The options available in the Gateway Admin menu allow you to monitor and control the local Corente Services Gateway. The options in this menu are intended for use by administrators only.
When you attempt to access an option from the Gateway Admin menu, a dialog box may appear that requests a user name and password. Enter these items and click OK. You will only be asked for this information once per administration session. Your user name and password will be saved until you close your browser window.
The following options are be available from this menu:
Section 17.6.1, “Status” displays the name of the Corente Services Gateway, IP address information (LAN, WAN, and VIP), current time, uptime, load averages, and Corente Services Gateway software version information, as well as current information about the tunnel connections associated with this Corente Services Gateway.
Section 17.6.2, “Test” allows you to perform several network connectivity tests to verify the operational status of the Corente Services Gateway, the Corente SCP, your DNS server, and the partners of the Corente Services Gateway.
Section 17.6.3, “Control” allows you to start/stop/restart the Corente Services Gateway software and shutdown/reboot the Corente Services Gateway.
Section 17.6.4, “Remote Login” allows you to select whether or not to allow remote login access to this Corente Services Gateway over the secure tunnel from the Corente Services Control Point.
Section 17.6.5, “Download” allows you to download the Corente Services Gateway log files into a single compressed file that can be sent to Customer Care for troubleshooting purposes. You can also download a text file for each of the SNMP MIB files that are available on the Corente Services Gateway to review the information that each MIB can provide.
Section 17.6.6, “Version” allows you to view version information about software that is installed on your Corente Services Gateway.
Occasionally, you may see an image at the top of your Gateway Administration screens that indicates that your Corente Services Gateway has downloaded an upgrade of the Corente Services Gateway software, but must reboot in order to enable it. Clicking on the notification will take you to the Control screen, which you should use to manually reboot the Corente Services Gateway.
This notification will appear only if your Corente Services Gateway does not automatically reboot when an upgrade has been downloaded. To enable the automatic reboot so that upgrades will automatically go into effect, an administrator of your Corente Services Gateway can use the App Net Manager application to select Allow automatic reboot after maintenance on the Location tab of the Location form for your Corente Services Gateway.
The Corente Gateway Identity and Connection Status page is divided into two sections: Corente Gateway Information and Connection Status. In addition, a Show Detail hyperlink appears at the top of the page. When clicked, this hyperlink provides additional information in the Connection Status section.
This page does not auto-refresh. When you want to view the most up-to-date information, right-click your mouse button over the interface and select the Refresh option from the menu that appears.
The first section of the Status page presents the following information about the Corente Services Gateway that you are viewing:
- Name
Displays the name that was assigned to this Corente Services Gateway when it was created with the App Net Manager. This name is also used as the hostname for the Corente Services Gateway. The name will occasionally be prefixed with the name of your secure application network domain to generate a fully-qualified and unique Corente Services Gateway name (for example, domainname.gatewayname).
- LAN Address
Displays the IP address assigned to the LAN (Local Area Network) Ethernet interface of the Corente Services Gateway. If the Corente Services Gateway uses a Peer configuration, there is only one Ethernet interface, and its address will be listed in this field. If the Corente Services Gateway uses an Inline configuration, there are at least two Ethernet interfaces. The LAN Address will be the Ethernet interface that connects to the private internal network.
- WAN Address
Displays the IP address assigned to the WAN (Wide Area Network) Ethernet interface of an Inline Corente Services Gateway. This interface connects to the public (Internet facing) network. A Peer configuration does not have a WAN interface. If the Dual WAN feature has been enabled, this is the address assigned to the primary WAN interface and is currently in use only when the word ACTIVE appears next to this entry.
- Secondary WAN Address
Displays the IP address assigned to the secondary WAN (Wide Area Network) Ethernet interface of an Inline Corente Services Gateway, when the Dual WAN feature has been enabled. This secondary interface connects to the public (Internet facing) network and is currently in use only if the word ACTIVE appears next to this entry.
