Intergraph InterServe Firewall, Быстрый старт

Страница: 9 / 12

5
Troubleshooting the Configuration
This section contains answers to frequently asked questions and a list of troubleshooting techniques to
help you if you have problems with your Eagle NT configuration. Refer to the
Eagle NT
Configuration Guide for more information.
Frequently Asked Questions
Nothing works, what’s wrong?
Determine if the problem is due to connectivity, routing, TCP/IP, DNS, or the Eagle NT firewall
software. Use a combination of the following tools:
u
Check the Eagle NT Logfile as described in the Configuration Guide to see if systems are
reaching the firewall. If a network packet comes to the firewall, it is always logged. If there is
no log entry for a packet, then the packet never reached the firewall. If this is the case, then the
problem may be due to a DNS or routing problem. Check that your DNS and routing
configurations are configured as described in the
Configuration Guide ..
u
nslookup verifies the configuration of DNS. If nslookup returns correct information, then DNS
is configured properly. Otherwise, the DNS configuration files must be updated to reflect the
correct information.
u
Check the Windows NT Event Viewer as described in the operating system documentation and
online Help. Verify that the Eagle NT services and DNS are starting properly, as described in
the
Configuration Guide .
u
ping is a basic connectivity tester. You can ping internal and external systems from the firewall
to see if your TCP/IP connections are working. If the connections are not working, TCP/IP may
not be configured properly. Verify that TCP/IP is configured properly as described in the
Configuration Guide .
I can surf the Web, but I can’t get to my Web server.
This problem usually occurs when the inside DNS domain name is the same as the external DNS
domain name. The inside client has queried the internal DNS server for the address of the external
Web server. Since the internal DNS server is authoritative for the domain and does not know the
address of the requested node, the query will fail. To correct the problem, ensure that you put the
entries for the Web server in the internal DNS files.
I created a rule to FTP, Telnet, and Hypertext Transport Protocol (HTTP)
with “universe” as the source and destination, but I get “authorization
failed” messages.
“Universe” as the source and destination implies the same network entity on both sides of the firewall.
In this case, Eagle NT will not allow this because the default rule (
DENY
) applies. If another, less-
stringent rule is configured for this relationship, it will default to the most stringent (
DENY
). If you do
this, you will see the message
'EXPLICIT DENY FROM RULE 1
' in the log.