TMS zl Management and Configuration Guide ST.1.1.100226
10-46
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
that ALGs offer. For example, if an upper-layer protocol carries IP
addresses within its data segment, an ALG knows where the IP address is
held and can handle the traffic appropriately even when NAT is applied.
Port triggers, on the other hand, check only the IP header.
■ Ensure that the traffic is not being blocked by the IPS.
When traffic flows through the TMS zl Module, the firewall passes permit-
ted packets to the IPS. (Permitted packets have been allowed by an access
policy.)
If you have ensured that the access policy is configured properly, check
for logs that specify “ips” in the ID. For example, if you type id=ips in the
Keyword field, you will see all of the log messages that the IPS has
generated.
■ Missing routes or misconfigured routing protocols
Ensure that the module’s default gateway can be reached, and the module
has all the routes it needs to handle the traffic it receives.
■ Check to see if the firewall’s connection limitation has been
exceeded.
If the TMS zl Module is handling a high-volume of traffic, you should
check the logs to see if the traffic exceeds the connection limitation. By
default, the TMS zl Module imposes the following connection limitations
on each zone:
• Self—21428
• Internal—150,000
• External—150,000
•DMZ—150,000
• Zone1—21428
• Zone2—21428
• Zone3—21428
• Zone4—21428
• Zone5—21428
• Zone6—21428
You may assign as many or as few connections per zone as you like, but
the total number of connections in all zones cannot exceed 600,000. If you
are not using one or more zones, you can transfer their limits to the zones
that you are using.