1 of 1 people found this helpful
Are you using a central manager? The ICC is an older name for the central manager and is configured under the manage tab. If you don't have one, you need to remove the configuration there. If you do, you need to ensure trust is established properly on both managers.
The second screenshot shows normal link loss situations. Check the monitoring ports under the device tab and acknowledge faults as appropriate.
thanks gfergus1 for reply,
how can i ensure trust on both mangers?
for the second error, i already enable that port but after some time the port will disable again.
hope u can help me gfergus1
Here's the guide that covers the central manager configuration: http://kc.mcafee.com/corporate/index?page=content&id=PD24258
The applicable section is chapter 24 on page 524.
To add a Manager to Central Manager:
1 Select Devices | Manager Management | Add and Remove Managers.
2 Click New.
3 Type the Manager Name and the Shared Secret (repeat at Confirm Shared Secret).
The Manager side configuration then needs to be confirmed under Manage -> Setup -> Central Manager.
Regarding the monitoring port going down. If the port is not able to negotiate link, the sensor disables the port to allow it to go into bypass. Check that the cable has link on the remote end as well as on the port peer. Speed and duplex must match on all connections.
Try reseating cables, SFPs and swapping to other ports on the other end if the issue persists.
For the port alerts, I think by default in 7.5 NSM, sensors are configured in inline fail open settings. To check, access CLI then execute "showfailopencfg", what this does is that it will check ports 7-10 every 5-minutes (default) and re-enable the in-line ports which is why it keeps on alerting even if you acknowledge the faults.
To avoid the notification of the ports, go to Device > IPS device > Setup > Monitoring Ports.
Click on the port and enable the administrative status, Save the changes. Then click on the port again then disable it. Save the changes.
Go now to the system faults and acknowledge the port failure alerts. This will keep the alerts from coming back.