Managing Services
You can easily manage your Zenarmor services on the Zenconsole (Centralized Cloud Management Portal) by performing the tasks explained in this guide.
Services Status
You can view the status of the Zenarmor (Sensei)-related services on the Home
page of a node. It provides all critical system-level information you need to manage your node. The following services are listed here:
Engine
Reporting Database
Cloud Agent
Cloud Nodes Status
Figure 1. Services Status(Engine, Reporting DB, Cloud Agent)
You can check whether one of the services is running or not by viewing the related pane on the Home page.
Engine Pane
In this pane, you can view and manage the core packet engine which does all the heavy lifting and packet processing. It provides Start/Stop and Restart buttons for the engine as well as Start on Boot
control to set the engine daemon status on a system restart.
Figure 2. Engine Status Pane
This pane provides details about:
- Status of the engine (Running/Stopped)
- Installed engine version and installation time
- Last update time and signature of the engine
Reporting Database
The Reporting Database pane shows the database status, provides Start/Stop/Restart buttons for the database, and a Start on boot
option to allow the database to run after a system restart.
This pane provides details about:
- Status of the reporting database (Running/Stopped)
- Installed database type(Elasticsearch/MongoDB/SQLite)
Figure 3. Reporting Database Status Pane
info
We highly recommend keeping the ElasticSearch database running at all times since it is the primary database used by Zenarmor.
Cloud Agent Pane
This pane provides details about:
- Status of the cloud agent (Running/Stopped)
- Installed agent version and installation time
Figure 4. Cloud Agent Pane
Cloud Nodes Status Pane
Cloud threat intelligence servers are used for querying real-time information on threat intelligence and web categorization. Web Categorization
and The Cloud Threat Intelligence
data are queried in real-time when a connection attempt is made through your network. It allows us to respond to malware and malicious connections quickly in real-time. Two Cloud Reputation servers with the best response times are automatically selected and configured by the engine according to their network response times during the installation and/or initial configuration.
Cloud Nodes Status panel provides detailed information about the followings:
- Node Name: Name of the cloud reputation server such as US-West, US-Central, US-East, Europe, Australia, Asia, etc.
- Node Status: Availability of the server (UP/Down)
- Success Rate: The connection success rate for the server (uptime percentage)
Figure 5. Cloud Nodes Status
Enabling Bypass Mode for Packet Engine
For troubleshooting purposes, the packet engine may be run in Bypass Mode
. In this mode, the engine does not apply any security controls for traffic and simply passes it through on the protected interfaces. In bypass mode, Zenarmor operates like a dummy L2 bridge.
This feature is useful when investigating incompatible network driver(s), troubleshooting a problem with the packet engine, or resolving issues with other system components such as netmap. If the problem still exists in bypass mode, that means the problem is not related to the packet engine. Rather, it may be a netmap or OS problem.
To enable Bypass mode
, hover your mouse over the Engine
Pane. This will display engine management buttons on the pane. Click the Enter Bypass
button. (Figure 3.)
Figure 6. Engine is in Bypass Mode
To exit Bypass mode
, click the Exit Bypass
button after hovering your mouse over the Engine
pane.
You may also enable Bypass mode
for packet engine on the All Firewalls Dashboard
.
To enable Bypass mode
on the All Firewalls Dashboard
, click on the ...
button at the top right corner of the firewall pane. This will open a drop down menu. Click on the Enter Bypass
link under the menu.
Figure 7. Enabling Bypass Mode on All Firewalls Dashboard
Start/Stop/Restart of a Service
You can start/stop/restart the Zenarmor-related services on the dashboard.
- Hover your mouse over the service pane where you want to change the status.
- To stop/start one of the services, click the Stop or Start button in the service pane.
- To restart one of the services, click the Restart button in the service pane.
You may also Start/Stop/Restart
the packet engine on the All Firewalls Dashboard
.
To enable stop/start/restart the packet engine on the
All Firewalls Dashboard
, click on the...
button at the top right corner of the firewall pane. This will open a drop down menu (see Figure 7.).Click on the related link under the menu as you wish.
Enabling/Disabling Start on Boot
Start on boot
allows the packet engine or the database to start running after the firewall has been rebooted.
You can enable/disable the Start on boot
option:
- Hover your mouse over the service pane where you want to change the status.
- Click the
Start on boot
button in the service pane.