Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1121112211231124112511261127112811291130
10-47
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Check NAT to ensure that it is configured correctly.
See “Troubleshooting NAT” on page 10-49.
Troubleshoot VPN settings if applicable.
See “Troubleshooting VPNs” on page 10-55.
Check the network infrastructure:
Is IP routing set up correctly on network devices?
Is VLAN tagging configured correctly?
Do any other firewalls between the module and the destination allow
the traffic?
Is the intended destination up and connected?
Troubleshooting Specific Problems Related to the Firewall
This section outlines a few specific problems that you may encounter when
using firewall features and provides a possible solution.
One or More Switch VLANs Are Not Shown in TMS zl Module’s Drop-
Down List. If you try to add a VLAN to a zone and the VLAN is not listed in
the drop-down list on the Add VLAN Association window, complete the
following steps:
1. Ensure that the VLAN has been created on the switch.
2. Ensure that the switch is running version K.13.55 or above.
3. Reboot the TMS zl Module.
You Cannot Use Ping and Other Similar Tools. If you try to ping several
devices on your network and the ping is not successful, ensure that the correct
access policy is in place to allow the ping traffic. For example, if you try to
send a ping from the TMS zl Module to a device, the access policy must allow
traffic from the Self zone to the zone that contains the device. Likewise, if you
try to send a ping from the device to the TMS zl Module, the access policy must
allow traffic from the zone that contains the device to the Self zone.
You can view the access policies from the Firewall > Access Policies > Policies
window in the Web browser interface or by entering the show access-policy
command from the CLI.
You Do Not Receive a “Destination unreachable” Message. If you try
to ping a host but an access policy does not allow the ping, you will not receive
a destination unreachable message. Currently, the TMS zl Module works in