Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1151115211531154115511561157115811591160
10-51
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Troubleshooting Specific Problems Related to the Firewall
This section outlines a few specific problems that you may encounter when
using firewall features and provides a possible solution.
One or More Switch VLANs Are Not Shown in TMS zl Module’s Drop-
Down List. If you try to add a VLAN to a zone and the VLAN is not listed in
the drop-down list on the Add VLAN Association window, complete the
following steps:
1. Ensure that the VLAN has been created on the switch.
2. Ensure that the switch is running version K.13.55 or above.
3. Reboot the TMS zl Module.
You Cannot Use Ping and Other Similar Tools. If you try to ping several
devices on your network and the ping is not successful, ensure that the correct
access policy is in place to allow the ping traffic. For example, if you try to
send a ping from the TMS zl Module to a device, the access policy must allow
traffic from the Self zone to the zone that contains the device. Likewise, if you
try to send a ping from the device to the TMS zl Module, the access policy must
allow traffic from the zone that contains the device to the Self zone.
You can view the access policies from the Firewall > Access Policies > Policies
window in the Web browser interface or by entering the show access-policy
command from the CLI.
You Do Not Receive a “Destination unreachable” Message. If you try
to ping a host but an access policy does not allow the ping, you will not receive
a destination unreachable message. Currently, the TMS zl Module works in
stealth mode. If an access policy denies a connection, the TMS zl Module
denies the connection request by dropping the packet without sending such
a message.
You Receive Multiple “IPROUTE: packet spoof detected” Log
Messages. This log message is generated by the internal TMS zl Module
packet spoof detection. When a packet with a source IP address cannot be
reached through any of the TMS routes, this log message will be generated. If
there are a lot of false positives, ensure that proper routes are configured on
the TMS zl Module and add a proper default route.