Problem and solution when the firewall system upgrade does not take effect

17

During firewall upgrade, you need to replace system software. After you set the system file for the next startup, you must restart the device for the configuration to take effect.

Other related questions:
Problem and solution when an OSPF route filtering policy does not take effect
The reason that an OSPF route filtering policy does not take effect is as follows: For example: User ---------- MA5200F ---------- Firewall---------- NE80 ---------- Internet Open Shortest Path First (OSPF) is run on three devices, and the firewall acts as the NAT device. The NE80E cannot learn routes to private network segments. Firewall configurations are as follows: acl number 2999 rule 5 deny source 10.0.0.0 0.255.255.255 /*Filtered private network segments*/ rule 10 deny source 192.168.0.0 0.0.255.255 /*Filtered private network segments*/ rule 15 permit ospf 1 filter-policy export 2999 area 0.0.0.0 network 218.206.107.220 0.0.0.3 The routing table of the NE80 still has routes to private network segments. [JSNJ-MB-CMNET-RT01-HJL_NE80]display ip routing-table 10.33.16.192 Destination/Mask Protocol Pre Cost Nexthop Interface 10.33.16.192/26 O_ASE 50 1 218.206.97.234 Ethernet5/0/13 0.0.0.0/0 STATIC 40 0 218.206.97.109 GigabitEthernet1/0/ The route policy in the OSPF view of the firewall that uses the VRP3.30 platform takes effect only for local routes, not the LSA transmitted by the firewall to the NE80. In conclusion, because OSPF is a dynamic routing protocol based on link status and routing information is expressed through link status, OSPF cannot filter advertised or received LSAs. The filter-policy import command filters the routes calculated by OSPF. Only routes that match the filtering conditions are added to the routing table. The filter-policy export command enables a device to filter routes advertised by the device. Only routes that match the filtering conditions can be advertised.

Problem and solution when the round robin load balancing policy of NMP does not take effect in HP_UX
You can perform the following operation when round robin load balancing policy of NMP does not take effect in HP_UX as follows: 1. Issue Description What can I do when the round robin load balancing policy of NMP does not take effect in HP_UX? Situation: HP 11i v3 is delivered with the Native Multi-Path multipathing software and the default load balancing policy round robin. Multiple paths from the hosts to controller A or controller B on the storage array do not take effect, and you can only deliver I/Os through one path. 2. Solution a. Enter scsimgr get_attr -a leg_mpath_enable on the host to check whether the current system has enabled NMP multipathing software. b. Enter scsimgr get_attr -D /dev/rdisk/diskXX -a leg_mpath_enable to check whether LUN has enabled the NMP software. c. Enter scsimgr get_attr -D /dev/rdisk/diskXX to check whether LUN has a default load balancing policy round robin. d. Enter scsimgr lun_map -D /dev/rdisk/diskxx to check which LUN has active status of all paths. e. Enter scsimgr get_stat -H Hardware path to check the I/O statistics of each path to the LUN. If the I/Os of one path is small, nearly no I/O is delivered on this path. f. Above all, although the NMP multipath configuration does not cause any failure, there is a problem which is referred on released notes. You solve the problem by setting alua_enabled of a LUN to false. However, based on lab tests, this method can deliver I/Os through multiple paths but the performance of this method degrades compared to I/Os delivered through one path. You are advised to use one path not to use multiple paths.

What should I do when the System Time change does not take effect
Question: Under System > System Settings > Basic Settings > System Time on the RSE6500, change the local system time, save the change, and re-log in to the RSE6500. The system time that is displayed is still the system time before the change. Possible Cause: At the time the system time change is saved, a user runs the shell command to log in to the operating system after having connected to the RSE6500 using Telnet or SSH. Solution: Ask the user to log out of the operating system by running the exit command. Then change the system time and save the change again.

Problem and solution when a firewall cannot be added to the NMS
To solve the problem that a firewall cannot be added to the NMS (NMS workstation), perform the following steps: 1. Check whether the SNMP settings on the firewall are correct. For example, check whether the SNMP version matches the NMS. 2. Check whether the NMS is reachable to the firewall. 3. Check whether access management in SNMP mode is enabled on the interface connecting the firewall to the NMS. That is, you need to run the service-manage snmp enable command on the interface to allow the peer device to access the firewall in SNMP mode. By default, the SNMP permission of the interface is disabled. In this case, even if the security policy for the interzone between the zone where the interface resides and the Local zone is enabled, you cannot access the device through the interface. This is because that the service-manage function has a higher priority than the security policy. For details, see USG6350 can't add to the NMS server.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top