Allot Basic Troubleshooting Guide v1b5

Allot Communications. All rights reserved. 09 - 2011

Basic Troubleshooting Guide

Sept 2011

V1b5

Allot Communications Customer Support

Basic Troubleshooting Guide 09-2011

2011 Allot Communications. All rights reserved. 2

Table of Contents

Introduction ................................................................................................................................ 6

Purpose of This Guide .......................................................................................................... 6

About This Guide .................................................................................................................. 6

More Information ................................................................................................................... 6

Knowledge Base ............................................................................................................... 6

Product Documentation .................................................................................................... 6

Online Training .................................................................................................................. 7

Classroom Based Training................................................................................................ 7

Common Tasks.......................................................................................................................... 8

How to Access the Allot Support area .................................................................................. 8

Support Area ......................................................................................................................... 8

Resource Center ................................................................................................................... 8

Creating a Log in for the Allot Support Area ......................................................................... 9

How to Generate a Key ....................................................................................................... 10

What keys do I need? ..................................................................................................... 10

When do I need a new key? ........................................................................................... 10

When do my keys expire and what functionality is affected? ......................................... 10

How do I generate a new key? ....................................................................................... 11

How do I enter my new key?........................................................................................... 11

How to Access Command Line Interface on Allot Products ............................................... 13

Non-AOS NetEnforcers (AC-400, 800, 1000 and 2500) ................................................. 13

SG-Omega ...................................................................................................................... 13

AOS NetEnforcers (AC-1400, AC-3000, AC-5000, AC-10000) ................................... 14

SG-Sigma........................................................................................................................ 14

SMP or Distributed Collector........................................................................................... 15

ServiceProtector ............................................................................................................. 15

MediaSwift ...................................................................................................................... 15

How to Change the Default Password ................................................................................ 16

AC-400, 800, 1000, 2500 ................................................................................................ 16

To change the Root User Password ............................................................................... 16

AOS Products ................................................................................................................. 16

ServiceProtector ............................................................................................................. 16

MediaSwift ...................................................................................................................... 16

How to Upgrade Software ................................................................................................... 17

How to Check Software and Hardware Versions ................................................................ 19

Check the model, software version and box number of the NE/SG ............................... 19

Check the NetXplorer Software Version ......................................................................... 20

Checking Installed Protocol Pack Version ...................................................................... 20

First Aid .................................................................................................................................... 22



Verify Processes are Running............................................................................................. 22

NetXplorer ....................................................................................................................... 22

Verfiy Ports are Open .......................................................................................................... 23

Verify NTP Synchronization ................................................................................................ 24

Common Issues ....................................................................................................................... 25

Graph Opens with No Data ................................................................................................. 25

Graph Output Shows Less Data than Expected ................................................................. 26

NetXplorer GUI Doesnt Open............................................................................................. 27

NetEnforcer Front Panel LCD Is Stuck in System Loading .............................................. 28

NetEnforcer Front Panel LCD Displays ....................................................................... 28

NetXplorer Alarm Reports Device in Rescue Policy ......................................................... 28

The Next Step .......................................................................................................................... 29

How to Open a New Case ................................................................................................... 29

Via the Allot Support area ............................................................................................... 29

NOTE: You will be able to attach files after saving the case. ..................................... 29

Via Email ......................................................................................................................... 29

How to Grant Remote Access ............................................................................................. 29

How to Create and Send Snapshots ................................................................................... 29

Appendix A: User Guides ........................................................................................................ 31

Appendix B: Useful Links ......................................................................................................... 32

Appendix C: Useful Commands .............................................................................................. 33



Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of

the form of action, whether in contract, tort (including negligence), strict liability or otherwise.

SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND

SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT

ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.

Please read the End User License Agreement and Warranty Certificate provided with this product before using the

product. Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate.

WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY

SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),

STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR

ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright Copyright 1997-2010Allot Communications. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other language without a written permission

and specific authorization from Allot Communications Ltd.

Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their

respective companies, and are used only for identification or explanation and to the owners' benefit, without intent to infringe.

Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the

equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency

energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case

the user will be required to correct the interference at his own expense.

Changes or modifications not expressly approved by Allot Communication Ltd. could void the user's authority to operate the equipment.



