Chapter 1. Troubleshooting Methods
Providing users with networks that demonstrate high availability has never been as important as it is today. A single moment of network downtime may cost an organization a considerable amount of money and represent, as well, intangible losses that are not acceptable to today's executives. So, it is important to have the methods and tools at your disposal to troubleshoot any critical issues that you might experience in your network. While this is true for all network components, it is even more important for the security devices, because security devices embed into different parts of the network in the traffic path to provide security. Therefore the problems that arise from security devices often are critical and their impact on the overall network is huge. For example, a simple misconfiguration of Access Control lists (ACLs) on Firewall in the direction of Internet-bound connections could block all Internet-bound traffic for the whole network. For these reasons, knowing the products and the available commands and tools for identifying the problem quickly is a must. To be successful as a Cisco network security troubleshooter, you need the following:
-
Clear understanding of security devices
-
An accurate and complete network topology which shows a detailed view of the network, packet paths, and the position of the security devices in the packet path
-
Method to diagnose the problem and select the tools for diagnosis
This chapter focuses on a generic troubleshooting method for security products in the network (a method that also is useful for other networking devices). Chapter 2, "Understanding Troubleshooting Tools," focuses on the most important components of the "Troubleshooting Methodology" which is the primary topic of this chapter.