TMS zl Management and Configuration Guide ST.1.1.100226
10-43
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
■ Check to see if the intended access policy or one above it contains
a domain name that cannot be resolved.
If the traffic does not match an access policy and the access policy seems
to be correct, check to see if this policy or one that is processed before
this policy contains a domain name. If the TMS zl Module processes an
access policy containing a domain name that cannot be resolved, the
module immediately stops processing access policies and drops the
packet. As a result of this safeguard, a DNS failure can deny traffic that
may otherwise be allowed by that access policy or any subsequent access
policy.
The TMS zl Module may not be able to resolve a domain name if:
• The DNS settings on the module are configured incorrectly.
• The DNS server is unreachable.
• The DNS server does not have a record for the domain name.
You may also encounter a problem if a domain name matches multiple IP
addresses. In this case, instead of creating an access policy for the domain
name, you should create separate access polices for each IP address.
To ensure that the TMS zl Module can resolve domain names successfully,
complete the following steps:
a. Ensure that your DNS settings are configured correctly so that the
TMS zl Module can resolve the DNS name. Complete one of the
following:
– In the Web browser interface, click Network > Settings > General.
– At the CLI, enter:
hostswitch (tms-module-C)# show ip dns
b. Ensure that an access policy allows traffic from the TMS zl Module to
the zone that contains the DNS server. Complete one of the following;
– In the Web browser interface, click Firewall > Access Policies >
Unicast and locate the policies for the source zone and destination
zone.
– At the CLI, enter:
hostswitch (tms-module-C)# show access-policy