Health indicators

This window shows the status of the firewall's hardware resources. These statuses are color-coded:

  • Gray: the module is not available, installed or enabled on your firewall,
  • Green: the health indicators of the module are optimal,
  • Orange: the value(s) of one or several indicators in the module require(s) your attention,
  • Red: the value(s) of one or several health indicators in the module is/are critical.

Click on a health indicator to go directly to the corresponding monitoring or configuration module.

The indicators taken into account for each health indicator are:

HA link Status of the link dedicated to HA.
Power supply

Status of the power supply modules if the firewall has any. The value of this field may be one of the following: “Power on”, “Power off” or “Not detected” (missing or defective module).
Fan Status of the fan if the firewall has one.
CPU

Percentage of your processor’s use.
Memory

Status of memory used by the firewall. Various types of memory are analyzed:

  • Host: percentage of memory allocated to processing a host.
  • Fragmented: Percentage of memory allocated to processing fragmented packets.
  • Connection: Percentage of memory allocated to processing connections.
  • ICMP: percentage of memory allocated for ICMP.
  • Logs: percentage of memory used for data tracking.
  • Dynamic: percentage of dynamic memory on the intrusion prevention engine.
Disk Status of the firewall’s internal storage medium.
RAID Status of data redundancy between the firewall's physical disks.
Temperature

Temperature of the firewall

This indicator is not available on virtual machines.
Certificates

Validity of certificates and CRLs:

  • Certificate expiring in fewer than 30 days,
  • Certificate with a validity period in the future,
  • Certificate expired,
  • Certificate revoked,
  • CRL of a CA that has exceeded half of its lifetime or which will be reaching it in fewer than 5 days,
  • CRL of an expired CA.
TPM

Status of the TPM if the firewall has one. The value of this field may be one of the following:

  • Gray: the TPM has not been initialized.
  • Green: the TPM is initialized, running and protects at least one private key.
  • Orange:

    • The TPM is initialized, but it not protecting any private key. The value "The TPM has been initialized, but is not in use" confirms this status.

    • The TPM sealing policy has been changed. To apply it, reseal the TPM. The value "TPM sealing required in order to apply the new TPM sealing policy" confirms this status.

  • Red:
    • Tests on the TPM do not work (it no longer responds).
    • The TPM can no longer be accessed because the hash values of the trusted PCRs have changed. To refresh them, reseal the TPM. The value "TPM sealing required in order to recover access to the TPM" confirms this status.
    • Secure Boot is disabled. A warning in the Messages widget in the Dashboard confirms that the feature is disabled.

Clicking on this indicator will redirect you to the Certificates and PKI module.

 

For more information on sealing the TPM, refer to the technical note Configuring the TPM and protecting private keys in SNS firewall certificates.
SD-WAN

Status of all router objects and their gateways on the firewall.

If none of the router objects monitor the status of their gateways, clicking on this indicator will take you to the configuration of network objects.