SEP 12.1.2 Security Virtual Appliance - is it working correctly?
How will i know that the appliance works correctly?
At the moment i have:
- deployed the appliance
- Protected W7 x64 endpoint using default policy
- Changed the policy to use vShield Shared Inside Cache
In Clients --> Group --> MyW7x64 -- Security Virtual Appliance status is as: Unknown
What does it mean? What should i do to make sure that Status will be as.. Active (?) and in general that its doing its thing.
Inthe meantime i set email notification policy, to let me know when the appliance will go offline.
So i powered it down - and no email so far, and its abeen at least 20 minutes since i powered it off.
Yesterday i deployed the appliance to a different host, when i powered it down - i go the email. But at that time i didnt check the status of the appliance, so it could be Unknown as weel.
Can someone please help me out?
Comments 9 Comments • Jump to latest comment
Hi,
Check same thread
https://www-secure.symantec.com/connect/forums/endpoint-1212-and-vshield-plug
https://www-secure.symantec.com/connect/forums/vshield-agent-less-sep
Does Symantec Endpoint Protection 12.1 support VMWare vShield?
http://www.symantec.com/docs/TECH175568
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Those links are unrelated to my issue/question.
I just got email:
Security Virtual Appliance symantec-sva2 is currently offline. This Security Virtual Appliance has not communicated with the server for 2 or more heartbeats
My appliance is up and running. I can ping stuff etc. ..sva2 is the latest appliance that i have deployed. Never shut it down.
HI,
Check this thread may be help.
I would suggest you to check the Topic 29 from the Symantec™ Endpoint Protection and Symantec Network Access Control 12.1.2 Installation and Administration Guide
http://www.symantec.com/business/support/index?page=content&id=DOC6153
https://www-secure.symantec.com/connect/forums/sep-1212-security-virtual-appliance-vshield-shared-insight-cache
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thank you,
I did read it before i posted here.
Also, just in case, i have run search in that document for: unknown
"Unknown" word is always next to the "threads" - there is no explanation for "unknown" status of the SVA in the console.
I also get information about offline appliance, which i uninstalled using the procedure:
java -jar Symantec_SVA_Install.jar -s pathname/SVA_InstallSettings.xml -uninstall
So why do i get that:
Security Virtual Appliance symantec-sva is currently offline. This Security Virtual Appliance has not communicated with the server for 2 or more heartbeats.
If you have read this document after you can't received any answer
Kindly contact Support and have a case created to get further help.
How to create a new case in MySupport
http://www.symantec.com/business/support/index?page=content&id=TECH58873
Phone numbers to contact Tech Support:-
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
India: Toll-Free 000 800 4401 456 directly
IDD call: +61 2 8220 7111
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Good Luck Antakar - you are getting the same repost and repeat of the same basic "about' links I have been finding. Seems no one knows about these but keep posting the same "about" articles.
So far I'm having trouble finding the point of these thigns we spent 2 days installing - and in the process nearly killing one of the hosts as we had to install vShield to use the SVA appliances.
They don't show up in the SEPM or console, I see "unknown" in the status, and I don't see that they actually do anything. Nothing seems to communicate with them, and since we had to export a communicatins file to install them - does that mean that we are hosed with all the other groups in SEP?
What about the other client and server groups - do the SVA appliances pick a group based on the one file export you did and ignore all the other groups? We have multiple groups - how are those handled?
Where can you find these in the SEPM console - other than in the status column (unknown) that is..?
My sites - http://theamcpages.com & http://antique-engines.com
Toy:
Shadow:
I had the same unknown status problem up until yesterday. I realized that you need an SVA on each host so I created them. I then also found that the time on my vShield Manager was off by 4 hours. After changing the time via command line and rebooting the SVAs, the unknowns started to change to the SVA name that the devices were assigned to.
Not sure if this will help anyone else but I thought I would post my findings
ESXi 5.1.0
vShield Manager version 5.1.1
SVA version 12.1.2015.2015
SEPM Version 12.1.2100.2093
Would you like to reply?
Login or Register to post your comment.