Version History

Doc Version Date

v1b1 03.01.10

v1b2 07.02.10

v1b3 17.02.10

v1b4 13.12.10 Links updated

V1b5 26.09.11 New Corporate template

Page 14 and 15, IP addresses updated.

Products Supported

Products Software Version

NX/SMP NX/SMP11.1

AC-1400, 3000, 5000, 10000, SG-Sigma AOS.11.1

AC-400/800 E9.1.1

AC-1000 S9.1.0

AC-2500 C9.1.1

SG-Omega SG9.1.1



Introduction

Purpose of This Guide

This guide targets engineers at Allot customers. Its aims to achieve two goals:

To provide tools to help our customers engineers troubleshoot simple problems that can be solved onsite without the need to open a new case with allot support.

In case an issue is discovered that cannot be solved by our customers engineer on-site, to show how to gather useful information that can be added to the case and can shorten the time before a solution is reached.

About This Guide

This basic troubleshooting guide is split into four main sections. In the first section, we outline how to perform common tasks such as generating a new key, finding out basic information about the product and upgrading the software. In the second section, which we call first aid, we outline several procedures and checks which are recommended before starting to troubleshoot any problem. The third section, common issues, describes troubleshooting procedures for some of the issues most commonly faced by our customers. The final section, the next step, details how to proceed if the information in this troubleshooting guide does not solve the issue being faced. Specifically, it details how to generate a snapshot for analysis by Allot customer support and how to open a new case.

At the end of the troubleshooting guide you will find a section of appendixes which collect several useful knowledge base items and CLI commands in one central place.

During this guide we will use the following acronyms:

NE NetEnforcer

SG Service Gateway

NX NetXplorer

SMP Subscriber Management Platform

MS MediaSwift

SP ServiceProtector

AOS Allot Operating System

More Information

For additional information beyond the scope of this guide, Allot offers several additional sources of knowledge and tools.

Knowledge Base

The Allot Support Area which can be accessed from http://www.allot.com/support gives you access to the Allot Knowledge Base. You can use the free-text search on the Knowledge Base tab to download documents and look for answers to any further questions you may have.

Product Documentation

From the Knowledge Base tab in the Allot Support Area, you can search for any of the customer documentation listed in Error! Reference source not found. below. In addition, from the S/W versions tab you can download the release notes for each software version, as listed in Error! Reference source not found. below.



Online Training

In addition, Allots Online NetXplorer Training, which can be accessed from http://www.allot.com/uploadimages/NetXplorer%20training/template.swf , serves as a quick start guide for all NetXplorer installations. It also includes basic market background, key terms and procedures for monitoring, reporting and building traffic policies.

Classroom Based Training

Allot offers detailed hands-on training courses for customers and partners at our training centers around the world. Courses currently offered are as follows:

ACTE: Introduction to DPI, Monitoring and Reporting, Building traffic policies, NPP, events and alarm and advanced configurations

ACPP: Advanced architecture, monitoring collectors, database management, advanced troubleshooting, integration and SMP

ServiceProtector: Introduction to NBAD and HBAD technology, anomaly detection and mitigation, installation and IPSec, groups and prefixes, notification filters, thresholds, maintenance and troubleshooting.

A full schedule of courses and details of how to apply can be found on the Training Classes tab at the Allot Support Area.



Common Tasks

How to Access the Allot Support area

Allots corporate website, www.allot.com includes two password protected areas that you can access:

Allot Support Area

Allot Resource Center

Support Area

The Allot Support Area contains everything you need for post-sales support. From the support area you can do the following:

Download every software version and release note

Track all your support cases

Register your products

Generate keys for your supported products

Register for training classes

Search for documentation and knowledge items on the Knowledge Base

On the homepage of the Support Area, you will find a concise overview that explains how to navigate to the information and functions you need using the sites intuitive GUI.

Resource Center

The Allot Resource Center contains marketing collateral including:

Product datasheets

Solution Briefs

White Papers

Presentations

Graphics and Icons

Both the support area and resource center require secure log in.

IMPORTANT NOTE: In order to have the same user name & password for the Support Area and the Resource Center, please register first to the Support Area.

The log in to this area will provide

the partner with access to the

resource center which is the new

zone.

This can be done with the user and

password he will receive in the e-

mail

The log in to this area will provide

the partner with access to the

resource center which is the new

zone.

