System Information
Administration > Software > Upgrade > System Information
You can manage system information with templates (except for Deployment Mode, which is an appliance-specific configuration). To change a Deployment Mode, navigate to Configuration > Networking > Deployment.
When you click the Edit icon next to a specific appliance, the following two screens are available.
System Summary
Property Key | Description |
---|---|
Appliance Key | Orchestrator assigns and uses this key to identify the appliance. |
Platform | Underlying cloud platform on which the EdgeConnect appliance runs, such as Amazon EC2, Azure, Google Cloud, or VMware. |
Uptime | Time elapsed since the appliance became operational and available. |
Active Release | Specifies the software release the appliance is running. |
Appliance ID | Unique identifier for the appliance. |
Discovery Method | Specifies how Orchestrator discovered the appliance: PORTAL: Orchestrator discovered the appliance through the portal account. MANUAL: The appliance was added manually. APPLIANCE: The Orchestrator IP address was added to the appliance. Portal was not involved. |
Connection Type | Method that Orchestrator uses to communicate with the appliance. Options are WEBSOCKET, PORTAL, and HTTP. |
Appliance Model | Specific EC, EC-V, NX, VX, or VRX model. |
BIOS Version | Version of BIOS firmware that the appliance is using. |
Serial Number | Serial number of the appliance. |
System Bandwidth | Appliance’s total outbound bandwidth, determined by appliance model or license. |
Mode | Specifies the appliance’s deployment mode: Server, Router, or Bridge. |
System Settings
Property Key | Description |
---|---|
Model | Specific EC, EC-V, NX, VX, or VRX model. |
Serial | Serial number of the appliance. |
Site Name | Orchestrator will not build tunnels between appliances with the same user-assigned site name. |
Hub Site? | Specifies whether the appliance has been assigned the role, Hub, in Orchestrator. |
Contact Name | Name of the person to contact within your organization (optional). |
Contact Email | Email address of the person to contact within your organization (optional). |
Location | Appliance location, optionally specified during appliance setup. |
Region | User-assigned name created for segmenting topologies and streamlining the number of tunnels created. When regions contain at least one hub, you can choose to connect regions through hubs only. |
IP Id auto optimization | Enables any IP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies). |
TCP auto optimization | Enables any TCP flow to automatically identify the outbound tunnel and gain optimization benefits. Enabling this option reduces the number of required static routing rules (route map policies). |
Flows and tunnel failure | If there are parallel tunnels and one fails, Dynamic Path Control determines where to send the flows. There are three options: fail-stick: When the failed tunnel comes back up, the flows do not return to the original tunnel. They stay where they are. fail-back: When the failed tunnel comes back up, the flows return to the original tunnel. disable: When the original tunnel fails, the flows are not routed to another tunnel. |
Encrypt data on disk | Enables encryption of all the cached data on the disks. Disabling this option is not recommended. |
Configured Media Type | Is either ram and disk (VX) or ram only (VRX). Can be changed for special circumstances if recommended by Support. |
Media Type | Displays the actual media being used. |
Shell Access Status | Specifies the current shell access policy for EdgeConnect appliances. Open Shell Access: Full access granted to the underlying Linux operating system shell. Secure Shell Access: Access denied to the shell, but Support can grant access. Contact Support for assistance. You cannot change this setting to Open Shell Access. Disabled Shell Access: Access permanently denied to the shell. You cannot change this setting to Open Shell Access or Secure Shell Access. This setting is managed on the Advanced Security Settings page (Configuration > Overlays & Security > Security > Advanced Security Settings). Changes to this setting affect all appliances in your network. |
Excess flow policy | Specifies what happens to flows when the appliance reaches its maximum capacity for optimizing flows. The default is to bypass flows. Or, you can choose to drop the packets. |
SSL optimization for non-IPSec tunnels | Specifies whether the appliance should perform SSL optimization when the outbound tunnel for SSL packets is not encrypted (for example, a GRE or UDP tunnel). To enable Network Memory for encrypted SSL-based applications, you must provision server certificates in Orchestrator. This activity can apply to the entire distributed network of EdgeConnect appliances or just to a specified group of appliances. |
Bridge Loop Test | Only valid for virtual appliances. When enabled, the appliance can detect bridge loops. If it detects a loop, the appliance stops forwarding traffic and raises an alarm. Appliance alarms include recommended actions. |
Enable IGMP snooping | IGMP snooping is a common Layer 2 LAN optimization that filters the transmit of multicast frames only to ports where multicast streams have been detected. Disabling this feature floods multicast packets to all ports. IGMP snooping is recommended and enabled by default. |
Auto Flow Re-Classify | Specifies how often to do a policy lookup. |
Always send pass-through traffic to original sender | If the tunnel goes down when using WCCP and PBR, traffic that was intended for the tunnel is sent back the way it came. |
IPSec UDP Port | Specifies the port that Orchestrator uses to build IPSec UDP tunnels. If the field is blank, Orchestrator uses the default. |
Enable default DNS lookup | Allows the appliance to snoop the DNS requests to map domains to IP addresses. This mapping then can be used in ACLs for traffic matching. |
Enable HTTP/HTTPS snooping | Enables a more granular application classification of HTTP/HTTPS traffic by inspection of the HTTP/HTTPS header, Host. This is enabled by default. |
Quiescent tunnel keep alive time | Specifies the rate at which to send keep alive packets after a tunnel has become idle (quiescent mode). The default is 60 seconds. |
UDP flow timeout | Specifies how long to keep the UDP session open after traffic stops flowing. The default is 120 seconds (2 minutes). |
Non-accelerated TCP Flow Timeout | Specifies how long to keep the TCP session open after traffic stops flowing. The default is 1800 seconds (30 minutes). |
Maximum TCP MSS | Maximum Segment Size. The default value is 9000 bytes. This ensures that packets are not dropped for being too large. You can adjust the value (500 to 9000) to lower a packet’s MSS. |
NAT-T keep alive time | If a device is behind a NAT, this specifies the rate at which to send keep alive packets between hosts to keep the mappings in the NAT device intact. |
Tunnel Alarm Aggregation Threshold | Specifies the number of alarms to allow before alerting the tunnel alarm. |
Maintain end-to-end overlay mapping | Enforces the same overlay to be used end-to-end when traffic is forwarded on multiple nodes. |
IP Directed Broadcast | Allows an entire network to receive data that only the target subnet initially receives. |
Allow WAN to WAN routing | Redirects inbound LAN traffic back to the WAN. |