Gathering data AFTER a network-related outage for IPsec

book

Article ID: 171343

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

You have experienced a network-related outage, which is now over, and need to gather information to provide to Symantec.

Note: If you are currently experiencing an outage, see Gathering data DURING a network-related outage for IPsec.

Resolution

After a network-related outage has occurred, Symantec requests the following, mandatory information. This information provides helpful insight, diagnostics, and other essential data to assist Symantec in its investigation.

Requested information after an outage

  • The affected location's Egress IP address(es).
  • The specific data-pod and data-center that the affected location was connected to (using http://pod.threatpulse.com)
  • The time that the outage began (in UTC).
  • The length of time that the outage occurred.
  • Is HTTP traffic being affected differently than HTTPS traffic?
  • The model and OS version of the device making the connection (ref: show ver command)
  • The Phase 1 and Phase 2 timeout settings (for IPsec tunnels).
  • How does the device determine failover (DPD, IP-SLA, etc)?
  • Gather firewall and router logs, starting one hour before the outage, to one hour after resolution.

Note: Not all outages and network-related issues are Symantec related. By analyzing the requested information, Symantec can help determine the reason for the outage. In some cases, additional information may be necessary.