This can be done with the user and

password he will receive in the e-

mail



Creating a Log in for the Allot Support Area

To access our Allot Support Area, you will need a new log in and password. Heres how to get one:

Figure 1: Customer Area and Resource Center Log ins

1. Go to www.allot.com/support

2. Enter your email address in the Dont have an Account? section. (Always log in with your email address.)

3. Your password will be mailed to your email account.

This password can be used BOTH for the support area AND for the resource center. If you are an Allot Channel Partner, the password which you will receive will enable you to view and download items and collateral which are restricted to partners only.



How to Generate a Key

What keys do I need?

As an Allot customer you will require 2 separate product keys in order to work with your Allot solution

NE/SG Gateway Key. This key determines the features which are available on the product (e.g: Reporter, Port Redirection) and the bandwidth on which quality of service can be enforced. Every new NE or SG is shipped with the key preinstalled. The key is also recorded for your convenience in the Thank You Letter for the NE which is included in the packaging and is also sent to you by mail.

NX Key. This key determines the number of NE or SGs that can be managed by this NetXplorer server, and the NetXplorer features which are activated (e.g: Accounting, Country Classification, NPP, SMP). The NetXplorer key is recorded in the Thank You Letter for the NX. This letter is sent by email (for NX-HAP customers the letter is also printed and included with the hardware). You will need to enter this key manually after installing the NX software.

When do I need a new key?

You will need to generate a new key in either of the circumstances below:

You upgrade to a new NE/SG or NX software version AND the software release notes indicate that a new key is required

Your support contract is about to expire. If this is the case, you will be informed by a critical alarm in the NetXplorer GUI

You have a temporary key which is about to expire. Again in this case, you will be informed by a critical alarm in the NX GUI.

When do my keys expire and what functionality is affected?

Permanent Keys:

Your NE/SG permanent key is synchronized to expire with the end of your NE/SG support contract. When this key expires, you will lose the ability to update your service catalog with Allot Protocol Updates (APU). Other features (including QoS) will continue to function

Figure 2: Alarm - Permanent Device License is About to Expire

Your NX permanent key is synchronized to expire with the end of your NX support contract. When this key expires, you will lose the ability to use web updates (APU) and country classification.



Temporary Keys:

NE/SG and NX temporary keys are not synchronized with your support contract. When the NE/SG or NX temporary key expires, product functionality will cease until you have entered a new key.

You can check the expiry date of your keys as follows:

NE/SG Key. Select the NE icon on the network tree of the NX, and from the View menu, choose Configuration. Select the identification and key tab. You will see the NE/SG expiration date in the Activation Key Expiration field.

Figure 3: NetEnforcer Key Expiry Date

NX Key. From the Tools menu, select NX Application Server Registration. You will see the NX key expiration date in the Key Expiration Date field.

Figure 4: NetXplorer Key Expiry Date

How do I generate a new key?

In order to generate a new key (for the NE, SG and NX), follow the procedure detailed in the knowledge base article below:

https://c.eu1.visual.force.com/apex/KB?KBID=7013150

How do I enter my new key?

Once a new key has been generated, you should enter it as follows:

NE/SG Key. Select the NE icon on the network tree of the NX, and from the View menu, choose Configuration. Select the identification and key tab and enter the new key in the Activation Key field. From the File menu, choose Save to save the key.

NOTE: In some cases, on saving the new key, the NE or SG will require a reboot for the features to be applied. In these cases you will see the system message below

Figure 5: System Message Reboot Required when Entering New Key



NOTE: During the NE/SG upgrade process, you will be requested to provide a new key.

NX Key. From the Tools menu, select NetXplorer Application Server Registration. Enter the key in the Server Registration Key field. Enter the serial number in the Serial Number field. Click the Save button.



How to Access Command Line Interface on Allot Products

The procedure for accessing command line interface depends on the Allot product being used. In each case, the procedure for defining initial network settings is described in the relevant hardware guides. After initial network settings have been established, the device can be accessed remotely and command line interface can be run as outlined below.

Non-AOS NetEnforcers (AC-400, 800, 1000 and 2500)

Open an SSH session to the NE.

