Difference between revisions of "Troubleshooting Tips"
From Tech-Wiki
| Line 4: | Line 4: | ||
If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in this order: | If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in this order: | ||
# Policy | # Policy | ||
| + | # NAT (correct NAT mode?) | ||
# Routing | # Routing | ||
| − | # Anti-spoofing | + | # Anti-spoofing (even from return packet) |
# VPN Encryption domain | # VPN Encryption domain | ||
# IPS (ips off) | # IPS (ips off) | ||
Revision as of 14:49, 27 November 2017
If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in this order:
- Policy
- NAT (correct NAT mode?)
- Routing
- Anti-spoofing (even from return packet)
- VPN Encryption domain
- IPS (ips off)
- Connection Limit (fw ctl pstat)
- Disable SecureXL (fwaccel off)
- Test in the other cluster member (clusterXL_admin down –p)
- Issue a cpstop/cpstart or reboot
- Consider installing the latest Jumbo hotfix accumulator or Recommended Hotfixes (per sk106162 and sk106389)
- Did I forget something?!
- That’s probably a bug, raise a TAC
Confirm the reason of your packet being dropped using:
fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y'