TMS zl Management and Configuration Guide ST.1.0.090213
D-113
Troubleshooting
Troubleshooting the TMS zl Module in Monitor Mode
SNMP. If you configure an SNMP trap destination but no logs reach the SNMP
trap receiver, verify the settings by completing one of the following:
■ From the Web browser interface, click System > Logging > SNMP Traps.
■ From the CLI, enter:
hostswitch(tms-module-C)# show logging snmpv2
hostswitch(tms-module-C)# show logging snmpv3
Troubleshooting Problems with Downloading the IDS/
IPS Signatures
After you register your IDS/IPS signature subscription, you should be able to
download the latest signatures from the HP ProCurve Networking update
server. For step-by-step instructions on downloading these signatures, see
“Download Signatures” in Chapter 6: “Intrusion Detection and Prevention.”
If the TMS zl Module is unable to download the signatures correctly, use the
error message you receive to troubleshoot and resolve the problem. For
example, if you receive the error message, “Unable to resolve domain name,”
you should check the module’s DNS settings.
Depending on the error message you receive, you should check the following:
■ The IDS/IPS subscription license is still valid.
■ DNS is configured correctly, so that the TMS zl Module can resolve
tmsupdate.procurve.com or the proxy server.
■ Your network infrastructure can route the traffic from the TMS zl Module
to the Internet and any routers in that path are configured to allow the
traffic.
Signature Is Triggered Too Frequently
If an IDS signature is triggered, you should always investigate and find out if
network security is being threatened. This is especially true if the IDS signa-
ture is triggered excessively.
When an IDS signature is triggered frequently by the some device, however,
you may find that a particular system behaves in a way that seems suspicious
or mirrors the behavior of a known security problem. In this case, you may
not want to mirror traffic from that device to the TMS zl Module, or you may