Troubleshooting Your Virtual Appliance Deployment
This chapter provides information about the most common setup issues, as well as where to submit questions or obtain assistance:
If your health monitor indicates that the clock setup for your virtual appliance is not synchronized, check your system policy time synchronization settings. Cisco recommends that you synchronize your virtual appliances to a physical NTP server. Do not synchronize your managed devices (virtual or physical) to a Virtual Defense Center. To ensure your time synchronization is set up correctly, see Synchronizing Time in the FireSIGHT System User Guide. After you determine that the clock setup for your virtual appliance is correct, contact your ESXi host administrator and ensure that the server’s time configuration is correct.
If you are having performance issues, remember that there are several factors that affect your virtual appliance. See Virtual Appliance Performance for a list of the factors that may affect your performance. To monitor ESXi host performance, you can use your vSphere Client and the information found under the Performance tab.
You can view and confirm connectivity for the management and sensing interfaces using VMware vCloud Director Web Portal and vSphere Client.
Using VMware vCloud Director Web Portal
You can use VMware vCloud Director web portal to view and confirm that the management connection and sensing interfaces are properly connected.
To confirm connectivity:
Step 1 Select My Cloud > VMs, hover over the virtual appliance you want to view, and right-click.
The Actions window appears.
Step 2 On the Actions window, click Properties.
The Virtual Machine Properties window appears.
Step 3 On the Hardware tab, view the NICs for the management and sensing interfaces to confirm connectivity.
Using vSphere Client
You can use vSphere Client to confirm that the management connection and sensing interfaces are properly connected.
During initial setup, it is important to ensure that network adapter connects at power on. If you do not, the initial management connection setup cannot properly complete and ends with the message:
ADDRCONF (NETDEV_UP): eth0 : link is not ready
To ensure that the management connection is connected:
Step 1 Right-click the name of the virtual appliance in the vSphere Client and select Edit Settings from the context menu that appears. Select Network adapter 1 in the Hardware list and make sure the Connect at power on check box is selected.
When the initial management connection completes properly, check the
ADDRCONF (NETDEV_CHANGE): eth0 : link becomes ready
/var/log/messages directory for this message:
During initial setup, it is important to ensure that sensing interfaces connect at power on.
To ensure that the sensing interfaces connect at power on:
Step 1 Right-click the name of the virtual device in the vSphere Client and select Edit Settings from the context menu that appears. Select Network adapter 2 and Network adapter 3 in the Hardware list. Make sure the Connect at power on check box is selected for each adapter in use.
You must connect your virtual device sensing interfaces to a virtual switch or virtual switch group that accepts promiscuous mode traffic. If it is not, your device can detect only broadcast traffic. To ensure your sensing interfaces detect all exploits, see Configuring Virtual Device Sensing Interfaces.
Inline Interface Configurations
You can verify that your inline interfaces are symmetrical and that traffic is flowing between them. To open the VMware console to your virtual device, use either VMware vCloud Director web portal or vSphere Client.
To ensure that the inline sensing interfaces are configured properly:
Access: CLI Configuration
Step 1 At the console, log in as a user with CLI Configuration (Administrator) privileges.
The CLI prompt appears.
Step 2 Type
expert to display the shell prompt.
Step 3 Enter the command:
A text file appears with information similar to this example:
SFE1000 driver for eth1 is Fast, has link, is bridging, not MAC filtering, MAC timeout 7500, Max Latency 0.
39625470 packets received.
0 packets dropped by user.
0 Mode 1 LB Total 0 Bit 000...
SFE1000 driver for eth2 is Fast, has link, is bridging, not MAC filtering, MAC timeout 7500, Max Latency 0.
13075508 packets received.
0 packets dropped by user.
0 Mode 1 LB Total 0 Bit 00
Note that the number of packets received on
eth1 matches those sent from
eth2 and those sent from
eth1 match those received on
Step 4 Log out of the virtual device.
Step 5 Optionally, and if direct routing to the protected domain is supported, ping the protected virtual appliance where the inline interface of the virtual device is connected.
Pings return to indicate there is connectivity through the inline interface set of the virtual device.
Thank you for using Cisco products.
If you have any questions or require assistance with the FireSIGHT virtual device or virtual Defense Center, please contact Sourcefire Support:
If you have any questions or require assistance with the Cisco ASA appliances, please contact Cisco Support: