Firewall Typical Networking and Troubleshooting Common Faults - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Firewall Typical Networking and Troubleshooting Common Faults

Description:

The routers on both sides of the firewall cannot establish the OSPF ... Apr09 1_english H3C_Training_PPT_template_V1.0 1_3Brands_H3C_MS2003 ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 19
Provided by: EricZ151
Category:

less

Transcript and Presenter's Notes

Title: Firewall Typical Networking and Troubleshooting Common Faults


1
Firewall Typical Networking and Troubleshooting
Common Faults
2
Objectives
Upon completion of this course, you will be able
to
  • Master the typical networking of SecPath
    firewall.
  • Master the skills of troubleshooting common
    faults of SecPath firewall.

3
Contents
  • Common Firewall Networking
  • Troubleshooting Common Faults of Firewall

4
Cases of Common Firewall Networking
  • Applications at the egress of government and
    enterprise vertical networks
  • Applications in the networking of financial and
    security industries
  • Applications with carrier-class reliability

5
Applications at the Egress of Government and
Enterprise Vertical Networks
Trust domain
SecPath firewall
Enterprise users
Untrust domain
Server cluster
DMZ domain
6
Applications in the Networking of Financial and
Security Industries
Intranet
DMZ domain 1
Browse web page
Authentication server
Server
DMZ domain 2
Data center
E-commerce
Enterprise user
SecPath A
SecPath B
Trust domain
Enterprise user
untrust domain
Online banking
7
Applications with carrier-class reliability
Enterprise user
Intranet
Internet
Public network server
Branch
8
Contents
  • Common Firewall Networking
  • Troubleshooting Common Faults of Firewall

9
Troubleshooting Process
  • Check the physical link status.
  • Check the firewall default action (interception
    or release).
  • Check whether the interface is added into the
    correct domain.
  • Check whether the ARP table items are correct.
  • Check the matching status of the ACL rules.
  • Check whether the NAT table items are correct.
  • Check whether ASPF is activated in the correct
    interface and direction.
  • Check whether the domain statistics function is
    activated.

10
Symptom of Common Faults (1)
  • Symptom After the firewall interface is
    configured with an IP address, the execution of
    the ping command of the IP address is not
    successful.
  • Diagnosis Ping failure may be caused by the
    following factors. Rule out the possibilities one
    by one.
  • 1) Ensure the up status of the firewall
    physical link.
  • 2) Ensure that the physical interface is
    added into one of the domains.
  • 3) Check the default rules and ACL rules of
    the firewall.
  • 4) Check whether the ARP table items
    contain the MAC address of the peer equipment.
  • 5) Query the receiving/transmitting of the
    ICMP packets with the debug command.

11
Symptom of Common Faults (2)
  • Symptom After the port scanning and address
    scanning intrusion protection and the dynamic
    blacklist, the firewall cannot view the intrusion
    log. In addition, the scanning source addresses
    are not added dynamically into the blacklist.
  • Diagnosis
  • 1) Check whether the scanning speed of the
    scanning tool exceeds the max-rate value per
    second set by the configuration file.
  • 2) Check whether the blacklist function is
    activated.
  • 3) Check whether IP statistics function for
    the connection with the outgoing direction of the
    domain of the initiator is activated or not.

12
Symptom of Common Faults (3)
  • Symptom After the filtering based on key words
    of the web page content is set, it is not valid.
  • Diagnosis
  • 1) Check whether the ASPF is configured to
    detect HTTP.
  • 2) Check whether the ASPF is applied to the
    interface or between the domains.
  • 3) Query the filtering record with the
    display firewall web-filter command.
  • (Precaution When the web page filtering and
    mail filtering are configured, the ASPF detection
    function must be enabled.)

13
Symptom of Common Faults (4)
  • Symptom The system cannot detect the 2FE card.
  • Diagnosis
  • 1) Query whether the 2FE card has been
    registered with the display version command.
  • 2) Check the type of the 2FE card. There are
    two types of 2FE cards.
  • secpath supports only the 2fe of the 82559
    chip. It does not support the 2fe of the 21143
    chip.
  • Differentiation method of two types of
    boards
  • (Note Differentiation is achieved through
    eye observation of the physical chips of the
    boards. For the 2FE of the 21143 chip, there is a
    4 square centimeters chip the near the pci
    socket, with the 21143 identification. For the
    2FE of the 82559 chip, there is only a 1 square
    centimeter chip in the middle of the board, with
    the 82559 identification.)

14
Symptom of Common Faults (5)
  • Symptom The transparent mode of the firewall is
    set to transparent. The routers on both sides
    of the firewall cannot establish the OSPF
    neighbor relationship.
  • Diagnosis
  • 1)Check whether the flood or broadcast
    function is activated for the unknow-mac.
  • 2)Check with the ping command whether both
    ends of the physical link is connected.
  • 3)Check whether the area No., network No.,
    hello interval, and dead interval of the hello
    packets of both ends are consistent.
  • 4) For others, please refer to the debugging
    of the OSPF protocol.

15
Symptom of Common Faults (6)
  • Symptom After the setting of the GRE tunnel is
    completed, the ping command of the peer tunnel
    interface is not successful.
  • Diagnosis Rule out the possible causes one by
    one
  • 1)Ensure that the tunnel interface has been
    added into the residing domain of the public
    network.
  • 2)Check whether the tunnel interface has been
    in the up status with the display interface
    tunnel command.
  • 2)Check whether the tunnel has been
    configured with correct source and destination
    addresses.
  • 3)Check whether the router table contains the
    route to the tunnel destination address, or check
    whether the tunnel destination address is
    reachable with the ping command.
  • (Precaution All interfaces, either physical
    interface or virtual interface, must be added
    into a certain domain.)

16
Symptom of Common Faults (7)
  • Symptom When the browser is applied to log in to
    the firewall, The page cannot be found is
    prompted.
  • Diagnosis
  • 1) Check whether the physical link from the PC
    to the firewall is faulty.
  • 2) Check whether flash contains the http.zip
    file with the dir command.
  • 3) If the file does not exist, separate the
    file from the system software with the detach
    command.

17
Summary
  • The course is summarized as follows
  • Common networking modes of the firewall
  • Troubleshooting common faults of the SecPath
    firewall

18
Thank you
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Firewall Typical Networking and Troubleshooting Common Faults" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!