- DMZ Address
Displays the IP address assigned to the DMZ-facing Ethernet interface of a Corente Services Gateway. Using this interface, the Corente Services Gateway acts as an intermediary between servers on the DMZ and those machines (both on the LAN and on the Internet/WAN) who access the servers. This arrangement prevents unwanted Internet/WAN traffic from infiltrating the LAN.
- Virtual IP Address
Displays the internal IP address that was assigned when this Corente Services Gateway was created. A VIP address will be assigned for both Peer and Inline Corente Services Gateway configurations. This address is used for internal routing purposes when secure tunnels are being created. You cannot use this address for any other machine in your network, and you cannot communicate with the Corente Services Gateway via this address using programs such as telnet or ping.
- LAN DHCP
Displays the status of DHCP on the LAN interface. The values in this field reflect the settings on the Network tab of the Location form for this Corente Services Gateway in App Net Manager. Values are as follows:
Status
Description
N/A
This field does not apply to this Corente Services Gateway.
none
This interface does not support DHCP.
client
This Corente Services Gateway receives its network configuration via a DHCP server.
server
This Corente Services Gateway is a DHCP server for computers on its subnet.
- WAN DHCP
Displays the status of DHCP on the WAN interface. The values in this field reflect the settings on the Network tab of the Location form for this Corente Services Gateway in App Net Manager. Values are as follows:
Status
Description
N/A
This field does not apply to this Corente Services Gateway.
none
This interface does not support DHCP.
client
This Corente Services Gateway receives its network configuration via a DHCP server.
server
This Corente Services Gateway is a DHCP server for computers on its subnet.
- Secondary WAN DHCP
Displays the status of DHCP on the secondary WAN interface. The values in this field reflect the settings on the Network tab of the Location form for this Corente Services Gateway in App Net Manager. Values are as follows:
Status
Description
N/A
This field does not apply to this Corente Services Gateway.
none
This interface does not support DHCP.
client
This Corente Services Gateway receives its network configuration via a DHCP server.
server
This Corente Services Gateway is a DHCP server for computers on its subnet.
- Time
Displays the current time on the Corente Services Gateway from the operating system clock.
- Uptime
Displays the amount of time since the Corente Services Gateway was last stopped.
- Load
Displays the CPU utilization load average on the Corente Services Gateway (three averages are displayed - 1 minute average, 5 minute average, and 15 minute average, respectively).
- Active Software
Indicates the version of the Corente Services Gateway software stored on the boot partition and currently active on the Corente Services Gateway. The Corente Services Gateway stores two versions of the Corente Services Gateway software - the currently active version (the version that was used at the last system boot) and the inactive version. The state of the software is indicated in the parentheses.
Possible states are listed in the following table: Table 17.1, “States for Active Software and Other Software”.
- Other Software
Indicates the version of the Corente Services Gateway software stored on the special non-boot partition of the Corente Services Gateway (/clone). The inactive version could be an earlier or later version relative to the currently active version. It may be the last release to work on this Corente Services Gateway (in case the currently active software fails), or it may be the most recent upgrade of the software waiting to be activated when the Corente Services Gateway reboots. The state of the software is indicated in the parentheses.
Possible states are listed in the following table: Table 17.1, “States for Active Software and Other Software”.
- Hardware Failover
Indicates whether or not hardware failover (also known as redundant hardware) has been enabled on this Corente Services Gateway. If hardware failover is enabled, a number (1 or 2) will appear next to this field to identify the Corente Services Gateway hardware that is currently active.
