TMS zl Management and Configuration Guide ST.1.2.100916
10-43
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Table 10-6. Defining the Problem and Documenting the Troubleshooting Process
Enable Logging and View Logs. After you record your initial analysis of
the problem, you should enable logging for the intended access policy.
Depending on the problem, you may want to enable logging on all the access
policies defined in the traffic’s corresponding policy set. For example, if the
traffic is being sent from the Faculty VLAN, which is in the Internal zone, to
the Server VLAN, which is in Zone1, the traffic’s policy set would be listed on
the Firewall > Access Policies > Unicast window under Internal to Zone1.
You should also change the logging level to Information, as described in
“Changing the Log Level” on page 10-31.
Check the logs and answer the following questions:
■ Does the traffic match an access policy?
■ If the traffic matches an access policy, does it match the intended access
policy?
■
If the traffic matches the intended access policy, does it reach its
destination?
Source (IP
Address,
VLAN, Zone)
Destination (IP
Address,
VLAN, Zone)
Type of Traffic Definition of the
Problem
Troubleshooting
Steps
Solution
• 10.1.10.0/24
• Faculty
VLAN
(VLAN 10)
• Internal
zone
• 192.168.2.20
•Server
VLAN
(VLAN 50)
• Zone1
FTP, port 21 Traffic is being denied
but should be
permitted.
1. Enabled logging for
all the access
policies in the
traffic’s policy set.
2. Changed the logging
level to Information.
3. Checked the logs and
found the traffic was
matching a different
access policy.
4. Checked the
intended access
policy to make sure it
was configured
correctly.
5. Checked the order in
which policies are
processed.
Re-ordered the access
policies so the intended
access policy is
processed before the
access policy that was
matching the traffic and
denying it.