6.6. Setup Troubleshooting

This appendix deals with connection problems that might occur when connecting a management computer to a Clavister NetWall Firewall.

If the management interface does not respond after the firewall has powered up and cOS Core has started, there are a number of simple steps to troubleshoot basic connection problems:

1. Check that the correct interface is being used.

The most obvious problem is that the wrong interface has been used for the initial connection to the management computer. Only the first interface found by cOS Core is activated for the initial connection from a browser after cOS Core starts for the first time.

2. Check that the computer IP is configured correctly.

The second most obvious problem is if the IP address of the management computer running the web browser is not configured correctly.

3. Using the ifstat CLI command.

To investigate a connection problem further, use the KVM console after cOS Core starts. When you press the enter key with the console, cOS Core should respond with the a standard CLI prompt. Now enter the following command once for each interface:

Device:/> ifstat <if-name>

Where <if-name> is the name of the cOS Core management interface. By default this is the KVM If1 interface. This command will display a number of counters for that interface. The ifstat command on its own can list the names of all the KVM interfaces.

If the Input counters in the hardware section of the output are not increasing then the error is likely to be in the cabling. However, it may simply be that the packets are not getting to the firewall in the first place. This can be confirmed with a packet sniffer if it is available.

If the Input counters are increasing, the management interface may not be attached to the correct physical network. There may also be a problem with the routing information in any connected hosts or routers.

4. Using the arpsnoop CLI command.

A final diagnostic test is to try using the console command:

Device:/> arpsnoop -all

This will show the ARP packets being received on the different interfaces and confirm that the correct connections have been made to the correct interfaces.