The possible states for both Active Software and Other Software are as follows:
Table 17.1 States for Active Software and Other Software
State | Description |
|---|---|
INITIAL | This is the first time Corente Services Gateway software has run on this machine. |
UNKNOWN | The state of this software is unknown and should not be switched to. This is typically the result of a failed upgrade. |
STAGING | The partition is in the process of staging an upgrade to a new version of the software and should not be switched to. |
STAGED | A new version of the software has finished STAGING and is ready to be ARMED. |
ARMED | The partition is set as ready to run on the next reboot. |
BOOTING | A new release is running for the first time, but has not yet created a tunnel to the Corente Services Control Point (SCP). If failure occurs in this state, the active software will automatically switch to what is stored on the /clone partition (which should contain the last working release). |
WORKS | The release works (or has worked at least once - enough to create a secure tunnel to the Corente SCP). |
FAILED | If a new release fails to contact the Corente SCP after a specified amount of time, the release is marked FAILED and an automatic return to the /clone partition (which should contain the last working release) is initiated. |
The bottom section of the Status page presents information about the status of all secure tunnels associated with this Corente Services Gateway. There are two types of tunnel connections displayed here:
The SCP Connection is a connection that every Corente Services Gateway creates with the Corente Services Control Point (SCP). This secure tunnel is used whenever you administer your secure network with the App Net Manager.
Gateway to Gateway Connections are the connections between your Corente Services Gateway and each of its remote Location Partners. These connections will be listed by the name of each remote Corente Services Gateway (for example,
domainname.gatewayname).
The type of Transport (or protocol) that is used for each connection will be listed beside the connection name, as follows:
TCP indicates the connection uses Transmission Control Protocol (TCP).
UDP indicates the connection uses User Datagram Protocol (UDP).
NATIVE indicates the connection belongs to a third party device.
In addition to the Transport type, the Connection and Security state of each connection will also be listed.
The meanings for each possible connection and security state are presented in the following tables:
Connection State | Description |
|---|---|
Unknown | The connection is in the process of being established. |
Established | The connection is fully established. |
Security State | Description |
|---|---|
Inactive | The Corente Services Gateway is waiting for contact from this partner. No tunnel connection will be established until this partner replies to the Corente Services Gateway. |
In Progress | The secure tunnel is in the process of being established. |
Secure | The tunnel is secure. |
Terminating | The tunnel is being torn down. |
Configuration Alert | This Corente Services Gateway and its partner are able to communicate with each other; however, the User Group(s) that each partner is exporting to the other contain conflicting address spaces. You must use one of the NAT options on the User Group or Partners tabs of the Location form in App Net Manager to remap one of the User Groups to a new address space or manually reconfigure one of the conflicting subnets to resolve this alert. |
A Show Detail hyperlink is available at the top of the page. This detailed view gives more information about the status of the Corente Services Gateway's Ethernet interfaces and each connection between the Corente Services Gateway and its partners. This information is typically used only by technical support personnel.
The Corente Gateway Interface Details section lists eight possible Ethernet interfaces and describes the status of each interface's current links. For Peer Corente Services Gateways, eth0 functions the WAN/LAN interface. For Inline Corente Services Gateways, eth0 and eth1 function as the WAN and LAN interfaces. If WIFI is being used, an additional Ethernet interface will be listed with its current status. If an Ethernet interface is not in use, it will be listed as "Unavailable".
The information displayed in the Connection Status table when Show Detail is clicked includes:
Detail | Description |
|---|---|
Name/(Transport) | The name of the Location Partner and the protocol used for the connection (either TCP or UDP). If a connection has not been established, the Transport will be listed as Unknown. |
IP/VIP Address | The visible IP address of each Location Partner and the Virtual IP address assigned to this partner by the Corente SCP. |
Latency (msec) | Latency over the secure connection to the Location Partner, in msec. |
Conn/Security State | The state of the TCP/UDP connection and the state of the IPSEC connection. |
You can return to the summarized Connection Status information by clicking on Show Summary.
The Test Network Connectivity page provides a method for testing connectivity between the Corente Services Gateway and its partners, your DNS servers, the Internet, and the Corente Services Control Point (SCP).
