Respond to alerts about inoperative NGFW Engines

The Inoperative NGFW Engines alert is triggered when the Management Server does not receive the expected status updates from an NGFW Engine. The Status Surveillance option must also be selected for the engine.

If you see these alerts, one of the problems listed here might exist or might have existed temporarily:

  • The connection between the engine and the Management Server might have been lost due to network connectivity problems or due to a technical issue on the Management Server. Problems that affect only management communications do not interfere with the operation of the engines - the engines continue processing traffic.
  • The engine might be experiencing technical problems.

A console connection to the affected engine is recommended, if possible, when you suspect that the engine might not be operating properly. Connecting to the engine allows you to see any possible error messages printed out to the console before you take corrective actions, such as rebooting the node.

Steps

  1. Check if the status of the engine or the system connections (shown in the info view when the engine is selected) still shows problems.
  2. Check if there is a steady log stream from the affected engine. Also check if there are any further alerts or logs from the engine that could explain the reason for the message.
  3. Check if the engine is actually processing traffic normally even if the Management Server is not able to monitor the engine and show the log stream.
  4. If you suspect technical problems on the engine, run the sginfo script on the engine before rebooting it (if possible) and contact Forcepoint support.