Administration Notifications

From Edge Threat Management Wiki - Arista
Revision as of 23:14, 21 October 2015 by Dmorris (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Overview

Administration Alerts appear as an exclamation point icon at the top of the rack when logged into the Administration interface. When logging in, the server will runs a series of tests which can take a few minutes and then it will display the administration alert icon if there are any alerts.

Alerts are typically displayed to alert the administrator of common mis-configurations or issues.



Alerts

Text Description
Upgrades are available and ready to be installed. The server detected software upgrades that have not been applied. Upgrades can be applied in Config > Upgrade.
DNS connectivity failed: DNS Server IP The specified server's DNS settings is not providing DNS resolution. Check DNS settings of your WAN interfaces in Config > Network > Interfaces. It is recommended to use your ISP's DNS servers.
Failed to connect to Untangle. [address:port] Untangle failed to successfully connect to the Untangle servers. Check your network setting to make sure they are valid and that Untangle is online. Also check there is no firewall between Untangle and the internet that could be blocking connectivity. Untangle requires an active connection to the internet for proper operation.
Free disk space is low. [ xx% free ] Free disk space is running low. Contact Untangle support for help determining what is using disk space and what do do about it.
Disk errors reported.

Error text

The disk (hard drive) returned some errors for certain commands. This usually means the disk has bad sectors which are non-responsive. In this case the disk (hard drive) should be immediately replaced.
Rack Name contains two or more Application 1 The given rack contains two or more instances of the same application. While possible this is never desired as it decreases performance and increases management complexity. Remove one of the duplicate applications.
Rack Name contains redundant apps: Application 1 and Application 2 Some applications in Untangle are redundant and should not both be installed in the same rack at the same time. For example, Spam Blocker is a super-set to Spam Blocker Lite. If both are run no additional spam will be blocked, but messages will be scanned twice incurring a performance hit. Remove the redundant application.
Bridge (Interface 1 <-> Interface 2) may be backwards. Gateway (Gateway IP) is on Interface 2. Often bridges can be plugged in with the WAN interfaces on the LAN and the LAN interface on the WAN. This works and passes traffic, however several applications do not behave as expected. If this is show it has detected that the gateway for the main bridge interface is not on the expected interface. It is recommended to go into Config > Network > Interfaces and unplug each interface one at a time and verify and correct the mapping of interfaces by swapping cables around.
Interface 1 interface NIC has a high number of RX/TX errors. This indicates that ifconfig shows a high number of RX or TX errors on the given interface card. This is typically a network layer or NIC issue. If possible, try another NIC or different duplex setting in Config > Network > Network Cards.
Spam Blocker [Lite] is installed but an unsupported DNS server is used Spam Blocker and Spam Blocker Lite rely on DNSBL (DNS blacklists) to categorize spam. Several publicly available and often used DNS servers do not supply access to these services. For example, google(8.8.8.8, 8.8.4.4), opendns(208.67.222.222, 208.67.222.220), level3(4.2.2.1,4.2.2.2) do not provide resolution for DNSBL queries. It is recommended to configure Untangle to use your ISP's DNS servers for effective spam filtering. If spam filtering is not required simply uninstall the spam filtering application from the rack.
Spam Blocker [Lite] is installed but a DNS server (X, Y) fails to resolve DNSBL queries. This means one of the configured DNS servers does not properly resolve DNSBL queries. This will greatly degrade Spam Blocker and Spam Blocker Lite's ability to detect spam. Try configuring a different DNS server. To test this manually run host 2.0.0.127.zen.spamhaus.org your_DNS_server in the terminal where "your_DNS_server" is the IP of your DNS server. If it does not return results then DNSBL queries are not being properly resolved by that server.
Web Filter is installed but a DNS server (X, Y) fails to resolve categorization queries. This means one of the configured DNS servers does not properly resolve Web Filter category queries. Web Filter uses DNS to query for the categorization of unknown sites. If the configured DNS servers do not properly respond to categorization queries then Web Filter will not function correctly and may slow web traffic significantly.
A DNS server responds slowly. (X,Y,Z) This may negatively effect Web Filter performance. This means the specified DNS server (Y) on interface (X) responded slowly (in Z milliseconds) to a Web Filter categorization request. Web Filter will automatically request categorization of unknown and never before seen URLs. If DNS is performing poorly Web Filter categorization will also be slow and may negatively effect web traffic latency as Web Filter categorizes websites.
Event processing is slow (x ms). Event logging is slow. This is shown when event logging takes more than 15ms on average. This can be caused by a slow disk or an extremely busy server. If you see this message, you can try a couple things. 1) Use a faster disk/disk controller to the daemon is able to more quickly write events. 2) Create less events by turning off apps and/or bypassing traffic that need not be scanned.
Event processing is delayed (x minute delay). The event logging daemon that logs events to the database is behind. This happens when "events" are happening quicker than the events can be written to the database. This can be caused by a slow disk or a busy network. Events will be stored in queued in memory until they can be written to the disk. If the time it takes for an event to happen to be logged to the database reaches a time greater than 10 minutes this warning appears. This is not necessarily an issue, but the administrator should be aware when viewing reports and events that they will be delayed by x minutes. You can try a few things to resolve this alert: 1) Use a faster disk/disk controller to the daemon is able to more quickly write events. 2) Create less events by turning off apps and/or bypassing traffic that need not be scanned.
Packet processing recently overloaded This warning means that at "nf_queue: full at * entries, dropping packets(s)" was found in "/var/log/kern.log." This means packets were incoming faster than the server was able to handle them. This usually indicates some misconfiguration or performance issue, or that some traffic needs to be bypassed. This can also indicate that the server is undersized for the current task and is short on memory (swapping) or disk I/O throughput or processing power. For further help with this alert, contact Untangle support.


The shield is disabled. This can cause performance and stability problems. The shield is disabled in Config > System > Shield. While sometimes useful for testing, this configuration will cause performance and stability problems. To fix verify that Enable Shield is checked.
Route to unreachable address: 1.2.3.4 A static route exists in Config > Network > Routes, but the next hop is unreachable. All traffic for this route will be dropped.
Running 64-bit with less than 2 gigabytes RAM is not suggested. Untangle 64-bit is installed but the system recognizes less than 2 gigs total memory. It is suggested to run the 32-bit version if you have less than 2 gigs RAM. The 32-bit version is more memory efficient for smaller servers but only supports up to 3 gigabytes of RAM. The 64-bit version is less memory efficient on smaller servers but supports hundreds of gigabytes of RAM.
Currently the number of devices significantly exceeds the number of licensed devices. (x > y) The number of devices for which NGFW has recently processed traffic (x) is greater than the number of allowed devices (y) for the license existing on the NGFW server. In order to return to compliance it may be necessary to bypass devices or get a larger license. Please contact support@untangle.com for help.