This table provides several tools that allow you to test connectivity and network performance:
- Test SCP Connectivity
To test connectivity from this Corente Services Gateway to the Corente SCP, click the Test SCP Connectivity button. On the page that is displayed, click Test Network to begin the test. When this test is successful, the network setup of the Corente Services Gateway (including all IP address, network mask, and default Internet gateway information, as well as the associated physical wiring) has been validated. The Corente Services Gateway's ability to communicate with the Corente SCP over a secure tunnel via the Internet has also been validated. If the test does not succeed, failure codes will be returned to help debug the problem.
- Packet Capture
This button allows you to perform packet traces through the Corente Services Gateway. When you click this button, the Packet Capture page will be displayed.
- Interface
Select the interface of the Corente Services Gateway through which the packets will be traced and then displayed to you as a log. You can select one of the following:
Any for any available interface.
WAN/LAN interface if you are using a Peer configuration.
WAN interface or LAN interface if you are using an Inline configuration.
GRE interface if a GRE tunnel is configured for the LAN.
DMZ interface if a DMZ interface is configured on this Corente Services Gateway.
- Host IP or Name
If you would like, you can specify the host name or IP address of entities to isolate in your packet capture and only capture packets that travel between them and the Corente Services Gateway. You may enter one or more entries in this field, but you MUST separate the entries using either the and or the or modifier. This field is optional.
- Operator
Select a modifier to define how to combine the entrie(s) in the Host IP or Name field with the entrie(s) in the Service Port or Name field when performing the packet capture. Selecting and will capture only packets that meet the criteria in both fields, while selecting or will ensure that packets need only meet the criteria in one of the fields to be captured.
- Service Port or Name
If you would like, you can specify the service port or port name to isolate in your packet capture and only capture packets that travel to and from that port on the Corente Services Gateway.You may enter one or more entries in this field, but you MUST separate the entries using either the and or the or modifier. This field is optional.
- Duration
Enter the duration (in seconds) for which you would like the packet capture to be performed. You may enter between 1 and 120 seconds. The default is 20 seconds.
After you make your selections and fill out the fields, click the Submit button to perform the packet capture. The Processing page will be displayed while the packets are being captured. You may interrupt the capture at any time by clicking the Stop and View button on this page to see what packets have been captured up until that point. When the packet capture has completed or has been interrupted, you can click the Save Capture button at the bottom of the log to save the packet capture log to your computer as a
.txtfile. If the Save Capture button is not displayed, you can save the log by right-clicking the page and selecting Select All from the menu that appears, then right-clicking the highlighted text and selecting Copy. Then you can paste the text in a text editor and save the file.
- Host
Lets you specify an IP address or DNS name of any computer that is accessible by this Corente Services Gateway. You can then either ping the computer or perform a traceroute.
- Ping
Ping is a computer network tool used to test whether a particular host is reachable across an IP network. Enter an IP address or DNS name that you would like this Corente Services Gateway to ping in the Host field and click the Ping button.
- Traceroute
Traceroute is a networking tool used to determine the route taken by packets across an IP network. The results of the test you select will be displayed on a new page in Gateway Viewer. Enter an IP address or DNS name to which you would like this Corente Services Gateway to traceroute in the Host field and click the Traceroute button.
- Mtr
MTR combines the functionality of ping and traceroute into a single network diagnostic tool. It probes routers on the route path by limiting the number of hops individual packets may traverse, listening to responses of their expiry. It will regularly repeat this process and keep track of the response times of the hops along the path. Enter an IP address or DNS name to which you would like this Corente Services Gateway to MTR in the Host field and click the Mtr button. This report will cycle five (5) times (i.e., send five pings).
This table lists each Ethernet interface of the Corente Services Gateway and their statuses:
- Name
The name of the interface. (LOOPBACK is the standard IP address used for a loopback network connection.)
- Status
The status of the interface.
- IP Address
The IP address currently assigned to the Ethernet interface.
