ProxySG doesn’t send HSM health check notifications when HSM is unavailable
search cancel

ProxySG doesn’t send HSM health check notifications when HSM is unavailable

book

Article ID: 240124

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The ProxySG appliance does not send health check notifications when the HSM becomes unavailable. This issue occurs when:

  • health check notifications were overridden for the specific HSM
  • an HSM setting, such as hostname or port number, was reconfigured
  • default health check notifications were disabled for health state transitions

Cause

When you reconfigure an HSM, the appliance deletes the current HSM health check and creates a new health check. The new health check inherits notification settings from the default notification settings; as a result, the appliance does not send HSM health check notifications if the default health check notifications are disabled.
 
In addition, the HSM health state updates only when the HSM processes SSL traffic. If the HSM is not processing SSL traffic, it remains in the same state as when traffic was last processed. This behavior differs from that of other health checks, where the appliance performs a periodic ping or protocol operation to determine health.
 

Resolution

Ensure that the HSM health check reports all health state changes when changing the HSM configuration:

  • Set health check defaults to send notifications for health state transitions.
  • Reconfigure the HSM.
  • Set the HSM health check to send notifications for health state transitions.

 

Use one of the following methods to configure the HSM health check.

In the Admin Console:

  1. Select Administration > Health Checks and Monitoring > Health Checks.
  2. Under Default Notifications, select the Notify on a Transition to Healthy/Sick options for email and SNMP notifications. For event logging, select the Log a Transition to Healthy/Sick As options. Apply the changes.
  3. Select Configuration > SSL > HSM.
  4. Under HSM, select the HSM and modify it as required.
  5. Select Administration > Health Checks and Monitoring > Health Checks.
  6. Under Health Checks, select the HSM health check.
  7. Under Notifications, select the Notify on a Transition to Healthy/Sick options for email and SNMP notifications. For event logging, select the Log a Transition to Healthy/Sick As options. Apply the changes.
  8. Revert or change the global notification defaults as needed:
    •   Select Administration > Health Checks and Monitoring > Health Checks.
    •   Under Default Notifications, make changes to default settings. Apply the changes.

In the Management Console:

  1. Select Configuration > Health Checks > General > Default Notifications.
  2. Select the Notify on a transition to healthy/sick options for email and SNMP notifications. For event logging, select the Log a transition to healthy/sick as options. Apply the changes.
  3. Select Configuration > SSL > HSM > HSM
  4. Under HSM, select the HSM and modify it as required.
  5. Select Configuration > Health Checks > General > Default Notifications..
  6. Select the HSM health check and select Edit.
  7. On the health check dialog, under Override Defaults, select Override the default notifications.
  8. On the overrides dialog, select the Notify on a transition to healthy/sick options for email and SNMP notifications. For event logging, select the Log a transition to healthy/sick as options. Apply the changes.
  9. Revert or change the global notification defaults as needed:
    •   Select Configuration > Health Checks > General > Default Notifications.
    •   Under Default Notifications, make changes to default settings. Apply the changes.
Powered by Wolken Software