4 Replies Latest reply on Jun 12, 2015 1:33 AM by in-young

    [AFOK-M8000] Problem with Copper Active Fail-Open KIT 2000

    in-young

      Hello,

      I'm new too McAfee NSP, Recently.

      One of our Customer are using M-8000 NSP & Active Copper Fail-Open KIT 2000 has Big failure occurred because of the abnormal operation of the ACFOK.

      When lots of traffic comes at the same time(Almost 1G), FOKIT can’t enter into BYPASS mode, even though the LED status shows Bypass.

      It leads to entire network disconnected from the internet.

      Is this ACFOK2000 normal or not?

      Result of test another five ACFOK shows same status too.

      Some one help me please.

       

      1.PNG  2.PNG

        • 1. Re: [AFOK-M8000] Problem with Copper Active Fail-Open KIT 2000
          peter.mason

          Hi in-young,

           

          What software version are you using on these sensors?

           

          Have you recently made any changes to the sensors such as upgrading them or your manager software?

           

          Regards

           

          Peter Mason

          • 2. Re: [AFOK-M8000] Problem with Copper Active Fail-Open KIT 2000
            in-young

            Dear Peter,

            Thank you for your response.

             

            What software version are you using on these sensors?

            > NSM S/W Version : 7.1.5.14

               Sensor S/W Version : 7.1.3.88

               Copper Active Fail Open KIT : 1.0.3

             

            Have you recently made any changes to the sensors such as upgrading them or your manager software?

            > I didn't make any changes of NSM and Sensor.

             

            Yours Sincerely.

            • 3. Re: [AFOK-M8000] Problem with Copper Active Fail-Open KIT 2000
              peter.mason

              Hi in-young,

               

              Have you opened a Service Request with McAfee Support for this issue? If you are easily able to reproduce the issue they should be able to trouble shoot it with you and provide a reason why it is happening.

               

              We have had some similar problems with M-2950 series sensors where they reboot due to an internal error and then stop processing traffic, even in fail open mode. Rebooting the device resolved the issue in some cases but we have had to have some of them replaced as they just won't work any more.

               

              How are you resolving this issue when it occurs? Does it go away once the level of network traffic returns to normal levels?

               

              Regards

               

              Peter

              • 4. Re: [AFOK-M8000] Problem with Copper Active Fail-Open KIT 2000
                in-young

                Hi Peter,

                 

                Have you opened a Service Request with McAfee Support for this issue?

                If you are easily able to reproduce the issue they should be able to trouble shoot it with you and provide a reason why it is happening.

                > Tier 3 said : 1) Upgrade NSM S/W Version 8.x

                                     2) Upgrade Sensor S/W Version 8.x

                                      3) Change Mode Inline Fail-Closed -> Inline Fail Open

                                     3) and then, When same failure occured again, collect log and report(ems, trace, infocollect etc,,)

                                   

                                     That's the answer I received.

                 

                We have had some similar problems with M-2950 series sensors where they reboot due to an internal error and then stop processing traffic,

                even in fail open mode. Rebooting the device resolved the issue in some cases but we have had to have some of them replaced as they just won't work any more.


                > In my opinion(almost absolutely), Copper Active Fail Open KIT 2000 aka 'FOK' operation mode(fail-open, fail-close) does not matter.

                  Because it operation independently without being affected by the specified GUI operation mode.

                 

                How are you resolving this issue when it occurs? Does it go away once the level of network traffic returns to normal levels?


                > Once FOK issue occured again, Network lose connection. Then All network traffic is down.

                   It never return to normal levels till customers had rebooting the FOK.

                   I'm so very tired and painful.

                   Anyway, Thank you very much for being answers. It has been brought up a lot.

                 

                  Yours Sincerely.