When troubleshooting normalization device health alerts we recommend reviewing the revisions page in Security Manager > Change > Revisions.
Once a revision is retrieved the status of the (latest) revision should update to normalized.
If you're not seeing an error there, then it means that the application server was able to take the retrieved files and build a policy map from it.
There is also a Normalization Status page in Administration > Device > Normalization Status. This page will display normalization Alerts, Warning and Informational messages for the latest revisions. They typically mean that out of the thousands of rules and objects that were normalized from the configuration, some lines weren't able to be normalized because they are missing data or they are in an unexpected format, so those lines were skipped.
We display the warnings for transparency in case you would like to review the device configuration and see if there is missing information that you would like to get added to complete the normalization. If those lines are adjusted then the flag will go away and will turn the device into 'Healthy status'.
For example:
It might show a network object is missing data
'google-drive' : Bad network address, missing start, end, or cidr portion
This is because google-drive is defined as an object, but has no ip address value.
You could go add that IP value and the line would disappear on the next revision. If the name of device in normalization status is not clickable, there may not be any warnings to display. Unless there are major issues from the unnormalized lines, we typically rely on if the normalization completed successfully in Change > Revisions.
Comments
0 comments
Article is closed for comments.