TMS zl Management and Configuration Guide ST.1.1.100430
10-39
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
2. From the CLI, enter the following command to renew the IP address:
hostswitch(tms-module-C:config)# vlan <vlan_id> ip
address dhcp
Troubleshooting the Firewall
When you are configuring and troubleshooting the firewall, you should review
how the firewall operates. With these guidelines in mind, you can then apply
the strategy outlined in this section to isolate your problem and fix it.
Reviewing How the Firewall Operates
Keep in mind the following general principles for the TMS zl Module’s firewall:
■ All traffic is denied by default.
■ Access policies with a higher priority are processed first.
■ A regular access policy is processed before a user-based access policy.
■ Some traffic must be transmitted to the Self zone.
■ Only traffic transmitted between VLANs is routed and, therefore, filtered.
■ Additional protections are applied to the external zone.
All Traffic Is Denied by Default. By default, the TMS zl Module firewall
has an implicit deny all access policy. Unless you create an access policy to
explicitly allow particular traffic, the TMS zl Module will block it. The TMS zl
Module compares a packet to every access policy in the packet’s correspond-
ing policy set. A policy set consists of:
■ Source zone and destination zone
■ Traffic type (unicast or multicast)
■ User group of the packet’s source IP address (or, if the packet has no
group, the None user group)
Because of the implicit deny all access policy, you must configure access
policies to permit the traffic that you want to allow through the firewall.
Access Policies with a Higher Priority Are Processed First. The TMS
zl Module first determines which policy set corresponds to the packet and
then begins to compare the packet to the access policies in that particular
policy set, beginning with the policy that has the highest position (lowest
numerical value).