Nokia Firewall, VPN, and IPSO Configuration Guide > Chapter 6: Advanced System Administration and Troubleshooting > Troubleshooting

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

This Book

Nokia Firewall, VPN, and IPSO Configuration Guide

Search

Table of Contents

Front Cover

Nokia Firewall, VPN, and IPSO Configuration Guide

Chapter 1: Nokia Security Solutions Overview

Chapter 2: Nokia IPSO Overview

Chapter 3: Initial IPSO Configuration

Chapter 4: Nokia Network Voyager

Chapter 5: Security and Access Configuration

Chapter 6: Advanced System Administration and Troubleshooting

Introduction

Understanding the Boot Manager

Troubleshooting Flows

Using the Configuration Summary Tool (CST)

Understanding Memory and Processes

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7: Advanced Routing Configuration

Chapter 8: Configuring the Check Point NGX Firewall

Chapter 9: System Monitoring

Chapter 10: High Availability

Chapter 11: IPSO Command Interface Line Shell (CLISH)

Appendix A: UNIX Basics

Appendix B: Accessing Lab Videos

Index

236 Chapter6·AdvancedSystemAdministrationandTroubleshooting Tools & Traps... CLISH for Compliance Often firewalls are added to the environment one at a time, and installed manually. Using CLISH to script the common installation options required allows your Nokia appliances to be consistently baselined. Common options would be settings for Syslog destinations, SNMP trap destinations, backup schedules, alerting, and so on. Having a baseline for your firewalls also helps in troubleshooting should something like a breach or failure occur. Combining a common script with a firewall-specific CLISH script allows for rapid recovery if a Nokia needs to be replaced due to hardware failure. Running two CLISH scripts, instead of building the entire platform configuration by hand, can restore the previous configuration. This saves both time and unnecessary effort in the long run. Troubleshooting When solving problems that eventually come up, it is nice to know that IPSO provides common tools you have access to on other platforms that can help you get enough information to solve problems yourself or at least assist your support provider in fixing the problem. Many of these commands are UNIX commands that we use together in the way they were intended, and some are creations of Nokia that allow you to gather information for them should the need arise. Managing Logs The IPSO operating system provides several command-line utilities and many log files that can be used to troubleshoot problems or monitor user or process behavior. Most of the log files created and maintained by IPSO are in the /var/log directory, although some are in other subdirectories of /var. Check Point FireWall-1 logs are kept in the directory $FWDIR/log. Searching and Displaying Log Files One of the contents of the /var/log directory contains the messages file, this is the global system log to which programs send messages by default. The system program that controls these log messages is called syslog, and is configured through the settings in /etc/syslog.conf. In addition to the messages file are several compressed files named messages.x.gz. These are

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 6: Advanced System Administratio... > Troubleshooting - Pg. 236