TMS zl Management and Configuration Guide ST.1.0.090213

D-40

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

Check the logs and answer the following questions:

■ Does the traffic match an access policy?

■ If the traffic matches an access policy, does it match the intended access

policy?

■

If the traffic matches the intended access policy, does it reach its

destination?

The answers to these questions will help you narrow the cause of the problem

so you can implement a solution. Move to the section that applies to your

problem:

■ “Traffic Does Not Match an Access Policy” on page D-40.

■ “Traffic Matches Another Access Policy” on page D-44.

■ “Traffic Matches the Intended Access Policy But Does Not Arrive at Its

Destination” on page D-45.

Traffic Does Not Match an Access Policy. If the traffic does not match an

access policy, there are generally two possibilities:

■ No message is logged.

■ A message is logged, stating that the traffic did not match any existing

access policies.

No Message Is Logged. If you check the TMS zl Module’s logs and do not

see a message related to the traffic, you should first ensure that you have

enabled logging for the intended access policy and other policies with the

traffic’s source zone and destination zone (the traffic’s policy set). Then check

for configuration errors such as the following:

■ Ensure that the VLAN has been assigned to a zone.

If the VLAN has not been assigned to a zone, then the TMS zl Module will

not handle the traffic.

■ Ensure that the TMS zl Module is actually routing the traffic.

The endpoints’ gateway must be the TMS zl Module, and the module must

be routing traffic between two VLANs. If traffic is being transmitted

between two devices in the same VLAN, the traffic is not routed, and the

TMS zl Module cannot apply an access policy.