To access the admin menu, log in as below:

Username: admin

Default Password: allot

To access the command line interface, log in as below:

Username: root

Default Password: bagabu

SG-Omega

Open an SSH session to the IP address of the SG-Omega. This will give you access to the SGSV-110 blade (located in slot 14).

To access the CLI, log in as below:

Username: root

Default Password: bagabu

Subsequently you can access a simple troubleshooting menu, by entering the command admin-menu

From the SGSV-110 blade, you can access each of the other blades by opening a further SSH session to any of the internal IPs listed below:

Slot Blade IP

1 SGFP 11.11.11.10

3 SGFP 11.11.11.30

4 SGFP 11.11.11.40

5 SGFP 11.11.11.50

6 SGFP 11.11.11.60

7 SGBP 11.11.11.70

8 SGBP 11.11.11.80

9/10 SGCC 11.11.11.90 (Host)

11.11.11.91 (Target)

11/12 SGCC 11.11.11.110 (Host)

11.11.11.111 (Target)

14 SGSV 11.11.11.140

Table 1: SG-Omega Internal IP Addresses

After you have reached a blade on the SG-Omega, log in with username root and password bagabu to access its command line interface.



AOS NetEnforcers (AC-1400, AC-3000, AC-5000, AC-10000)

Open an SSH session to the NE.


Username: sysadmin

Default Password: sysadmin

The AC-10200 contains multiple blades. When working with this product, you should open an SSH session to the master core controller which is installed in slots 2/3. From this CC-220 blade, you can access each of the other blades by opening a further SSH session to any of the internal IPs listed below:

Slot Blade IP

1 SFC-200 11.11.11.70

2/3 CC-200 (Master) 11.11.11.20

4/5 CC-200 (Slave) 11.11.11.40

6 FB-200 11.11.11.60 (Processor 1)

11.11.11.61 (Processor 2)

11.11.11.62 (IPMC)

SMC 11.11.11.1

Table 2: Internal IP Addresses of AC-10200

After reaching a blade on the AC-10200, log in with username sysadmin and password sysadmin to access its command line interface.

NOTE: All the AOS CLI commands which are open to sysadmin users are contained in the Command Line Interface chapter of the relevant hardware guides.

SG-Sigma

Open an SSH session to the IP address of the SG-Sigma. This will give you access to the switch fabric controller located in slot 7 (SFC-A). To access the command line interface, log in as below:

Username: sysadmin

Default Password: sysadmin

From the SFC-A blade, you can access each of the other blades by opening a further SSH session to any of the internal IPs listed below:

Slot Blade IP

1 SGSV-110 11.11.11.10

2/3 CC-220 11.11.11.20

4/5 CC-220 11.11.11.40

6 FB-200 11.11.11.60 (Processor 1)

11.11.11.61 (Processor 2)

11.11.11.62 (IPMC)

7 SFC-A 11.11.11.70

8 SFC-B 11.11.11.80



9 FB-200 11.11.11.90 (Processor 1)

11.11.11.91 (Processor 2)

11.11.11.92 (IPMC)

10 SGCC or NSS 11.11.11.100

11 NSS 11.11.11.110

12 SGCC or NSS 11.11.11.120

13 NSS 11.11.11.130

14 BP-240 11.11.11.140

SMC 11.11.11.1

Table 3: Internal IP Addresses of SG-Sigma

After reaching a blade on the SG-Sigma, log in with username sysadmin and password sysadmin to access its command line interface.

NOTE: All the SG-Sigma CLI commands which are open to sysadmin users are contained in the Command Line Interface chapter of the SG-Sigma hardware guide.

SMP or Distributed Collector

Open an SSH session to the SMP or Distributed Collector machine


Username: admin

Default Password: allot

ServiceProtector

Open an SSH session to the ServiceProtector


Username: root

Default Password: Allot$001

MediaSwift

Open an SSH session to the MediaSwift device.


Username: admin

Default Password:



How to Change the Default Password

It is strongly recommended to change the default password on all Allot devices. The password enables access to the device from anywhere on the Internet. Each Allot device should therefore be protected with a unique password.

AC-400, 800, 1000, 2500

You can change the log in password on a Non-AOS NE for either the Admin user or the Monitor user. The Admin user has access to all NE functions, while the Monitor user has read-only access.

