Problem and solution when the firewall cannot access web proxy resources

2

What if the web proxy resource page cannot be accessed?
Solution:
1. Check whether the configured URL is correct.
2. If the configured URL is correct, ensure that the configured intranet URL can be properly accessed.
3. If the fault persists, try the web link mode.
Note: To ensure that the web link function takes effect, use Internet Explorer and install the ActiveX control.

Other related questions:
Problem and solution when a firewall cannot be added to the NMS
To solve the problem that a firewall cannot be added to the NMS (NMS workstation), perform the following steps: 1. Check whether the SNMP settings on the firewall are correct. For example, check whether the SNMP version matches the NMS. 2. Check whether the NMS is reachable to the firewall. 3. Check whether access management in SNMP mode is enabled on the interface connecting the firewall to the NMS. That is, you need to run the service-manage snmp enable command on the interface to allow the peer device to access the firewall in SNMP mode. By default, the SNMP permission of the interface is disabled. In this case, even if the security policy for the interzone between the zone where the interface resides and the Local zone is enabled, you cannot access the device through the interface. This is because that the service-manage function has a higher priority than the security policy. For details, see USG6350 can't add to the NMS server.

Problem and solution when network extension cannot be enabled on the firewall
Only the administrator can enable network extension.

Problem and solution when the database cannot be accessed due to ping-pong effect
You can solve the problem that the database cannot be accessed due to ping-pong effect as follows: 1. Issue Description The Oracle RAC database service of one site provides two hosts to use storage resources through the multipathing mode. LUN0 in the storage device is mapped to the two hosts but one of the two hosts cannot access the LUN. Product and version information S5000 series Application server using Huawei ATAE boards The application server runs on SUSE 9 SP3. UltraPath for Linux V100R002C01 is used. 2. Alarm Information None 3. Handling Process a. Run the upadm show option command on the CLI to check whether the failover function is disabled. # upadm show option The following information is displayed: maxlun = 256 maxpath = 4 maxcontroller = 8 maxarray = 30 failback_interval = 60 optimal_path_check_interval = 60 failed_path_check_interval = 30 iopolicy = round_robin lbcontroller = off failover = on maxtargetid = 512 b. If failover is on, run the upadm set failover=off command to disable the failover function. # upadm set failover=off c. Run the upadm start updateimage command to update UltraPath configuration. # upadm start updateimage d. Run the upadm show option command to ensure that the failover function of UltraPath is disabled. # upadm show option The following information is displayed: maxlun = 256 maxpath = 4 maxcontroller = 8 maxarray = 30 failback_interval = 60 optimal_path_check_interval = 60 failed_path_check_interval = 30 iopolicy = round_robin lbcontroller = off failover = off maxtargetid = 512 ----End 4. Root Cause a. Based on log analysis, two application servers use UltraPath to switch paths to access LUN0 frequently. b. Based on log analysis, the link status between host DB1 and controller A of the storage device is Link Down. c. Base on log analysis, the link status between DB2 and controller A is also Link Down. The storage device LUN0 switches connections to the working controllers frequently and the database log displays I/O timeout. Conclusion The ping-pong effect leads to repeated switchover of the LUN's working controller and unavailable access to the database. 5. Suggestions a. Do not map a LUN to two or more application servers. b. If you must map a LUN to two application servers in some scenarios, install a cluster software in the application servers and configure cluster reservation. In other scenarios, refer to this case and solve them by disabling the failover function.

Problem and solution when the firewall cannot ping the virtual IP address of the VRRP group
Possible causes are as follows: A VRID conflict occurs. The virtual IP address ping function is disabled. According to RFC3768, the ping command cannot be used to detect the virtual IP address connectivity. Huawei provides the virtual IP address ping function for the convenience of monitoring. This function is enabled by default. If it is disabled, you can run the vrrp virtual-ip ping enable command to enable it.

Problem and solution when BGP peer cannot be established
The BGP peer establishment on the firewall needs to use port 179 to establish TCP sessions and requires that OPEN messages be properly exchanged. Perform as follows to rectify the issue: 1. Check whether the AS number and IP address among peers are correct by using the display bgp peer command. 2. Check whether the router IDs configured on both BGP peers are conflicting by using the display bgp peer command. 3. If the loopback interface is used, check whether the peer connect-interface command is configured to specify the loopback interface as the source interface for sending BGP packets. 4. If EBGP neighbors are not directly connected to the physical layer, check whether the peer ebgp-max-hop command is configured. 5. Check whether there are available routes to the peer in the routing table. 6. Check whether there are reachable routes to the specified connect-interface by using the ping -a source-ip-address host-address command. 7. Check whether the ACL that is used to disable TCP port 179 is configured.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top