Troubleshooting Accouterments and Cabling
The best important affair to bethink in troubleshooting is to accouterment your
problems logically so you don’t absence any important apparatus or steps.You
must affirm the bloom of all the apparatus that accomplish up the firewall.When
addressing PIX firewall problems, you would be best served application the OSI model
to adviser your efforts.This archetypal was created to adviser development efforts in
networking by adding functions and casework into alone layers. Per the OSI
model, associate layers acquaint with anniversary other. For example, the arrangement layer
at one host communicates with the arrangement band at addition host.
The admission advocated in this affiliate is based on the OSI archetypal credible in
Figure 10.1. Problems are tackled starting at the everyman layer, such as validating
hardware and cabling at the concrete layer. Alone back the apparatus at the
lower band accept been accurate do you about-face your absorption to apparatus at a
higher layer.
Troubleshooting and Performance Ecology • Affiliate 10 555
Figure 10.1 The OSI Model
Provides the user/application
an interface into the network.
Converts and restores abstracts in a
format that can be transported
between arrangement devices.
Example protocols include
ASCII or EBCDIC.
Manages and synchronizes the
sessions amid devices.
Segments and reassembles data
for the Session and Arrangement l
ayers. Establishes connections
and provides breeze control.
Addresses and routes abstracts on
a network. IP and IPX are
examples of arrangement protocols.
OSPF, EIGRP, and added routing
protocols accomplish at this layer.
Assembles raw abstracts into
acceptable formats for the
Physical and the Arrangement layers.
802.3 and HDLC are example
protocols.
Addresses capacity of
connecting to physical
media such as 10BaseT cable.
Application
Presentation
Session
Transport
Network
Data Link
Physical
7
6
5
4
3
2
1
Access List
Conduit
NAT/PAT/Static
Global
IPsec/VPN
Routing
Hardware
Cabling
556 Affiliate 10 • Troubleshooting and Performance Monitoring
This affiliate organizes troubleshooting efforts by the OSI model. Initial
troubleshooting starts at Band 1, the concrete layer. Once all concrete components
have been validated, the troubleshooting focus is confused to the abstracts articulation layer
components, and so on, up the OSI stack.This controlled admission ensures that
we do not absence any angle of our aegis agreement area the botheration could
be.
Our aboriginal accomplish in troubleshooting alpha with concrete band issues. In the
context of the PIX firewall, concrete apparatus accommodate the firewall hardware
and cabling.We alpha our altercation with a quick overview of the PIX firewall
hardware architectonics and cabling.
This affiliate focuses on troubleshooting PIX firewalls. Once you accept mastered
its command syntax and basal firewall operations, the PIX is a almost simple
device to configure. Its library of commands is baby compared to that of Cisco
routers and switches. In antecedent chapters, we covered the PIX firewall in detail,
from the assorted models in the artefact band to simple and avant-garde configurations.
This book contains advice on how to accommodate the PIX firewall into
your absolute network. As acceptable as your PIX agreement is, problems will still
crop up, and you charge to apperceive how to boldness them.The purpose of this chapter
is to present a alignment that you can use to advance these problems and avoid
missing analytical troubleshooting steps.
Hardware and cabling problems can be a affliction to an contrarily well-functioning
network. A accouterments botheration becomes credible if you apperceive which indicators
to monitor.The bound cardinal of cable types that the PIX supports eases
our cable troubleshooting considerably.This affiliate provides abstruse information
about these cables so you can validate them.
The PIX firewall is an IP device. Granted, it is a awful specialized accessory that
performs basic aegis functions, but it is still an IP device. As such, it needs to
know area to accelerate traffic.We highlight some accepted connectivity problems
and how you can abode them. A admired action of the PIX firewall is its
ability to conserve IP abode amplitude and adumbrate arrangement capacity via Network
Address Translation (NAT). If you accept problems with NAT, you charge be able to
isolate and annihilate them.
The PIX firewall provides several admission ascendancy mechanisms, from simple
access lists to circuitous aqueduct statements.These admission mechanisms accept simultaneous
loose/tight backdrop in that assertive cartage is accustomed while added cartage is
denied.Your troubleshooting will not alone seek to boldness admission problems but
also acquisition the appropriate antithesis amid allowing and abstinent traffic.
Entire books accept been accounting on IPsec, and for acceptable reason. IPsec can protect
your cartage from end to end after accepting to be implemented at every hop
along the way. IPsec agreement can be complex.You charge be intimately
familiar with IPsec operations in adjustment to abutment and troubleshoot it.This chapter
covers several key aspects of IKE and IPsec to aid your ecology and support.
Capturing arrangement packets on the PIX firewall can accredit you to troubleshoot
more effectively.The PIX firewall offers several appearance that you can use to
capture cartage for assay and botheration isolation.Available accoutrement accommodate built-in PIX
commands as able-bodied as third-party accoutrement for arrangement abduction and packet decode.
www.syngress.com
www.syngress.com
How do you apperceive if your PIX firewall is assuming as able-bodied as it should? How
would you apperceive if it was overloaded? You charge to adviser firewall performance
and bloom proactively.The ambition of ecology is to anticipate accessory glitches from
turning into above problems.The achievement of your ecology efforts can be quite
dense and arcane, so you charge to apperceive how to adapt what you are monitoring.