- Ping
Whether or not the Corente Services Gateway can successfully ping this interface. This entry should read Echo.
- Default Gateway
The IP address of the default Internet gateway for this interface. Only WAN or WAN/LAN interfaces will have a Default Gateway.
- Ping
Whether or not the WAN or WAN/LAN Ethernet inteface can successfully ping the Default Gateway.
This table lists each Domain Name Server (DNS) Server that is registered on this Corente Services Gateway:
- DNS
Whether the DNS server is the Primary or the Secondary server.
- IP Address
The IP address assigned to the DNS server.
- Ping
Whether or not the LAN or WAN/LAN Ethernet interface of this Corente Services Gateway was able to successfully ping this DNS server when the Test page was loaded.
- Test
Click the Ping button to ping the IP address of this DNS server, the Traceroute button to traceroute to the IP address of this DNS Server, or the Mtr button to MTR to the IP address of this DNS Server.
If this Location is configured as a DNS Server or DNS Updater, the Test page will include this table. When you click on the Query button in this table, the answers from all DNS servers that respond to the query will be displayed. This includes all of the DNS entries within the DNS zone that this Corente Services Gateway serves, and entries for the subzones of this zone (that provide the name of the subzone and either the VIP address of the Corente Services Gateway or the IP address of the third-party DNS server in charge of this subzone).
This table displays the following information about the Corente SCP:
- Name
The name of the Corente SCP.
- IP Address
The IP address assigned to the Corente SCP.
- Ping
If the WAN or WAN/LAN Ethernet interface of the Corente Services Gateway can successfully ping the Corente SCP.
- Test
Click the Ping button to ping the IP address of this entity, the Traceroute button to traceroute to the IP address of this entity, or the Mtr button to MTR to the IP address of this entity. The results of the test that you select will be displayed on a new page in Gateway Viewer.
This table displays all of the partners of this Corente Services Gateway, including Intranet, Extranet, and IPSec-based Client Partners. Addressing information for Clients is displayed only if they are currently connected to the Corente Services Gateway.
If the addressing information does not display, the partner is not available for network connectivity testing. The Connection, Ping, and Traceroute buttons are not available.
Additionally, network connectivity testing is not available for any third party devices.
- Name
The name of the partner.
- IP Address
The visible IP address assigned to the partner.
- Ping
Whether or not the WAN or WAN/LAN Ethernet interface of this Corente Services Gateway was able to successfully ping this partner when the Test page was loaded.
- Test
Click the Connection button to run a simple connection test to this parter that will provide a descriptive, non-technical result. Click the Ping button to ping the IP address of this partner. Click the Traceroute button to traceroute to the IP address of this entity. Click the Mtr button to MTR to the IP address of this entity. The results of the test that you select will be displayed on a new page in Gateway Viewer.
The Machine and Server Control page can be used to perform the following operations:
START Service
RESTART Service
STOP Service
REBOOT Machine
SHUTDOWN Machine
FAILOVER Machine
FAILOVER to Secondary WAN Interface
FAILBACK to Primary WAN Interface
To perform an operation, set the button for the desired operation and then click the Submit button directly below the selection. Any selection made from this page will present a confirmation screen that describes the selected operation and its consequences. Clicking Cancel will cancel the operation, while Continue will complete the operation and display its results.
The FAILOVER Machine option will be enabled only if Hardware Failover (also known as Redundant Hardware) has been configured for this Corente Services Gateway. Selecting this option will cause the Corente Services Gateway hardware to alternate between which gateway is currently Active and which is Standby.