On the AC-400, 800, 1000 and 2500 follow the procedure below:

To change the Admin User Password 1. Log in to the NE using the admin user 2. In the NE Setup Menu, enter 3 (Change password) and press . The Change

Password screen is displayed. 3. Follow the onscreen instructions. Enter a new password and press . The

password must be between 5 and 8 characters. You can use a combination of upper and lower case letters and numbers.

4. Re-enter the password and press . If NE detects a simple password, a warning is displayed on the screen.

To change the Root User Password

1. Log in to the NE using the root user 2. Enter the command passwd 3. Follow the instructions to enter a new root password

NOTE: During the NE/SG software upgrade procedure you may be requested to enter a new root user password.

AOS Products

Log in to the device and enter the command passwd

NOTE: With a Service Gateway this should be done on the SGSV-100 blade. With an AC-10200 this should be done on the master core controller.

This will enable you to change the password for the user level with which you have logged into the system.

ServiceProtector

Log in to the device and enter cli to enter the top level CLI. Enter the command passwd (do not change the password from the LINUX shell)

Note the stringent password criteria. The password can be any of the following options: 8 characters + 2 families; 7 characters + 3 families or 6 characters + 4 families. A family is defined as small letters, capital letters (not including the first character), numbers or other symbols.

MediaSwift

To change the password required to log in to the CLI, enter access user-password at the enabled CLI prompt, where is the new password for the normal user.

To change the password required to access Enable mode, enter access enable-password at the enabled CLI prompt, where is the new password for the enabled user.



How to Upgrade Software

Upgrading NX. Full instructions for upgrading the NX can be found in the NX Installation and Admin Guide:


Upgrading NX: Chapter 8 (Appendix)

Upgrading NX-HAP: Chapter 8 (Appendix)

Upgrading SMP. Full instructions for upgrading SMP can be found in the SMP User Guide:


Upgrading SMP: Appendix B

Upgrading SMP-HAP: Appendix C

Upgrading NetEnforcer. Full instructions for upgrading NEs can be found in the relevant NE Release Notes (under NE Software Upgrade Procedure). All of the release notes can be accessed from the S/W Versions tab in the Support Area.

https://eu1.salesforce.com/a0A?fcf=00B20000005JRHX

Upgrading ServiceProtector.

To upgrade a remote SP-Sensor to the latest version of the ServiceProtector software located in the local systems CD ROM Drive, enter the command below from the main menu on the SP-Controller: system upgrade Sensor

To upgrade the local SP-sensor to the latest compatible version of the ServiceProtector software located in the local systems CD ROM Drive, enter the command below from the main menu: system upgrade cdrom

Figure 6: S/W Versions Tab in the Support Area



To upgrade the local system (sensor or controller) to the latest software version available on a given URL, enter the command below from the main menu: system upgrade url

For upgrade procedures for ServiceGateway and MediaSwift products, please contact [email protected]



How to Check Software and Hardware Versions

Check the model, software version and box number of the NE/SG

You can check the model of NE or SG that you are working with via the NX GUI or via the NE/SG CLI.

Via the GUI

Select the required NE/SG. From the view menu then choose configuration. Select the Identification & Key tab.

The product model is detailed in the Activation Key Details section.

The Software version and box number are detailed in the IDs section

Figure 7: Identifying product details via NX GUI

Via the CLI

The same information can be obtained from the NE CLI. Log in to the NE using the root username and password. The following CLI commands will be of assistance:

boxkey presents you with the serial number of the device

NOTE: This command is not applicable for the SG-Sgima.

actype presents you with the installed software version

NOTE: On an AC-5000 or AC-10000 product you should run actype on the core controller blade. On the AC-10200 this should be on the master core controller (installed in slots 2/3). On the SG-Sigma, you should run actype on the SGSV blade.

go config view key presents you with a range of system information, including the product model, activation key and its expiry date.



Check the NetXplorer Software Version

You can check the NX software version by launching the GUI and selecting about from the help menu.

Figure 9: NetXplorer Software Version

Checking Installed Protocol Pack Version

You can check the protocol pack version that is loaded on the NE/SG from the IDs section of the Identification and Keys tab in the NE/SG Configuration dialog of the NX GUI.

