This section includes general monitoring and troubleshooting guidelines for the Firewall Management Center Virtual appliance deployed in Micosoft Azure. Monitoring and troubleshooting can relate to either the deployment of the VM in Azure, or the Firewall Management Center Virtual appliance itself.

Azure Monitoring of the VM Deployment

Azure provides a number of tools under the Support + troubleshooting menu that provide quick access to tools and resources to help you diagnose and resolve issues and receive additional assistance. Two items of interest include:

• Boot diagnostics—Allows you to see the state of your Firewall Management Center Virtual VM as it boots up. The boot diagnostics collects serial log information from the VM as well as screen shots. This can help you to diagnose any startup issues.

• Serial console—The VM serial console in the Azure portal provides access to a text-based console. This serial connection connects to the COM1 serial port of the virtual machine, providing serial and SSH access to the Firewall Management Center Virtual's command line interface using the public IP address assigned to the Firewall Management Center Virtual.

Firewall Management Center Virtual Monitoring and Logging

Troubleshoots and general logging operatations follow the same procedures as current Firewall Management Center and Firewall Management Center Virtual models. Refer to the System Monitoring and Troubleshooting section of the Secure Firewall Management Center Configuration Guide for your version.

In addition, the Microsoft Azure Linux Agent (waagent) manages Linux provisioning and VM interaction with the Azure Fabric Controller. As such, the following are important logs for troubleshooting:

• /var/log/waagent.log—This log will have any errors from the Firewall Management Center provisioning with Azure.

• /var/log/firstboot.S07install_waagent—This log will have any errors from the waagent installation.

Azure Provisioning Failures

Provisioning errors using the Azure Marketplace solution template are uncommon. However, should you encounter a provisioning error, keep the following points in mind:

• Azure has a 20 minute timeout for the virtual machine to provision with the waagent, at which point it is rebooted.

• If the Firewall Management Center has trouble provisioning for any reason, the 20 minute timer tends to end in the middle of the Firewall Management Center database initialization, likely resulting in a deployment failure.

• If the Firewall Management Center fails to provision in 20 minutes, we recommend that you start over.

• You can consult the /var/log/waagent.log for troubleshooting information.

• If you see HTTP connection errors in the serial console, this suggests that the waagent cannot communicate with the fabric. You should review your network settings upon redeploy.