![]() I prefer to use command line, but you can also run packet tracer graphically in the ASDM. Packet tracer is your friend! Use it to simulate traffic going though the firewall, and the firewall will tell you what it will do with that traffic. Solution Step 1: Make sure you are not blocking the Traffic If I’ve forgotten another reason – feel free to contact me. Some annoying bug in the ASA code is stopping you, which either requires a lot of Internet and forum searching or a call to TAC to confirm. ![]() The traffic needs some kind of special inspection to work through the firewall i.e. (Remember routing works by Unicorns and Magic, so routing people are not to be trusted!)Ĥ. The traffics not even getting to the firewall, because either it’s getting blocked before it gets to you, or there is a routing problem stopping the traffic hitting the firewall. The person who asked for traffic to be allowed, asked for the wrong thing, either they didn’t RTFM, or someone has given them the wrong IP addresses, or because they are human too, they’ve made a mistake.ģ. Always assume you have done something wrong, until you are 100% sure that’s not the case.Ģ. ![]() I’ve made an error, (it happens I’m human), I might have entered the wrong information, or not applied an ACL, or put the rule on the wrong firewall. I then open the requested ports/protocols.Ĭonsultant/Engineer: You know those ports you opened? They don’t work.Īt this point one of the following has occurred ġ. Me: OK let me know the IP addresses, host-names, ports, protocols etc, and I’ll open them for you. So my days are pretty much filled with conversations like this Ĭonsultant/Engineer: Pete I need some ports opening on the firewall. I’m just coming out of a major network greenfield site build, all the individual technologies that have been getting planned and designed are now starting to come online and require comms though the firewall solution that I’ve been working on. Is the problem actually the firewall, if not then help the frustrated party track down the actual problem.Ģ. ![]() Yeah, it’s funny because it’s true! The article title might not sound like the most professional approach, but when the ‘Well it’s not working now’ finger gets pointed at the ‘firewall guy/girl’, they need to ascertain two things ġ. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |