Link Search Menu Expand Document

System Information

Administration > Software > Upgrade > System Information

You can manage system information with templates (except for Deployment Mode, which is an appliance-specific configuration). To change a Deployment Mode, navigate to Configuration > Networking > Deployment.

When you click the Edit icon next to a specific appliance, the following two screens are available:

System Summary

img

System Settings

img

The following table describes the properties and configuration options available in these templates.

Property Key Description
Active Release Specifies the software release the appliance is running.
Allow WAN to WAN routing Redirects inbound LAN traffic back to the WAN.
Always send pass-through traffic to original sender If the tunnel goes down when using WCCP and PBR, traffic that was intended for the tunnel is sent back the way it came.
Appliance ID Unique identifier for the appliance.
Appliance Key Orchestrator assigns and uses this key to identify the appliance.
Appliance Model Specific EC, EC-V, NX, VX, or VRX model.
Auto Flow Re-Classify Specifies how often to do a policy lookup.
BIOS Version Version of BIOS firmware that the appliance is using.
Bridge Loop Test Only valid for virtual appliances. When enabled, the appliance can detect bridge loops. If it detects a loop, the appliance stops forwarding traffic and raises an alarm. Appliance alarms include recommended actions.
Configured Media Type Is either ram and disk (VX) or ram only (VRX). Can be changed for special circumstances if recommended by Support.
Connection Type Method that Orchestrator uses to communicate with the appliance. Options are WEBSOCKET, PORTAL, and HTTP.
Contact Email Email address of the person to contact within your organization (optional).
Contact Name Name of the person to contact within your organization (optional).
Discovery Method Specifies how Orchestrator discovered the appliance:

PORTAL: Orchestrator discovered the appliance through the portal account.

MANUAL: The appliance was added manually.

APPLIANCE: The Orchestrator IP address was added to the appliance. Portal was not involved.
Enable default DNS lookup Allows the appliance to snoop the DNS requests to map domains to IP addresses. This mapping then can be used in ACLs for traffic matching.
Enable Health check Activates pinging of the next hop router.
Enable HTTP/HTTPS snooping Enables a more granular application classification of HTTP/HTTPS traffic by inspection of the HTTP/HTTPS header, Host. This is enabled by default.
Enable IGMP snooping IGMP snooping is a common Layer 2 LAN optimization that filters the transmit of multicast frames only to ports where multicast streams have been detected. Disabling this feature floods multicast packets to all ports. IGMP snooping is recommended and enabled by default.
Encrypt data on disk Enables encryption of all the cached data on the disks. Disabling this option is not recommended.
Excess flow policy Specifies what happens to flows when the appliance reaches its maximum capacity for optimizing flows. The default is to bypass flows. Or, you can choose to drop the packets.
Flows and tunnel failure If there are parallel tunnels and one fails, Dynamic Path Control determines where to send the flows. There are three options:

fail-stick: When the failed tunnel comes back up, the flows do not return to the original tunnel. They stay where they are.

fail-back: When the failed tunnel comes back up, the flows return to the original tunnel.

disable: When the original tunnel fails, the flows are not routed to another tunnel.
Hold down count If the link has been declared down, this specifies how many successful ICMP echoes are required before declaring that the link to the next hop router is up.
Hub Site? Specifies whether the appliance has been assigned the role, Hub, in Orchestrator.
Interval Specifies the number of seconds between each ICMP echo sent.
IP Directed Broadcast Allows an entire network to receive data that only the target subnet initially receives.
IP Id auto optimization Enables any IP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies).
IPSec UDP Port Specifies the port that Orchestrator uses to build IPSec UDP tunnels. If the field is blank, Orchestrator uses the default.
Location Appliance location, optionally specified during appliance setup.
Maintain end-to-end overlay mapping Enforces the same overlay to be used end-to-end when traffic is forwarded on multiple nodes.
Maximum TCP MSS Maximum Segment Size. The default value is 9000 bytes. This ensures that packets are not dropped for being too large. You can adjust the value (500 to 9000) to lower a packet’s MSS.
Media Type Displays the actual media being used.
Mode Specifies the appliance’s deployment mode: Server, Router, or Bridge.
Model Specific EC, EC-V, NX, VX, or VRX model.
NAT-T keep alive time If a device is behind a NAT, this specifies the rate at which to send keep alive packets between hosts to keep the mappings in the NAT device intact.
Non-accelerated TCP Flow Timeout Specifies how long to keep the TCP session open after traffic stops flowing. The default is 1800 seconds (30 minutes).
Platform Underlying cloud platform on which the EdgeConnect appliance runs, such as Amazon EC2, Azure, Google Cloud, or VMware.
Quiescent tunnel keep alive time Specifies the rate at which to send keep alive packets after a tunnel has become idle (quiescent mode). The default is 60 seconds.
Region User-assigned name created for segmenting topologies and streamlining the number of tunnels created. When regions contain at least one hub, you can choose to connect regions through hubs only.
Retry count Specifies the number of ICMP echoes to send without receiving a reply before declaring that the link to the WAN next hop router is down.
Serial / Serial Number Serial number of the appliance.
Shell Access Status Specifies the current shell access policy for EdgeConnect appliances.

Open Shell Access: Full access granted to the underlying Linux operating system shell.

Secure Shell Access: Access denied to the shell, but Support can grant access. Contact Support for assistance. You cannot change this setting to Open Shell Access.

Disabled Shell Access: Access permanently denied to the shell. You cannot change this setting to Open Shell Access or Secure Shell Access.

This setting is managed on the Advanced Security Settings page (Configuration > Overlays & Security > Security > Advanced Security Settings). Changes to this setting affect all appliances in your network.
Site Name Orchestrator will not build tunnels between appliances with the same user-assigned site name.
SSL optimization for non-IPSec tunnels Specifies whether the appliance should perform SSL optimization when the outbound tunnel for SSL packets is not encrypted (for example, a GRE or UDP tunnel). To enable Network Memory for encrypted SSL-based applications, you must provision server certificates in Orchestrator. This activity can apply to the entire distributed network of EdgeConnect appliances or just to a specified group of appliances.
System Bandwidth Appliance’s total outbound bandwidth, determined by appliance model or license.
TCP auto optimization Enables any TCP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies).
Tunnel Alarm Aggregation Threshold Specifies the number of alarms to allow before alerting the tunnel alarm.
UDP flow timeout Specifies how long to keep the UDP session open after traffic stops flowing. The default is 120 seconds (2 minutes).
Uptime Time elapsed since the appliance became operational and available.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.