Describes all the possible remote diagnostics tests that you can run on an Edge to obtain diagnostic information. The diagnostic information contains Edge-specific logs for analysis.

ARP Table Dump

Run this test to view the contents of the ARP table. The output is limited to display 1000 ARP entries.

Clear ARP Cache

Run this test to clear the ARP cache entries for the specified interface.

DNS Test

Run this test to perform a DNS lookup of the specified domain name.

DNS/DHCP Service Restart

Run this test to restart the DNS/DHCP service. This can serve as a troubleshooting step if DHCP or DNS requests are failing for clients.

Flush Firewall Sessions

Run this test to reset established sessions from the firewall. Running this test on an Edge not only flushes the firewall sessions, but actively send a TCP RST for the TCP-based sessions.

Flush Flows

Run this test to flush the flow table, causing user traffic to be re-classified. Use source and destination IP address filters to flush specific flows.

Flush NAT

Run this test to flush the NAT table.

Gateway

Run this test by choosing whether cloud traffic should or should not use the Gateway Service.
Note: This does not affect the routing of VPN traffic.

Interface Status

Run this test to view the MAC address and connection status of physical interfaces.

List Active Firewall Sessions

Run this test to view the current state of the active firewall sessions (up to a maximum of 1000 sessions). You can limit the number of sessions returned by using filters: source and destination IP address, source and destination port, and Segment.
Note: You cannot see sessions that were denied as they are not active sessions. To troubleshoot those sessions you will need to check the firewall logs.
The Remote Diagnostics output displays the following information: Segment name, Source IP, Source Port, Destination IP, Destination Port, Protocol, Application, Firewall Policy, current TCP state of any flows, Bytes Received/Sent, and Duration. There are 11 distinct TCP states as defined in RFC 793:
  • LISTEN - represents waiting for a connection request from any remote TCP and port. (This state is not shown in a Remote Diagnostic output).
  • SYN-SENT - represents waiting for a matching connection request after having sent a connection request.
  • SYN-RECEIVED - represents waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
  • ESTABLISHED - represents an open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.
  • FIN-WAIT-1 - represents waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent.
  • FIN-WAIT-2 - represents waiting for a connection termination request from the remote TCP.
  • CLOSE-WAIT - represents waiting for a connection termination request from the local user.
  • CLOSING - represents waiting for a connection termination request acknowledgment from the remote TCP.
  • LAST-ACK - represents waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
  • TIME-WAIT - represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
  • CLOSED - represents no connection state at all.

List Active Flows

Run this test to list active flows in the system. Use source and destination IP address filters to view the exact flows you want to see. This output is limited to a maximum of 1000 flows.

List Clients

Run this test to view the complete list of clients.

List Paths

Run this test to view the list of active paths between local WAN links and each peer.

MIBs for Edge

Run this test to dump Edge MIBs.

NAT Table Dump

Run this test to view the contents of the NAT Table. Use the destination IP address filter to view the exact entries you want to see. This output is limited to a maximum of 1000 entries.

NTP Dump

Run this test to view the current date and time on Edge and NTP information.

Ping Test

Run a ping test to the destination specified.

Route Table Dump

Run this test to view the contents of the Route Table.

System Health

Run this test to view system information such as system load, recent WAN stability statistics, monitoring services. WAN stability statistics include the number of times individual VPN tunnels and WAN links lost connectivity for at least 700 milliseconds.

Traceroute

Run a traceroute via the Gateway or directly out any of the WAN interfaces to the destination specified.

Troubleshoot BGP - List BGP Redistributed Routes

Run this test to view routes redistributed to BGP neighbors.

Troubleshoot BGP - List BGP Routes

Run this test to view the specific BGP routes from neighbors, leave prefix empty to view all.

Troubleshoot BGP - List Routes per Prefix

Run this test to view all the Overlay and Underlay routes for a prefix and the related details.

Troubleshoot BGP - Show BGP Neighbor Advertised Routes

Run this test to view the BGP routes advertised to a neighbor.

Troubleshoot BGP - Show BGP Neighbor Learned Routes

Run this test to view all the accepted BGP routes learned from a neighbor after filters.

Troubleshoot BGP - Show BGP Neighbor Received Routes

Run this test to view all the BGP routes learned from a neighbor before filters.

Troubleshoot BGP - Show BGP Neighbor details

Run this test to view the details of BGP neighbor.

Troubleshoot BGP - Show BGP Routes per Prefix

Run this test to view all the BGP routes and their attributes for the specified prefix.

Troubleshoot BGP - Show BGP Summary

Run this test to view the existing BGP neighbor and received routes.

Troubleshoot BGP - Show BGP Table

Run this test to view the BGP table.

Troubleshoot OSPF - List OSPF Redistributed Routes

Run this test to view all the routes redistributed to OSPF neighbor.

Troubleshoot OSPF - List OSPF Routes

Run this test to view the OSPF routes from neighbors for the specified Prefix. Displays all the OSPF routes from the neighbors if the Prefix is not specified.

Troubleshoot OSPF - Show OSPF Database

Run this test to view the OSPF link state database summary.

Troubleshoot OSPF - Show OSPF Database for E1 Self-Originate Routes

Run this test to view the E1 LSA's self-originated routes that are advertised to OSPF router by the Edge.

Troubleshoot OSPF - Show OSPF Neighbors

Run this test to view all the OSPF neighbors and associated information.

Troubleshoot OSPF - Show OSPF Route Table

Run this test to view the existing OSPF route table.

Troubleshoot OSPF - Show OSPF Setting

Run this test to view the OSPF setting and neighbor status.

VPN Test

Select a segment from the drop-down menu and click Run to test VPN connectivity to each peer.
When the VPN test is run, the Edge selects the Source and Destination IP and initiates the tunnel request. The selected Source and Destination IP should meet the following criteria:
  • It should be a connected route IP
  • It should be reachable and the routes should be advertised

When the Edge cannot select a valid IP as the Source IP to initiate the tunnel request, the VPN Test will fail with the following error.

Branch-to-Branch vpn is disabled. Please enable it before running the test

WAN Link Bandwidth Test

Run the bandwidth test on a specified WAN link. This test has the benefit of being non-disruptive in multi-link environments. Only the link under test is blocked for user traffic. This means that you can re-run the test on a specific link and the other link(s) will continue to serve user traffic.

As the bandwidth test is run when the tunnel reconnects after a period of instability, there have been occasions in the field where the link has recovered enough for tunnel connectivity, but not enough to accurately measure the bandwidth of the WAN link. To address these scenarios, if the bandwidth test fails or measures a significantly reduced value, the last known “good” measurement will be used and a re-test of the link will be scheduled for 30 minutes after the tunnel is established to ensure a proper measurement.

Note: For WAN link over 1 Gbps, it is recommended that the user define the bandwidth of the WAN link.