SSP: Sensor health is not reported to SSP after sniffing interface is configured, or, Sensor is not reachable via management interface
Article ID: 423581
Updated On:
Products
Issue/Introduction
After the sniffing interface is configured on the Sensor VM, it stops sending health updates to SSP, and the sensor-health-daemon on the Sensor VM keeps restarting. In some cases, Sensor VM is not reachable, or cannot be logged into, via the management interface.
Environment
vDefend SSP >= 5.1
NDR Sensor >= 5.1
Cause
One of the probable causes for both these issues is misconfiguration of routes when both network interfaces of the Sensor VM are configured to use the same DHCP, and the order of the DHCP IP assignment is non-deterministic.
Resolution
User needs to verify that Security Services Platform (SSP) ingress FQDN is routable and can be resolved via the management interface of the NDR Sensor VM.
User can verify the networking configuration for the management interface by logging into the NDR Sensor VM as a root user. This can be done in two ways:
- Login to the NDR Sensor VM console via vSphere
- By enabling root user login via the NDR Sensor CLI and then logging in via SSH as a root user
ndr-sensor> set ssh root-login
For specific steps to troubleshoot routing and networking configuration, contact Broadcom support for the resolution
Once the routing and networking configuration is resolved, user should start seeing sensor health being reported correctly in Security Services Platform (SSP) on the NDR Sensor management page.
For example, in case all NDR Sensor services are healthy, user can see the following in Security Services Platform (SSP) on the NDR Sensor management page and on the "Sensor Details" UI
NDR Sensor management page:
"Sensor Details" UI:
Additional Information
This issue will be fixed in further releases
Feedback
