Bay Networks BayRS Guide de dépannage Page 114
- Page / 197
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 2 Troubleshooting Active Network Management Debugging the Connect Control Module
Advanced Technical Reference Guide 4.1 • June 2000 109
Load balancing does not work on HPUX when the web servers are on
virtual interfaces
No solution available at this time
See the SecureKnowledge Solution (ID 10043.0.3487758.2562155) in the Check Point Technical Services site.
Connection going to the connect control address are dropped by the
Stealth Rule
If Firewall’s external address is used for the Connect Control address (that is, the address to which Internet
users will connect) and there is a Stealth Rule (that is, Any / Any / Firewall / Drop / Alert), this will also block
the Connect Control connections from Internet users.
You may want to use another address in the valid external range for the Connect Control address and have the
Firewall Proxy Arp for it.
Debugging the Connect Control Module
The Connect Control Module is one of the “Load Balancing Components” described on page 107. It resides in
the kernel of the FireWall Module containing the load balancing algorithm.
The Connect Control Module uses several kernel tables
To debug connect control problems you will almost always need to examine one of the following tables
• Check_alive – this table exists to see if the physical servers are alive. The in.pingd process reads the
table and sends pings to the servers if a time period has passed.
• Logical_cache_table – only when persistent mode is enabled. Holds the information relating to
which client connects to which server.
• Logical_request – any new connection going through the connect control module is written in that
table
• Logical_server_table – holds a list of the logical servers.
• Logical_server_list_table – if NAT is involved
These tables are described in detail in “Load balancing tables,” page 164 of “Appendix A: State Tables for
VPN-1/FireWall-1 4.0
Check_alive table
Load balancing takes place between a group of servers. A server will only take part in the load balancing if it is
alive. If a server is no longer considered as a valid server the VPN/FireWall module will not redirect packets to
that server (it may be down or overloaded for example). The Check_Alive table is used to determine whether
the servers in the group are alive
The In.pingd send Pings to the servers at regular intervals, and a computation based on the values in the
table determines whether or not the server is alive.
- VPN-1/FireWall-1 1
- Contents 2
- Table of Contents 3
- WhoshouldusethisGuide 6
- Feedback Please! 6
- Summary of Contents 7
- Troubleshooting Guidelines 8
- In This Chapter: 10
- Troubleshooting Tools 11
- UNIX only) 12
- Explanation 13
- offset of IP in 17
- FireWall-1 Monitor Command 21
- Examples 22
- Debugging with INSPECT 24
- Translation 26
- Resolving Common NAT Problems 27
- “Leaky” NAT 31
- Debugging NAT 33
- BayRS router 36
- Controlling the FireWall 37
- Licenses 38
- Problems and bugs 38
- BayRS Router Commands 39
- VPN-1/FireWall-1 Commands: 40
- General Commands 40
- General problems 41
- Common problems resolution 43
- Information to Gather 44
- Spoofing 49
- Debugging of Cisco Routers 49
- Debugging of 3Com Routers 51
- Debugging 52
- Troubleshooting Anti-Spoofing 54
- Static ARP and Anti-Spoofing 55
- Debugging Anti-Spoofing 56
- Content Security 57
- SMTP Security Server 58
- Debugging Security servers 58
- HTTP Security server 59
- IP Interface 60
- The Software 60
- VPN-1/FireWall-1 Rule Base 60
- Diagram of the environment 61
- Performance Test 62
- Discussion 63
- Action Plan 63
- Conclusions 64
- HTTP Security Server and DNS 66
- Test Plan 68
- The Solaris machines 69
- The VPN/FireWall module 69
- The security servers 69
- The CVP server 69
- Test Results 70
- FTP Security Server 71
- Fast mode and FTP 73
- FTP PASV vulnerability: 74
- PORT command is blocked 74
- Server fails 78
- Log Viewer Error Messages 80
- Log Viewer 81
- Security Server? 82
- Chapter 2: Security Servers 84
- Chapter 3: Content Security 84
- Troubleshooting LDAP Issues 87
- Installation Issues 88
- Configuration Issues 88
- Schema Checking 89
- Known configuration problems 90
- AMC Configuration problem 91
- Working with the AMC 92
- Creating a Tree Object 93
- Defining Users 93
- The LDAP server 93
- Working with LDAP 94
- Known LDAP and AMC problems 94
- Exporting Users Problems 95
- Special Configurations 96
- PKI Issues related to LDAP 96
- Known Limitations 97
- Debugging LDAP 98
- More Information 100
- Management 101
- What Tables are synchronized 104
- Synchronization Tests 104
- Troubleshooting Fail-over 106
- Problem Detection Devices 107
- Troubleshooting Fail-Over 108
- VPN Fail-Over 108
- Debugging High-Availability 111
- Load Balancing Components 112
- Stealth Rule 114
- Check_alive table 114
- Balance does not work 115
- Troubleshooting SNMP 120
- Node n Node 2 Node 1 123
- External Network 123
- Internal IP 124
- Bank Certificate Key (BCK) 125
- Product Features Lists 126
- How to Verify Licenses 127
- Licensing non IP hosts 128
- License installation 129
- In This Chapter 132
- Introduction 133
- Rule Base 133
- Network Address translation 133
- Anti Spoofing 133
- High Availability 135
- Security Servers 135
- BAY Router 136
- Open Security Extension (OSE) 137
- Mission Statement 139
- Telephone 139
- Problem Severity Definitions 142
- Software Versions Supported 142
- Escalation Procedure 142
- In This Appendix: 143
- What are State Tables? 146
- Table Attributes 147
- General tables 148
- SAMP tables 152
- License enforcement tables 153
- Logging tables 154
- NAT tables 156
- VPN tables 158
- SKIP tables 159
- NSID value Description 160
- IKE tables 161
- IPSec tables 161
- SPI_table table 162
- Load balancing tables 170
- Specific services tables 172
- RPC tables 174
- Program Number Description 175
- 100001 Rstat 175
- 100004 Ypserv 175
- 100007 Ypbind 175
- 100300 NIS+ 175
- DCE/RPC tables 176
- IIOP tables 177
- Static tables (lists) 177
- Object Lists tables 178
- Time Objects tables 180
Produits connexes et manuels pour Logiciel Bay Networks BayRS
(76 pages)
Logiciel Bay Networks 5391 Guide d'installation
(138 pages)
(138 pages)
Logiciel Bay Networks 5000 Manuel de service
(166 pages)
(166 pages)
Logiciel Bay Networks 5391 Manuel de service
(20 pages)
(20 pages)
Logiciel Bay Networks 5000 Spécifications
(185 pages)
(185 pages)
© 2020, manymanuals.fr. Tous droits réservés | 0.034 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels