The new hastats tool replaces the older mfend-lb tool. 

To access this tool, click Troubleshooting, Network tool, hastats.

• When you open hastats, you see what mode the system is in. For example active or redundant director, or scanner node.  
   
• Each table lists scanners for IPv6 and IPv4 separately. Each entry in the table reports:
  • Whether scanners are up
  • The number of sessions processed in the last second
  • The number of cumulative connections (total number of connections sent to a scanner until that time)
     
• When you start hastats, you can specify a parameter, such as HTTP or FTP, in the space provided for arguments. You then see only stats corresponding to the selected parameters.

NOTE: When you log an issue, Technical Support recommends that you run hastats with the all parameter and gather the results in addition to the feedback file.

Feedback 
To create a feedback file, navigate to Troubleshooting, Feedback. Then click the Create Feedback File button. The feedback file in 8.2 now collects the following details:

• The Haproxy process stack trace
• Log files located in /var/log/haproxy
  NOTE: These files can be collected under Troubleshooting, Log Files, system, haproxy.
• The mangle table entries for iptables

Troubleshooting MWG when it does not process packets

1. Open the Troubleshooting page.
2. Click Network Tool, hastats. 
   • If the hastats states that you are in scanning node and you are configured as a director, haproxy is not up.
     Check whether you have correctly configured the VRRP interface, VIP, and virtual router ID and scanners.
     We recommend using a /32 subnet mask when configuring this IP address on the cluster nodes.
     If you see issues, fix them and check whether the issue is resolved.
   • If everything is correct:
     Make sure that there are no open ports in the range you have configured for the FTP client listener port range and FTP server port listener range.
     If you see issues, fix them and check whether the issue is resolved.
      
3. If you find no issues, submit a support case with feedback and output of hastats all.

Or:

1. Open the Troubleshooting page and click Network Tool, hastats. 
    
   • If the hastats output is correct (displays same mode as MWG is configured to), the haproxy is up and running.
   • If the output is not correct, perform the Troubleshooting MWG when it does not process packets as detailed above.
      
2. Ping the VIP from the client. If the VIP is not reachable, ping the VIP from MWG.

• If there is no response to the ping from MWG, keepalived is not running.
  Check whether the interfaces you have assigned in the VIP table and the VRRP interface are up:
  1. Open an SSH connection to the MWG command line interface (use Putty or similar software).
  2. Run the ifconfig command for the VIP interfaces you have configured.
     For example: ifconfig eth0
     View the output.
      
  3. The appropriate output shows that the interface is up:
     # ifconfig eth0
     eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
     • If the status is DOWN, you need to check whether you have used the right interface settings in your network. Also, check for other possible causes such as network cable or incorrect switch configuration. Resolve this issue and test.
     • If you find no issues, open a support case with feedback and output of hastats all command.
       
       NOTE: You can configure multiple VIPs. At least one needs to be on the same interface as the VRRP.
        
• If the VIP is reachable:
  • Check haproxy-info.log to see if there are any error messages.
  • If the log file contains no error messages, open a support case with feedback and output of hastats all.

Load balancing is not being performed correctly

Open the Troubleshooting page, then click Network Tool, hastats. You see a status of each scanner, and can see if a scanner is up or down.

• If you see that a scanner is down, debug the reason for the scanner being down.
  1. Check whether the scanner node is up and running.
  2. Check the configuration as documented in KB91848 McAfee Web Gateway 8.2.0 Migration Guide for Mfend Replacement.
  3. If you find no issues, submit a support case with feedback files from director and scanner node.
      
• If all scanners are up, check the source IP of the traffic not being load balanced correctly.
  This traffic must always be sent from the same IP address. If it is not, open a support case with feedback and output of hastats all.