Overview
The Recommendation Engine may show you the following warning/alert at the top of your Exinda Web UI
The circuit - Auto Catch-all - has traffic that was not caught by a Virtual Circuit
This might be visible even with the Optimizer turned Off.
This article explains why is the alert displayed, provides the steps to identify the traffic not being caught by any policy, or as a workaround to have this traffic channeled to a dummy Virtual Circuit (VC).
Solution
Why is the Alert Displayed
Alert Displayed When Optimizer is ON
This alert should theoretically only be shown when the Optimizer is ON because it references a circuit, which is a part of the Optimizer.
The Auto Catch-all circuit is an invisible circuit that is implicitly at the bottom of any Optimizer configuration to take in traffic that does not fit into any other circuit. This is to ensure that traffic is not dropped, but the admin is still at least alerted to its presence, which is done by the above recommendation alert.
This traffic shows up in the Real-Time monitor under the policy Auto Catch-All: Auto Catch-All, if Show Policies is turned on.
Alert Displayed When the Optimizer is OFF
The alert can still be shown when the Optimizer is OFF. This is due to the fact that the recommendation engine works in part with the collection and monitoring processes that are still working to catalog and categorize the traffic going through the Exinda, regardless if the traffic is being optimized. These collection stats are also compared against the Policy Tree in the configuration (though not actually applied against it). If there is traffic coming through the Exinda that would not have a home in the Optimizer, it would notify the recommendation engine as such, and the alert would still come through to the dashboard.
This is the intended behavior of the system and is not a bug or a problem. The notification, especially when the Optimizer is OFF, is just informing that there is traffic not being shaped.
How to Identify the Traffic Not Being Caught by Any Policy
- Go to Monitor > Real Time.
- Check the 'Show Policies' check box.
- Scroll down to the bottom of the Conversations list.
- At the bottom of the list look for the label "Auto Catch All: Auto-Catch All". Any traffic that is currently falling into the 'Auto Catch All' virtual circuit will be displayed under this label.
- Check the IPs and applications of the flows under that header and verify the configuration of all the VCs and what Network Object or Application they are dedicated for.
- For instance, the following VC named Internal-Traffic is dedicated to the Network Object Private Net:
Virtual Circuit 10 - Internal-Traffic (100% to/from 'Private Net') -
If the argument of the VCs is based on Network Objects (like the example above):
-
Navigate to Configuration > Objects > Network.
-
Verify the Network Objects for each VC.
-
The IP's investigated in Step 5 are Not part of any of the involved Network Objects.
-
-
If the argument of the VCs is based on Application Objects, then the applications investigated on Step 5 do not comply with the applications or application groups defined in the VC. To investigate if a particular application is part of a specific application group:
-
Navigate to Configuration > Objects > Applications > Application Groups.
-
If there is currently no traffic going into the Auto Catch All virtual circuit, there is information in the monitoring section for historical data by looking at hosts, applications (Monitor > Hosts, Monitor > Applications), or whatever additional objects the Virtual Circuits are defined by, in order to find the traffic that is not matching any Virtual Circuits.
Once the traffic has been identified, creating a virtual circuit to specifically catch this traffic (or amending your currently existing virtual circuits) will stop this warning.
Workaround to Have The Uncaught Traffic channeled to a Dummy Circuit
Create a Virtual Circuit with the lowest priority and have it capture all (remaining) traffic.
- Go to Configuration > Optimizer
- Click on 'Create New Virtual Circuit'
- Give it a Virtual Circuit Number that is higher than any currently existing virtual circuit (the higher number will result in a lower position in the policy processing list).
- Give it a Virtual Circuit Name.
- Set the Bandwidth Options as per your environment.
- Under 'Filter Options':
- set "VLAN Object' to ALL
- don't set anything for Network Object
- set 'Application' to ALL
- set 'Direction' to Both
- Click on Add New Virtual Circuit.
- This circuit will be catching all traffic that is not being caught by any previous circuits, hence resulting in the Auto Catch-all warning being removed.