The FAILOVER to Secondary WAN Interface and FAILBACK to Primary WAN Interface options will be available only if the Dual WAN feature has been configured for this Corente Services Gateway. Only one option will be selectable at a time, depending on which WAN interface (primary or secondary) is currently active. When you select FAILOVER to Secondary WAN Interface and click Submit, the Corente Services Gateway will restart and attempt to use the secondary WAN interface as its WAN connection. The secondary WAN interface will remain the active WAN interface until the secondary WAN interface fails, the gateway is restarted, or you return to this page and use the FAILBACK to Primary WAN Interface option. Use of the secondary WAN interface is not static upon restart of the Corente Services Gateway service or hardware. When the service or hardware is started, restarted, or rebooted, the Corente Services Gateway will attempt to detect both WAN interfaces, and will always attempt to use the primary WAN interface first. If both the primary and secondary WAN connections are unusable, the Corente Services Gateway will continuously reboot until one of the WAN connections is functional. The WAN interface that is currently in use will be displayed at the top of the Active Corente Gateway WAN Interface table.
Keep in mind that executing any of the operations on this page (except START Service) will cause an interruption of Corente Services Gateway service for this location. This location will be disconnected from the services and any in-progress communications over the secure application network will be interrupted. Consequently such interruptions should be planned for off hours.
The current status of the Corente Services Gateway service for this location will be indicated in parentheses at the top of the Corente Gateway Service table.
Performing these operations on an Inline Corente Services Gateway has additional implications because of the additional services that an Inline Corente Services Gateway can provide. For example, the Firewall State and Internet Connection Sharing (ICS) Stateof the Corente Services Gateway will be maintained when you STOP Service. However, SHUTDOWN or REBOOT of an Inline Corente Services Gateway will interrupt these services, including the LAN gateway function that this machine performs. This means that all communications between machines on the local network will be disabled, as well as communication with machines in any location on the secure network or public network (Internet).
The Remote Login Administration page allows you to enable or disable remote login access from the Corente Services Control Point (SCP) to your Corente Services Gateway over the secure Corente SCP connection. Technical support personnel may request this access if you are having problems with your secure application network.
If you want to prevent remote login access to this Corente Services Gateway from the Corente SCP, check the Disable remote login access box and then click the Submit button. This is the default setting.
If you want to enable remote login access from the Corente SCP for an indefinite period of time, check the Enable remote login access with no timeout box and then click the Submit button.
If you want to enable remote login access from the Corente SCP for a specified period of time and then have it automatically return to the disabled state, check the Enable remote login access for ___ minutes box. Enter the period of time (in minutes) that this access will remain enabled. Then click the Submit button.
Your current setting will be highlighted in gray.
The Corente Gateway download page can be used to download all of the log files for a Corente Services Gateway and the text files for any of the SNMP MIBs that are supported by the Corente Services Gateway.
Customer Care may request that you obtain all of the log files from a Corente Services Gateway and send them to Customer Care for analysis. This page automates that process. When you click the Download button in the Corente Gateway Download Log Files section, the Gateway Viewer will gather all relevant log files, create a compressed archive file, and download that archive file to the hard disk of the PC that you are using to access the Gateway Viewer application. You can then email the compressed file to Customer Care.
The Corente Gateway MIB files section lists all of the SNMP MIBs that are available on the Corente Services Gateway. When you select a MIB and click the Download button, you can download the text file for that MIB onto the PC that you are currently using and view its object definitions. If you are using a special program on your PC to monitor the Corente Services Gateway with SNMP, you can install the text files for your chosen MIBs in that program. If you are querying the Corente Services Gateway manually, you can use the text files as guides to what objects and information are available through the MIB.
To view only the MIBs that can provide specifial information about this Corente Services Gateway, select the option labeled Show only Corente specific MIBs. When this option is not selected, all supported MIBs will be shown.
The Corente Gateway Software Version Information page displays a list of all the software that is installed on this Corente Services Gateway and each software package's version number.
Each software package is listed on this page as a hyperlink. When you click the hyperlink for a software package, a new page will be displayed that provides information about this package as well as a change log that details the history of the package on this Corente Services Gateway. Everytime a change is made to the software package, the change will be recorded in this log. This will allow you to view when a software package has been upgraded or modified.