Device Health
Device health monitoring is a feature that gives you immediate graphical feedback on the operational status of the Security Manager Data Collector and the devices that Security Manager monitors.
The data collector is the only point of contact between Security Manager and all of your monitored devices. It monitors for change, retrieves configurations when change occurs, and monitors logs. When one of these communications is not functional, the valuable data that Security Manager uses for analysis is not collected. As a result, the information that Security Manager provides to you does not accurately reflect the state of your devices, and is not particularly helpful. But with the quick visual health status on the Devices and Management Stations pages, you can rest assured that all communication is operational, and can take immediate steps to resolve issues if they occur.
Health Definitions
The Devices and Management Stations pages display a health status for each monitored device. A visual representation of the device's health is given.
Healthy—no critical issues or warnings were discovered within the test suites
Warning—no critical issues were discovered but at least one warning was discovered within the test suites
Critical—at least one critical issue was discovered within the test suites
Inactive—this device is the inactive device in a cluster
Unlicensed—this device is not licensed for use with any SIP modules
A device that is both inactive and unlicensed will only be listed as unlicensed.
Test Suites
A series of test suites are performed to check device health.
- General
- Is the device licensed?
- Is there a data collector (DC) assigned?
- Retrieval
- Last Retrieval = the DC's retrieval status for the device
- Last Revision = the revision status for the device
- Change Detection
- Change Monitoring = the DC's change status for the device
- Change Data = the last revision type for the device
- Usage
- Log Monitoring = the DC's log status for the device
- Usage Data = the DC's last reported usage date
The following tables detail the possible outcomes of each test suite.
| If | Then | Message |
|---|---|---|
| Is the Device Licensed? | ||
| Not Licensed |
|
The device must be licensed in order to process configuration changes. |
| Manual Router |
|
Not applicable. |
| Licensed |
|
|
| Is the Data Collector Group Assigned? | ||
| Not Assigned |
|
A data collector group has not been assigned for this device. |
| Empty Group Assigned |
|
The data collector group assigned to this device is empty. The group must have at least one data collector assigned in order to process configuration changes. |
| Manual Router |
|
Not applicable. |
| Assigned |
|
A data collector group has been assigned to this device. (ID: #) |
| If | Then | Message |
|---|---|---|
| The DC's retrieval status for the device. | ||
| Failure |
|
Last updated on (retrievalLastUpdated). |
| Unknown |
|
The data collector has never received a retrieval status for this device. |
| No Configuration |
|
The data collector has never received a retrieval for this device. |
| Null or Empty |
|
The last retrieval status received was Null or Empty. |
| Not Defined |
|
The last retrieval status received for this device was not defined: (dcStatus). |
| Success |
|
Last updated on (retrievalLastUpdated). |
| Retrieving |
|
The data collector is in the process of retrieving a configuration for this device. |
| Not Applicable |
|
Not Applicable. |
| Manual Router |
|
Not Applicable. |
| Log |
|
Not Applicable. |
| The revision status for the device. | ||
| Retrieval Error |
|
The last revision for this device had a retrieval error. |
| Normalization Error |
|
The last revision for this device had a normalization error. |
| Normalized with Errors |
|
The last revision for this device normalized, but issues were detected in one or more of the following areas: devices, zones, policies, security rules, NAT rules or policy routes. |
| Null |
|
No revisions exist for this device. |
| Archived |
|
The last revision for this device has been archived. |
| Raw |
|
The last revision for this device has not been normalized yet and is still in a raw configuration state. |
| Retry |
|
The last revision for this device initialized but never completed. A retry has been requested. |
| Not Defined |
|
The last revision status received for this device is not defined: {0}. |
| Normalized with Errors |
|
The last revision for this device normalized, but issues were detected in one or more of the following areas: network objects, service objects, user objects, application objects, virtual routers, interfaces or routes. |
| Normalized No Errors |
|
The last revision for this device normalized successfully. |
| In Process |
|
The last revision for this device is in the process of being normalized. |
| Waiting for Parent |
|
The last revision for this device is waiting for the management station to be normalized. |
| Log |
|
Not Applicable. |
| If | Then | Message |
|---|---|---|
| The DC's change status for the device. | ||
| Down |
|
Last updated on (changeLastUpdated). |
| Null or Empty |
|
The last change monitoring status received for this device was Null or Empty. |
| Not Defined |
|
The last change monitoring status received for this device was not defined: (dcStatus). |
| Unknown |
|
The data collector has never received a change monitoring status for this device. |
| Active |
|
Enabled. |
| Not Applicable |
|
Not applicable. |
| Disabled |
|
Not applicable. |
| The last revision type for the device. | ||
| Scheduled |
|
Changes retrieved by a scheduled retrieval instead of an automatic retrieval. Change count is > 0. |
| Manual |
|
Changes retrieved by a manual retrieval instead of an automatic retrieval. Change count is > 0. |
| Scheduled |
|
Changes retrieved by a scheduled retrieval instead of an automatic retrieval. Change count is = 0. |
| Manual |
|
Changes retrieved by a manual retrieval instead of an automatic retrieval. Change count is = 0. |
| Null |
|
No revisions exist for this device. |
| Automatic |
|
Changes were detected by an automatic retrieval. |
| Install |
|
Changes were detected during policy installation. |
| Save |
|
Changes were detected on policy save. |
| Not Applicable |
|
Not applicable. |
| Disabled |
|
Not applicable. |
| Null |
|
Not applicable. |
| If | Then | Message |
|---|---|---|
| The DC's log status for the device. | ||
| Down |
|
Last updated on (logLastUpdated). |
| Null or Empty |
|
The last log monitoring status received for this device was Null or Empty. |
| Not Defined |
|
The last log monitoring status received for this device was not defined: (dcStatus). |
| Unknown |
|
The data collector has never received a log monitoring status for this device. |
| Disabled |
|
Disabled. |
| Active |
|
Enabled. |
| Not Applicable |
|
Not applicable. |
| Disabled |
|
Not applicable. |
| The DC's last reported usage date. | ||
| > Usage Threshold |
|
Usage data has not been received for (#) days which exceeds the configured threshold in settings. (Settings > Security Manager > Device Health Usage Threshold) |
| < Usage Threshold |
|
Usage data has not been received for (#) days which exceeds the configured threshold in settings. (Settings > Security Manager > Device Health Usage Threshold) |
| Disabled |
|
Not applicable. |
| Null |
|
Not applicable. |
View Result Details
To view additional result details:
- Click the health icon for the device.
- A dialog box will open with a list of health check results for the device. Scroll to view all.
- Click the close icon to close the dialog box.
Filter Device Health
We return health check results based on the worst case scenario. For example, of the three possible results - Critical, Warning or Healthy - if you filter for Change Detection warnings but the device has a critical test result for change detection, zero results will return.
After you filter, you will still see the worst health status listed in Health. To verify that you are seeing the correct filtered results, click the health icon and scroll to the section that you filtered for.