AC402-13-99:~# go config view key

==== Product Key ====

Product Name AC-402/2M

Activation Key NE-123456BBBC78901ABB1234567890123456D

Key Expiration Date 23/03/2010

Functionality for Key Above :

Quality of Service enable

NetXplorer Reporter enable

Web Update enable

Bandwidth Capacity 2.00 Mbps

Figure 8: go config view key output



Figure 10: Protocol Pack Version on NetEnforcer

You can check the protocol pack version that is loaded on the NX by selecting Network in the configuration pane. From the view menu then choose configuration. Select the Protocol Updates tab.

Figure 11: Protocol Pack Version on NetXplorer



First Aid In this section we will outline several checks that we recommend making before beginning any troubleshooting procedure.

Verify Processes are Running

NetXplorer

On a Windows based NetXplorer Server, check that the NX Server service is running. This is done by choosing Start>Control Panel>Administrative Tools>Services. The status of the NX service should be started.

Now check that the processes are running by pressing CTRL+ALT+DEL and selecting Task Manager. The services you should see are listed below. If the NX Service status is not started or if any of the processes listed below are missing, you should restart the NX Server Service. This is done by right clicking on the NX Server service and then choosing start.

NOTE: When opening the Task Manager tab, be sure to mark show processes from all users as shown below.

On a Linux based NX Server, check that the NX Server service is running by entering service netxplorer status. The expected output should be: is running. Now check that the services are running by entering ps ef|grep opt you should then see a list of the processes as seen below. The services you should see are listed below.

Figure 12: Windows Task Manager Bar



If the NX Server Service status is not is running or if any of the processes listed below are missing, you should restart the NX Server Service. You should first stop the NX Server Service by entering service netxplorer stop. Then enter service netxplorer start.

You should expect to see the following NX Services:

Poller

Converter

Loader

ltc_poller

ltc_Loader

ltreducer (runs periodically therefore may not be seen)

manifest_manager (runs periodically therefore may not be seen)

KeeperService (swKeeper for Linux)

Dbsrv10 (3 instances)

ntpd (This process has a different location on Linux; when checking on a Linux system, you should enter ps-ef|grep ntp)

java (This process has a different location on Linux; when checking on a Linux system, you should enter ps-ef|grep java)

Verfiy Ports are Open

Certain firewall ports should be opened to ensure that all elements in an Allot solution can communicate. The list of relevant ports can be found in the Knowledge Base Item below:




Verify NTP Synchronization

It is important to verify that all Allot network elements (NE, SG, Distributed Collector, SMP Server and NX) are synchronized to the same external NTP server. Lack of time synchronization typically causes problems such as reboots, missing data in graphs. It also leads to policy inconsistencies as data chunks sent from the NEs or SGs to the NX server might be discarded when they arrive with inconsistent time stamps.

The procedure for enabling this synchronization can be found in the knowledge base article below:




Common Issues

Graph Opens with No Data

What should you do if on opening a NX graph, no data is displayed as shown below?

This output indicates a problem with data collection. We recommend following the procedure outlined below. After each step, try to re-open the graph:

1. Verify that all processes are running on the NX server. The procedure for doing this was outlined above

2. Verify all Allot network elements are synchronized to a single external NTP server. The procedure for doing this was also outlined above

3. Make sure no antivirus software, system backup software or defragmentation tools are running on the server. In case they are running, exclude the Allot/ Home folder.

4. Check the collection configuration via the NX GUI. Select the relevant NE or SG from the NX navigation tree. From the view menu, choose collection configuration. If you tried to open a long term reporting graph, check that Long Term Data Collection is checked. Alternatively, if you tried to open a real-time monitoring graph, check that Real-Time Data Collection and Short-Term Data Collection are checked.

5. Check if the NE or SG is sending the data which it collects in buckets. You can do that by opening a new browser window.

For real-time monitoring data at 30 second intervals type:

http:///bucket/30/manifest (e.g: http://10.2.3.4/bucket/30/manifest). (NOTE: In Allots AOS products real-time monitoring needs to be enabled by license).

For long-term reporting data at 5 minute intervals type

http:///bucket/300/manifest

The manifest is a list of the buckets that the NE/SG has created and that are waiting to be sent to the NX. Refresh the page after few minutes, and make sure the list is updated. If you see different numbers, this indicates that new buckets are being collected by the NE/SG and polled by the NX.

