Using the MX Live tools
The Live tools available under Security appliance > Monitor > Appliance Status > Live Tools provide useful information for troubleshooting network issues on the MX Security Appliance. Each of these tools is able to pull information from, or interact with, the MX appliance in real-time. Each section below will provide information regarding the different tools and how they can be used.
Live Uplink Traffic
This is the live tool that is selected by default. The Internet traffic graph provides a real-time view of combined upload/download usage on the active Internet/WAN link(s). If both Internet links are being used, their usage will be individually color-coded. This is useful for getting an idea of how much data is going in and out of your network at present.
Historical information can be found under Network-wide > Monitor > Clients.
DHCP Leases provides a table of clients which have active DHCP leases on the MX. This tool will not keep track of DHCP leases given by a third-party server on the LAN. This can be used for confirming that client devices receiving IP addresses and what addresses they have received. For more information, visit the article on Configuring DHCP services on the MX.
Ping will initiate a series of ICMP Echo requests to the designated IP. Based on the responses, it will graph the round trip time (RTT) latency. Click the X to remove a ping test or the || (pause) symbol to stop a test. The ping test is helpful for verifying remote connectivity to internal clients, remote endpoints over static routes, VPN, or the Internet, from the MX itself. For more information regarding the ping tool, please refer to Using the Ping Live Tool document.
Traceroute begins to continuously send ICMP echo requests to the designated IP with an increasing TTL (time to live). Each router along the path should then respond, thus identifying itself and the latency to that point in the path. This can then be useful to see what path traffic is taking over the network to reach a particular destination, and the latency to each of those hops. However, it is important to note that some hops, such as firewalls, may not respond to this type of test and will not appear in the results.
- Hop - The hop indicates how may layer 3 devices (such as router) the traffic has passed though. Thus 1 would be the first router along the path. Multiple hosts at the same hop number can indicate multiple paths.
- Host - The IP address of this particular hop.
- Count - The number of times this hop has responded during the test.
- Latency - The average round trip time for responses from this hop. This number will typically increase as the number of hops increases.
MXs running MX 16.X+ firmware will use UDP Traceroutes over UDP port 33447 instead of ICMP Traceroutes, when users intitate traceroutes via the traceroute tool.
A MTR test combines ICMP and Traceroute functionalities to perform a more detailed reachability test. This test performs a hop by hop analysis of reachability. This is commonly utilized for identifying potential causes for loss or delays to a destination from the MX's WAN IP. This destination may be a FQDN or IP address.
Note: Some hops likely will not respond to ICMP as they may de-prioritize or drop ICMP. Interpretation of this data can be difficult as a result.
The DNS tool attempts to resolve the IP address of a given hostname using the DNS primary server configured on the MX. This test will not use the DNS servers configured for DHCP. This can be useful for diagnosing connectivity problems when it is believed that the DNS server may not be functioning correctly, or to remotely confirm is a hostname is able to resolve.
In the below test, a lookup is performed for "google.com". The QUESTION SECTION specifies what the lookup is searching for (google.com's IP address) The ANSWER SECTION provides the response response. In this case there are multiple IP addresses for google.com, which is a normal load balancing technique. The query time indicates how long the response took to arrive
Throughput performs a one-time download speed test from Dashboard. This is most useful for generating additional traffic on an Internet link and testing the speed at which information can be retrieved from Dashboard. However, it should not be used to confirm the actual speed of an Internet link and is not a traditional speed test utility. Traffic generated during this test must pass through potentially multiple ISPs to reach Dashboard, which adds many additional points of contention that can reduce the throughput speed.
If looking to test the actual throughput of the Internet link, it is recommended to test from a whitelisted client wired directly to the MX and use a speed test service such as one provided by the ISP, SpeedOf.me, or Ookla.
Use Blink LEDs to repeatedly blink all of the LEDs on the front of the MX. All ports will continue to blink in unison until the tool is stopped. This is most useful for identifying the appliance, within a stack of other equipment, to a local user when coordinating remotely.
Pressing the Reboot button will remotely reboot the appliance. This provides the same effect as disconnecting and then reconnecting the power cable. In general, a complete reboot should take less than 3 minutes. This will allow the device to retain all of its settings, while clearing any caches and restarting the ports/services. This is most useful with clearing some transient issues or allowing faster updates after replacing an upstream/downstream networking device (like a modem). It is not the same as performing a factory reset.
This tool is only visible when integrating Cisco Umbrella with Meraki.
Pressing the Run button will test whether the appliance is able to communicate with the Cisco Umbrella cloud service.