Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1171117211731174117511761177117811791180
10-49
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
To view the status of ALGs, enter:
hostswitch (tms-module-C)# show alg
You will see output similar to the following:
ftp : Enabled
ike : Disabled
ils : Disabled
ils2 : Disabled
irc : Disabled
l2tp : Disabled
netbios : Disabled
pptp : Disabled
rtsp : Disabled
sql : Disabled
tftp : Disabled
To enable an ALG, enter:
hostswitch (tms-module-C:config)# alg <alg>
To achieve best performance and follow security best practices, only
enable the ALGs that are required.
If you have a custom application that uses a dynamic port, you may need
to configure a port trigger so that the firewall can open the correct ports.
Keep in mind, however, that you should not use a port trigger if NAT is
applied to the traffic. Port triggers do not provide the same functionality
that ALGs offer. For example, if an upper-layer protocol carries IP
addresses within its data segment, an ALG knows where the IP address is
held and can handle the traffic appropriately even when NAT is applied.
Port triggers, on the other hand, check only the IP header.
Ensure that the traffic is not being blocked by the IPS.
When traffic flows through the TMS zl Module, the firewall passes permit-
ted packets to the IPS. (Permitted packets have been allowed by an access
policy.)
If you have ensured that the access policy is configured properly, check
for logs that specify “ips” in the ID. For example, if you type id=ips in the
Keyword field, you will see all of the log messages that the IPS has
generated.