Figure 13: No Data in Graph



6. If everything seems to be in order and you are still not able to view graphs, please open a case with [email protected] and send us the NX & NE or SG snapshots as explained below.

Graph Output Shows Less Data than Expected

What should you do if on opening a NX graph, it shows data for a shorter time period than you had expected as shown below?

Figure 14: Less Data thank Expected

Note that for some distribution graphs, where the x axis represents a time period, and a relatively fine data resolution has been selected when setting up the graph, a scroll bar will appear at the bottom of the graph immediately above the date. Scroll across to view all of the data for the time period selected.



NetXplorer GUI Doesnt Open

What should you do if the NX GUI does not open and you receive an error message such as the one shown below?

Figure 15: System Message - Unable to Open GUI

We recommend following the procedure outlined below. After each step, try to re-open the GUI.

1. If you have upgraded the NX server, the previous desktop icon will no longer work. Remove the desktop NX icon, and enter the IP address of the NX Server directly into your browser.

2. If you are accessing the NX server from a remote client, make sure all of the required ports are open as outlined above. If port 80 is blocked for example, you will not be able to access the NX GUI. If the remote session fails, try to open the GUI directly from the NX server itself.

3. Verify that all the NX processes are running as outlined above

4. Verify that no antivirus software, system backup software or defragmentation tools are running on the server. In case they are running, exclude the Allot/ Home folder.

5. (Windows Server or Client Only). Clean the java cache. If the root cause of the issue is with Java, you can often solve it by clearing the Java Cache on the machine that cannot access the NX, and then reinstalling JRE. Go to control panel and choose Java. On the General tab, under Temporary Internet Files, click on delete and then OK. This action will clear the java cache files. It will also remove the NX shortcut from the desktop. Open browser with NX server IP address (http://) and choose the first option Install Java JRE First. Now launch the application.

6. (Linux Server Only). Verify that the host file is configured correctly. The procedure for doing this can be found at: https://c.eu1.visual.force.com/apex/KB?KBID=4522161



NetEnforcer Front Panel LCD Is Stuck in System Loading

If the front panel of an AC-400 or AC-800 series product is stuck on system loading you should refer to the knowledge base item below:


For an AC-1000/2500 device that is stuck in system loading you should refer to the knowledge base item below, which also includes the image files required when restoring the products:


NetEnforcer Front Panel LCD Displays

When an AC-1000 or AC-2500 unit goes into bypass mode, the LCD will display . First, verify that the bypass cable is well connected between the NE and its bypass. If the unit is not supposed to be in bypass mode, reboot the NE by logging in as a root user and entering ac_reboot

NetXplorer Alarm Reports Device in Rescue Policy

If you see a question mark icon on the NE or SG in the NX network tree this indicates that the device has deferred to its rescue policy. The rescue policy is the last known good NX policy. An alarm indicating as such will also appear in the NX alarm log and you will not be able to make any further policy changes until this is resolved.

The procedure for dealing with a device which has deferred to its rescue policy is indicated in the KB article below:




The Next Step

How to Open a New Case

There are two ways to open a new case

Via the Allot Support area

Log in to the allot Support Area: www.allot.com/support

Go to the cases tab and click on New Case. Fill in the form and click save.

Figure 16: Opening a new case from the Allot Support Area

NOTE: You will be able to attach files after saving the case.

Via Email

Send an email to [email protected] with the NE/SG serial number or box key in the email subject field. Make sure you dont add any other numbers in the subject field (such as software version numbers or product name)

The serial number of the NE/SG is included in the Thank-You letter which is included with the product. It can also be found on a sticker on the rear side of the unit.

The box number can be determined from the NX GUI or the NE/SG CLI by following the instructions outlined above

How to Grant Remote Access

For guidelines on how to grant remote access to Allot Support, see the knowledge base item below:


How to Create and Send Snapshots

A snapshot is a zip file containing current and historical information on the status of an Allot product. This includes log files, policy information, operating system state, hardware status, and other information regarding the product. You can generate a snapshot for any of the following products:

NetEnforcer

SG-Omega, or SG-Sigma



NetXPlorer

SMP / Data Collector

ServiceProtector

For full instructions on how to generate snapshots, refer to the knowledge base item below:




Appendix A: User Guides Below is a table of official Allot documentation. The title of each document is a clickable link to download the document from the password protected Allot support area. Where the link is not available, please contact [email protected] for access to the guide.

