Add NGFW Engine tests

As well as test-specific settings, some tests share common settings.

You can receive notification of test failures as Alerts or as SNMP traps. A test can switch also nodes offline or online based on the result.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click a Firewall, IPS engine, Layer 2 Firewall, or Master NGFW Engine element, and select Edit <element type>.
  2. Browse to General > Tester.
  3. Under the test entry table, click Add, then select the test type.
  4. Configure the common settings.
  5. Click OK.
  6. Click Save and Refresh to transfer the new configuration.

Engine Editor > General > Tester

Use this branch to configure the tester to run various checks on the NGFW Engines and initiate responses based on the success or failure of these tests.

Note: These settings are not supported for Virtual NGFW Engines.
Option Definition
Global Settings section
Alert Interval Specify the time in minutes the NGFW Engine waits before sending a new alert when the same test keeps failing repeatedly. The default value is 60 minutes. If the interval is too short, the alerts can overload the system or the alert recipient.
Delay After Specify the time in seconds that the NGFW Engine waits before it resumes running the tests after the listed events. The delay prevents false test failures that can occur due to variations in how quickly different processes and subsystems can start and stop. The maximum value is 1800.
  • Boot — The default is 30 seconds.
  • Reconfiguration — The default is 5 seconds.
  • Status Change — The default is 5 seconds.
Auto Recovery

(Clusters and Master NGFW Engines only)

When selected, the NGFW Engine automatically goes back online when a previously failed test completes successfully. Run the test in both online and offline states if you activate this option.
Boot Recovery When selected, the NGFW Engine automatically goes back online after restarting if all offline tests report a success.
Global Node Selection for Engine Tests
Filter Allows you to filter the elements shown.
Tools A menu that contains various options, such as for creating new elements or showing elements that have been moved to the Trash.
Active Shows whether the node is included in the tests that have been configured for the engine. Deselect to exclude a node from all NGFW Engine tests.
Tip: If you select ALL for the Node setting in the test properties, you can use the Global Node Selection for Engine Tests table to exclude a specific node from the test.
Name Specifies the name of the node.
Node Specifies the node ID.
Set to Default Returns tester changes to the default settings.
Option Definition
Engine Tests section
Filter Allows you to filter the elements shown.
Tools A menu that contains various options, such as for creating new elements or showing elements that have been moved to the Trash.
Name The name of the test. If you want to run more than one instance of the same test type with different parameters, give each test a unique name.
Active Shows whether the test is active. Deselect to deactivate a test.
Node Specifies whether the test applies to all nodes or a selected node.
Interval Specifies how often the test is run. The minimum interval is one second and the maximum is 86400 (one day).
Note: We recommend a minimum interval of four seconds. Running a test too frequently can increase overhead.
States Shows the NGFW Engine states on which the test is run.
Action Specifies which action is taken if the test fails, and which type of notification is sent.
Parameters Shows some test details.
Add Adds a test to the table:
  • External — Runs a custom script stored on the NGFW Engine. If the script returns the code zero (0), the test is considered successful, otherwise the test is considered failed.
  • File System Space — Checks the free disk space on a hard disk partition.
  • Free Swap Space — Checks the available swap space on the hard disk.
  • Inline Pair Link Speed — Checks whether the network settings (speed/duplex) match on the two ports that form the inline pair and can force ports to use the same settings. Not available in the Firewall/VPN role.
  • Link Status — Checks whether a network port reports the link as up or down.
  • Multiping — Sends out a series of ping requests to determine whether there is connectivity through a network link.
  • PolicyThis option is included for backward compatibility with legacy NGFW software versions.
Edit Allows you to change the test properties.
Remove Removes the test from the table.