Congratulations after all the tests of Pings and Telnets and tracert from different IP addresses and eliminating agents on the endpoint test machine. You have decided that the problem of communication probably comes from the firewall.
In this tutorial, I will show you the basics of how to start checking if the firewall is blocking or interrupt your communication.
- First, check the logs to see if packets getting dropped!
2. To really rule out a problem with the firewall rules I suggest creating permit any rule just for testing.
3. Make sure That NAT is configured for the specific VLAN.
4. Every Packet that goes out must go back in, so please check that you have a static route.
5. IPS log, it’s a must!
6. This command gives you more reasones why the packet got dropped from the GUI Version in line 1. connect using SSH to the Firewall GW machine and run this command “fw ctl zdebug + drop | grep X.X.X.X”
7. Check Interface Details for MTU Mismatch or duplex issue or also for CRC errors on the network card
8. Make the Standby Active, I hope your firewall is apart of a cluster if so try to work with the second FW.
- Command “cphastop” to stop a cluster member from passing traffic. Stops synchronization. (emergency only)