User Documentation Scope

NetXplorer Operations Guide GUI based operation, monitoring and policy building.

NetXplorer Installation & Administration Guide Installation of various solution components, monitoring collector administration, server CLI, troubleshooting and administration.

NPP User Guide Instructions for the NPP administrator and instructions for the end user which can be copied into an operators guide.

SMP User Guide Initial setup, integration with external systems (IPAS, OAS, PCRF etc), service plan configuration, troubleshooting.

AC-400 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, Specs




AC-1400 and 3000 Hardware Guide

Hardware description, Connecting the NE, Configuring the NE, Redundancy, CLI, Specs

AC-5000 Hardware Guide Hardware description, Connecting the NE, Configuring the NE, Redundancy, CLI, Specs

AC-10000 Hardware Guide Hardware description (chassis and blades), Connecting the NE, Configuring the NE, Redundancy, CLI, Specs

SG-Omega Hardware Guide Hardware description & specs (chassis and blades)

SG-Omega Installation Guide Connecting and Configuring the SG-Omega, blade insertion, software installation and upgrade

SG-Omega Administration Guide SG-Omega CLI and Logs

SG-Sigma Hardware Guide Hardware description (chassis and blades), Configurations and growth path, Installing and configuring the SG, High Availability and Asymmetric traffic, CLI, Specs

ServiceProtector Installation & Administration Guide Installation procedure, Essential configuration, Notifications & filters,



thresholds and troubleshooting

ServiceProtector Operation Guide GUI based operation, monitoring and anomaly analysis

MediaSwift Administration Guide Configuration, CLI, system monitoring and administration

MediaSwift Operation Guide GUI based operation and traffic monitoring

Integration Guides SNMP, NX SOAP, SMP SOAP and Accounting Interface Guides. Plus a guide for integrating services using the SG-Sigma.

Appendix B: Useful Links Below is a table of the knowledge base items referred to in this troubleshooting guide

Subject Link

How to Generate Keys via the Web


How to Generate Snapshots https://c.eu1.visual.force.com/apex/KB?KBID=11304993

How to Grant Remote Access to Allot Support


Which firewall ports need to be opened?


Check all elements are synchronized


What to do when AC-400/800 LCD is stuck at system loading


What to do when AC-1000/2500 LCD is stuck at system loading


What to do when NX defers to its rescue policy


How to verify that the host file was correctly configured (Linux)


www.allot.com [email protected]

Americas: 300 TradeCenter, Suite 4680, Woburn, MA 01801 USA - Tel: 781-939-9300; Toll free: 877-255-6826; Fax: 781-939-9393

Europe: NCILes Centres d'Affaires Village d'Entreprises, 'Green Side' 400 Avenue Roumanille, BP309 06906 Sophia Antipolis,

Cedex France - Tel: 33 (0) 4-93-001160; Fax: 33 (0) 4-93-001165

Asia Pacific: 6 New Industrial Road, #08-01, Hoe Huat Industrial Building, Singapore 536199 Tel: +65-6283 8990 Fax: +65-6282 7280

Japan: Kanda Surugadai 4-2-3-301, Chiyoda-ku, Tokyo 101-0062 - Tel: 81 (3) 5297 7668; Fax: 81 (3) 5297 7669

Middle East & Africa: 22 Hanagar Street, Industrial Zone B, Hod Hasharon, 45240 Israel - Tel: 972 (9) 761-9200; Fax: 972 (9) 744-3626

Appendix C: Useful Commands Below is a table of the commands referred to in this troubleshooting guide

Command Use Products

passwd Change root password All NE, SG and SP products

boxkey Displays serial number All NE products

actype Displays installed software version All NE and SG products

go config view key Displays product model, activation key and expiry date

All NE and SG products

swgadmin -l Lists the processes running on the device

All non-AOS NE products

ac_reboot Reboots the NE (Note: To ensure a graceful reboot, you should use the ac_reboot command and not the reboot command)


snapshot Creates a snapshot file All NE and SG products plus the SMP and Collector

send_snapshot Creates a snapshot and automatically uploads to Allots FTP server


Allot Basic Troubleshooting Guide v1b5

Documents

Transcript of Allot Basic Troubleshooting Guide v1b5