Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
9919929939949959969979989991000
D-41
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Create a temporary access policy to allow ICMP echo messages
(pings) from the endpoint.
Because the TMS zl Module firewall denies all traffic that is not explicitly
permitted, it can be difficult to distinguish between misconfigured access
policies and other Layer 3 problems such as missing routes. Therefore,
you might want to open the firewall temporarily to eliminate misconfig-
ured access policies from the equation.
If the TMS zl Module is configured as the endpoints’ gateway, you may
want to create an access policy that allows ICMP echo packets from the
endpoint to the module. Make this access policy the first one that is
processed for that source zone and destination zone so that another policy
does not block it. Then, try to ping the module from the endpoint that is
experiencing the problem. If the endpoint cannot ping the module, check
the network infrastructure.
You may want to open the firewall to allow all traffic from the source zone
to the destination zone—temporarily, of course. Create a temporary
access policy that permits all services and addresses. Assign this access
policy position 1 and disable IPS on it (so that you do not confuse the IPS
dropping packets with a connectivity problem).
To create these access policies using the Web browser interface, see
“Firewall Access Policies” in Chapter 4: “Firewall.”
Remember to remove the temporary access policies after you solve the
problem and are no longer troubleshooting.
If you open the firewall and the endpoint cannot ping the module,
check the network infrastructure.
Is IP routing set up correctly on network devices?
Is VLAN tagging configured correctly?
Do any other firewalls between the module and the destination allow
the traffic?
Is the endpoint’s gateway configured correctly?