Customer had removed a certain application from production in the past and, currently do not feel comfortable putting the same equipment 100% active without a health check of it.
The customer would have to proactively set up and run Health Checks on ProxySG.
Release :
We have shared the guidance in the Tech. Article with the URL below, to set up and run the requested health checks on the appliance.
https://knowledge.broadcom.com/external/article/165591/configuring-icap-health-checks.html
To view Health Checks, use the following URLs:
https://<ProxySG_IP_address>:8082/health_check/view (to list all health check configurations)
https://<ProxySG_IP_address>:8082/health_check/statistics (to view statistics for active Health Checks)
Note: Please run the above, for the health checks, before and after adding the reported application. This will help confirm the impact the application would have on the current working state of the appliance. If there is no negative impact, you may monitor the same for some time, and if a good performing state is maintained, you may go ahead with re-introducing the application back into production. It's always will recommend to run all of the tests in the test environment, validating the performance, before going live in PROD.
Having run the same in the lab environment, we have the below, for the two. This is just a sample and the you should expect to see a lot more, coming from a bigger test/PROD environment.
Health Check Configuration
Health Check Status
Status check target: None
Authentication
auth.symcdemos
Authentication realm: symcdemos
Type of test: Authentication Enable state: Enabled
E-Mail Notifications: Use default
Event Log Notifications: Use default
SNMP Notifications: Use default
Monitoring Notifications: Use default
Limits: Use default
Authentication
auth.symcdemos.local
Authentication domain: symcdemos.local
Type of test: Authentication Enable state: Enabled
E-Mail Notifications: Use default
Event Log Notifications: Use default
SNMP Notifications: Use default
Monitoring Notifications: Use default
Limits: Use default
DNS Server
dns.10.0.0.1
DNS Server: 10.0.0.1
Type of test: DNS Server Enable state: Enabled
E-Mail Notifications: Use default
Event Log Notifications: Use default
SNMP Notifications: Use default
Monitoring Notifications: Use default
Limits: Use default
Hostname: Use default: www.bluecoat.com
DNS Server
dns.10.0.0.10
DNS Server: 10.0.0.10
Type of test: DNS Server Enable state: Enabled
E-Mail Notifications: Use default
Event Log Notifications: Use default
SNMP Notifications: Use default
Monitoring Notifications: Use default
Limits: Use default
Hostname: Use default: www.bluecoat.com
Content analysis services
icap.contentanalysis_respmod
ICAP service:contentanalysis_respmod
Type of test: ICAP Enable state: Enabled
E-Mail Notifications: Use default
Event Log Notifications: Use default
SNMP Notifications: Use default
Monitoring Notifications: Use default
Limits: Use default
Isolation
iso.server
Isolation:
Type of test: TCP Enable state: Disabled: Healthy
E-Mail Notifications: Use default
Event Log Notifications: Use default
SNMP Notifications: Use default
Monitoring Notifications: Use default
Limits: Use default
Default Configuration Settings
E-Mail Notifications:
Change to healthy: disabled Change to sick: disabled
Report for all IPs: disabled
Event Log Notifications:
Change to healthy: disabled Event log as severe: disabled
Change to sick: disabled Event log as severe: enabled
Report for all IPs: disabled
SNMP Notifications:
Change to healthy: disabled Change to sick: disabled
Report for all IPs: disabled
Monitoring Notifications:
Severity: Warning
Limits:
Healthy interval: 10 seconds Sick interval: 10 seconds
Healthy threshold: 1 Sick threshold: 1
Response time threshold: disabled Failure trigger: disabled
For the possible Health Check tests on ProxySG, please refer to the details in the Tech. doc. with the URL below.
Alternatively, the customer may run the CLI command below, on the ProxySG appliance, export the entire output to clipboard, and upload the same to the ticket, for checks.
# (config health-check) view Health Check Configuration