PCE/VEN Timers

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/18

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

19 Terms

1
New cards

Firewall Policy Updates

Realtime if Lightning Bolts are enabled

2
New cards

Active Service Reporting

Frequency at which the VEN reports to the PCE about it’s active status

Occurs at Start-up

Snapshot of processes & ports is sent to the PCE

3
New cards

Active Service Reporting Information about listening processes on a workload is accumulated

Every 30 Seconds

4
New cards

VEN reports accumulated Active Service Reporting information to the PCE

Every 10 minutes

5
New cards

VEN takes a snapshot of all listening processes and sends it to the PCE

Every 24 hours

6
New cards

Interface reports and interface changes are sent (only if there are changes to the interfaces)

Every 5 Minutes

7
New cards

Firewall and Traffic Flow Logs Consists of

A Vtap server that collects traffic flows and sends them to an internal SQLite database

8
New cards

Firewall and Traffic Flow Logs has a database size limit of

1 GB

9
New cards

The VEN checks if there are any traffic logs and sends them

Every 10 minutes

10
New cards

If the PCE is inaccessible, the VEN retains flow summaries for the previous _ and purges logs older than _

24 hours

11
New cards

VEN Heartbeat is sent to the PCE (not configurable)

Every 5 minutes

12
New cards

If the VEN cannot connect to the PCE, the VEN

continues to enforce the last-known-good policy while it tries to reconnect with the PCE

13
New cards

The VEN enters a diminished state (aka degraded state) after missing…

2 heartbeats

14
New cards

In the degraded state, the VEN…

ignores all asychronous commands received as lightning bolts from the PCE except for software upgrade and support reports.

15
New cards

Dead-Peer interval or VEN Offline Timer

When a VEN on a workload is stopped / if the workload goes offline abruptly (power outage)

The PCE stops receiving heartbeats from the workload

The PCE will mark the workload as offline after a configurable amount of time.

16
New cards

Disconnect and Quarantine Timer Options

Wait One Hour

Never

Custom

17
New cards

Default Offline Timer

60 Minutes (12 Heartbeats)

18
New cards

Host Firewall Tampering Detection

3-10 seconds

On Linux- tracefs must be mounted for newer distros, debugfs for older distros

Not supported for AIX/Solaris/MAC - Tampering detected within 10 minutes

19
New cards

VEN Lost Agent State

Occurs when you delete a Workload from the PCE but the VEN was not uninstalled. The VEN will fail to communicate with the PCE due to failed authentication. The VEN attempts to connect to the PCE every 4 hours and the PCE logs a message. VEN needs to be manually uninstalled/reinstalled.