TMS zl Management and Configuration Guide ST.1.1.100226
10-42
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Log Message Shows That Traffic Did Not Match Any Access Policy.
Fil-
ter the TMS zl Module’s log by the source IP address (or named object) of the
device that is sending the traffic. If you see the following text in a log message,
the firewall does not have an access policy that permits the traffic. In this case,
the firewall drops the traffic:
id=fw_access_control ruleid=0 msg=”FW: no access policy found, packets dropped.”
In this case, check the following
■ Ensure that the intended access policy is configured correctly
(including any named objects).
The access policy must explicitly permit the traffic.
■ Ensure that the VLAN is assigned to the right zone.
You should not overlook the possibility that the problem is caused by a
simple configuration error. Check the TMS VLAN settings and make sure
the VLAN is assigned to the right zone.
■ Check the intended access policy to see if it includes a schedule.
The network administrator who created the access policy may have
configured a schedule for it so that traffic is allowed only at certain times.
■ If user authentication is enabled, ensure that it is set up correctly,
and the user authenticates successfully.
You may also want to see if user authentication is enabled. If it is, make
sure it is set up correctly. For example, you must set up the appropriate
access policies, and ensure that the user authenticated successfully.
■ Create a temporary access policy to allow any services from the
host to any destination.
Again, you might want to open the firewall—creating an access policy that
allows all traffic between the two zones or two VLANs—so that you can
distinguish between misconfigured access policies and other Layer 3
problems such as missing routes.
This temporary access policy could weaken security, so be sure to remove
it as soon as you have finished troubleshooting.