN".
To see the list of Critical Devices on a Cluster Member, and of all the other Cluster Members, run the commands listed below on the Cluster Member.
|
Critical Device |
Description |
Meaning of the "OK" state |
Meaning of the "problem" state |
||
|---|---|---|---|---|---|
|
|
Monitors all the Critical Devices. |
None of the Critical Devices on this Cluster Member report its state as |
At least one of the Critical Devices on this Cluster Member reports its state as |
||
|
|
Monitors if "HA module" was initialized successfully. See sk36372. |
This Cluster Member receives cluster state information from peer Cluster Members. |
|
||
|
|
Monitors the state of cluster interfaces. |
All cluster interfaces on this Cluster Member are up (CCP packets are sent and received on all cluster interfaces). |
At least one of the cluster interfaces on this Cluster Member is down (CCP packets are not sent and/or received on time). |
||
|
|
Pnote is currently not used (see sk36373). |
|
|
||
|
|
Monitors the state of a Virtual System (see sk92353). |
State of a Virtual System can be changed on this Cluster Member. |
State of a Virtual System cannot be changed yet on this Cluster Member. |
||
|
|
Monitors CoreXL configuration for inconsistencies on all Cluster Members. |
Number of configured CoreXL Firewall instances on this Cluster Member is the same as on all peer Cluster Members. |
Number of configured CoreXL Firewall instances on this Cluster Member is different from peer Cluster Members. Important - A Cluster Member with a greater number of CoreXL Firewall instances changes its state to DOWN. |
||
|
|
Monitors if Full Sync on this Cluster Member completed successfully. |
This Cluster Member completed Full Sync successfully. |
This Cluster Member was not able to complete Full Sync. |
||
|
|
Monitors if the Security Policy is installed. |
This Cluster Member successfully installed Security Policy. |
Security Policy is not currently installed on this Cluster Member. |
||
|
|
Monitors the Security Gateway process called |
|
|
||
|
|
Monitors the ClusterXL process called |
|
|
||
|
|
Monitors the Gaia process called |
|
|
||
|
|
Monitors the Mobile Access back-end process called |
|
|
||
|
|
Monitors the Threat Emulation process called |
|
|
||
|
|
Monitors all Virtual Systems in VSX Cluster. |
On VS0, means that states of all Virtual Systems are not On other Virtual Systems, means that VS0 is alive on this Cluster Member. |
Minimum of blocking states of all Virtual Systems is not "active" (the VSIDs will be printed on the line |
||
|
|
This pnote appears in VSX HA mode (not VSLS) cluster. |
The number of CoreXL Firewall instances in the received CCP packet matches the number of loaded CoreXL Firewall instances on this VSX Cluster Member or this Virtual System. |
There is a mismatch between the number of CoreXL Firewall instances in the received CCP packet and the number of loaded CoreXL Firewall instances on this VSX Cluster Member or this Virtual System (see sk106912). |
||
|
|
This pnote appears in VSX VSLS mode cluster with 3 and more Cluster Members. This pnote shows if this Virtual System is in "Backup" (hibernated) state. Also see sk114557. |
This Virtual System is in "Backup" (hibernated) state on this Cluster Member. |
|
||
|
|
Monitors the Critical Device |
|
User ran the |
||
|
|
Monitors the Critical Device User executed the |
All monitored IP addresses on this Cluster Member replied to pings. |
At least one of the monitored IP addresses on this Cluster Member did not reply to at least one ping. |
||
|
A name of a user space process (except |
User executed the |
All monitored user space processes on this Cluster Member are running. |
At least one of the monitored user space on this Cluster Member processes is not running. |
||
|
|
Monitors the probing mechanism on the cluster interfaces (see the term Probing in the Glossary). |
CCP packets are received on all cluster interfaces. |
At least one of the cluster interfaces on this Cluster Member does not receive CCP packets for 5 seconds. The probing started for the network connected to the affected interface.
|
Syntax
|
Shell |
Command |
|---|---|
|
Gaia Clish |
|
|
Expert mode |
|
Where:
|
Command |
Description |
|---|---|
|
|
Shows the list of all Critical Devices |
|
|
Shows the list of all the " |
|
|
Shows the list of all Critical Devices |
|
|
When there are no issues on the Cluster Member, shows: When a Critical Device reports a problem, prints only the Critical Device that reports its state as " |
|
|
When there are no issues on the Cluster Member, shows: When a Critical Device reports a problem, prints the Critical Device " |
|
|
When there are no issues on the Cluster Member, shows: When a Critical Device reports a problem, prints only the Critical Device that reports its state as " |
Related topics
Examples
Example 1 - Critical Device 'fwd'
Critical Device fwd reports its state as problem because the fwd process is down.
[Expert@Member1:0]# cphaprob -l list Built-in Devices: Device Name: Interface Active Check Current state: OK Device Name: Recovery Delay Current state: OK Device Name: CoreXL ConfigurationCurrent state: OK Registered Devices: Device Name: Fullsync Registration number: 0 Timeout: none Current state: OK Time since last report: 1753.7 sec Device Name: Policy Registration number: 1 Timeout: none Current state: OK Time since last report: 1753.7 sec Device Name: routed Registration number: 2 Timeout: none Current state: OK Time since last report: 940.3 sec Device Name: fwd Registration number: 3 Timeout: 30 sec Current state: problem Time since last report: 1782.9 sec Process Status: DOWN Device Name: cphad Registration number: 4 Timeout: 30 sec Current state: OK Time since last report: 1778.3 sec Process Status: UP Device Name: VSXRegistration number: 5 Timeout: none Current state: OK Time since last report: 1773.3 sec Device Name: Init Registration number: 6 Timeout: none Current state: OK Time since last report: 1773.3 sec [Expert@Member1:0]# |
Example 2 - Critical Device 'CoreXL Configuration'
Critical Device CoreXL Configuration reports its state as problem because the numbers of CoreXL Firewall instances do not match between the Cluster Members.
[Expert@Member1:0]# cphaprob -l list Built-in Devices: Device Name: Interface Active Check Current state: OK Device Name: Recovery Delay Current state: OK Device Name: CoreXL ConfigurationCurrent state: problem (non-blocking) Registered Devices: Device Name: Fullsync Registration number: 0 Timeout: none Current state: OK Time since last report: 1753.7 sec Device Name: Policy Registration number: 1 Timeout: none Current state: OK Time since last report: 1753.7 sec Device Name: routed Registration number: 2 Timeout: none Current state: OK Time since last report: 940.3 sec Device Name: fwd Registration number: 3 Timeout: 30 sec Current state: OK Time since last report: 1782.9 sec Process Status: UP Device Name: cphad Registration number: 4 Timeout: 30 sec Current state: OK Time since last report: 1778.3 sec Process Status: UP Device Name: VSXRegistration number: 5 Timeout: none Current state: OK Time since last report: 1773.3 sec Device Name: Init Registration number: 6 Timeout: none Current state: OK Time since last report: 1773.3 sec [Expert@Member1:0]# |