Merge pull request #217713 from Shereen-Bhar/add-extra-validations

prmerger-automator[bot] · web-flow · commit 88ed25f3c67e · 2022-11-17T09:21:17.000Z
add extra validation checks
diff --git a/articles/defender-for-iot/organizations/how-to-install-software.md b/articles/defender-for-iot/organizations/how-to-install-software.md
@@ -1,7 +1,7 @@
 ---
 title: Install OT network monitoring software - Microsoft Defender for IoT
 description: Learn how to install agentless monitoring software for an OT sensor and an on-premises management console for Microsoft Defender for IoT. Use this article if you're reinstalling software on a preconfigured appliance, or if you've chosen to install software on your own appliances.
-ms.date: 07/13/2022
+ms.date: 11/09/2022
 ms.topic: how-to
 ---
 
@@ -25,7 +25,7 @@ Mount the ISO file onto your hardware appliance or VM using one of the following
     -	DVDs: First burn the software to the DVD as an image
     -	USB drive: First make sure that you’ve created a bootable USB drive with software such as [Rufus](https://rufus.ie/en/), and then save the software to the USB drive. USB drives must have USB version 3.0 or later.
 
-    Your physical media must have a minimum of 4 GB storage.
+    Your physical media must have a minimum of 4-GB storage.
 
 - **Virtual mount** – use iLO for HPE appliances, or iDRAC for Dell appliances to boot the ISO file.
 
@@ -267,6 +267,73 @@ After installing OT monitoring software, make sure to run the following tests:
 
 - **ifconfig**: Verify that all the input interfaces configured during the installation process are running.
 
+#### Gateway checks
+
+Use the `route` command to show the gateway's IP address. For example:
+
+``` CLI
+<root@xsense:/# route -n
+Kernel IP routing table
+Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
+0.0.0.0         172.18.0.1      0.0.0.0         UG    0      0        0 eth0
+172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
+>
+```
+
+Use the `arp -a` command to verify that there is a binding between the MAC address and the IP address of the default gateway. For example:
+
+``` CLI
+<root@xsense:/# arp -a
+cusalvtecca101-gi0-02-2851.network.microsoft.com (172.18.0.1) at 02:42:b0:3a:e8:b5 [ether] on eth0
+mariadb_22.2.6.27-r-c64cbca.iot_network_22.2.6.27-r-c64cbca (172.18.0.5) at 02:42:ac:12:00:05 [ether] on eth0
+redis_22.2.6.27-r-c64cbca.iot_network_22.2.6.27-r-c64cbca (172.18.0.3) at 02:42:ac:12:00:03 [ether] on eth0
+>
+```
+
+#### DNS checks
+
+Use the `cat /etc/resolv.conf` command to find the IP address that's configured for DNS traffic. For example:
+``` CLI
+<root@xsense:/# cat /etc/resolv.conf
+search reddog.microsoft.com
+nameserver 127.0.0.11
+options ndots:0
+>
+```
+
+Use the `host` command to resolve an FQDN. For example:
+
+``` CLI
+<root@xsense:/# host www.apple.com
+www.apple.com is an alias for www.apple.com.edgekey.net.
+www.apple.com.edgekey.net is an alias for www.apple.com.edgekey.net.globalredir.akadns.net.
+www.apple.com.edgekey.net.globalredir.akadns.net is an alias for e6858.dscx.akamaiedge.net.
+e6858.dscx.akamaiedge.net has address 72.246.148.202
+e6858.dscx.akamaiedge.net has IPv6 address 2a02:26f0:5700:1b4::1aca
+e6858.dscx.akamaiedge.net has IPv6 address 2a02:26f0:5700:182::1aca
+>
+```
+
+#### Firewall checks
+
+Use the `wget` command to verify that port 443 is open for communication. For example:
+
+``` CLI
+<root@xsense:/# wget https://www.apple.com
+--2022-11-09 11:21:15--  https://www.apple.com/
+Resolving www.apple.com (www.apple.com)... 72.246.148.202, 2a02:26f0:5700:1b4::1aca, 2a02:26f0:5700:182::1aca
+Connecting to www.apple.com (www.apple.com)|72.246.148.202|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 99966 (98K) [text/html]
+Saving to: 'index.html.1'
+
+index.html.1        100%[===================>]  97.62K  --.-KB/s    in 0.02s
+
+2022-11-09 11:21:15 (5.88 MB/s) - 'index.html.1' saved [99966/99966]
+
+>
+```
+
 For more information, see [Check system health](how-to-troubleshoot-the-sensor-and-on-premises-management-console.md#check-system-health) in our sensor and on-premises management console troubleshooting article.
 
 ## Configure tunneling access for sensors through the on-premises management console
