TMS zl Management and Configuration Guide ST.1.1.100226
10-45
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
■ If user authentication is enabled, ensure that it is set up correctly,
and the user authenticates successfully.
Finally, you may want to see if user authentication is enabled. If it is, make
sure it is set up correctly. For example, you must set up the appropriate
access policies and ensure that the user authenticated successfully. Keep
in mind that regular access policies will be processed before access
policies that are related to user groups.
Traffic Matches the Intended Access Policy But Does Not Arrive at Its
Destination. When you check the log messages, you may find that the traffic
matched the intended access policy and was permitted. If the traffic does not
arrive at its destination, check the following:
■ Ensure that the appropriate ALG is enabled or that a port trigger
is configured.
Because some applications open data-transfer connections dynamically
by negotiating IP addresses and service ports, they require special han-
dling by the firewall. For these types of applications, ensure that the
appropriate Application Level Gateway (ALG) is enabled.
To view the status of ALGs, enter:
hostswitch (tms-module-C)# show alg
You will see output similar to the following:
ftp : Enabled
ike : Disabled
ils : Disabled
ils2 : Disabled
irc : Disabled
l2tp : Disabled
netbios : Disabled
pptp : Disabled
rtsp : Disabled
sql : Disabled
tftp : Disabled
To enable an ALG, enter:
hostswitch (tms-module-C:config)# alg <alg>
If you have a custom application that uses a dynamic port, you may need
to configure a port trigger so that the firewall can open the correct ports.
Keep in mind, however, that you should not use a port trigger if NAT is
applied to the traffic. Port triggers do not provide the same functionality