Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
41424344454647484950
Chapter 4 Troubleshooting Routers and Embedded Systems VPN-1/FireWall-1 configuration for a Nortel (Bay Networks) BayRS router
Advanced Technical Reference Guide 4.1 June 2000 36
firewall pri 1.1.1.1 loc 2.2.2.2
3. Typing info at this point will show you the currently defined firewall information. Back up management
stations can be defined at this point.
4. Now the individual interfaces must be configured to use the firewall. Type back twicetoreturntotheroot
menu. Type in the name of the first interface:
ethernet/1/1
5. Now type in the ip address string:
ip/1.1.1.1/255.255.255.0
6. Now type the key word:
firewall
Now the firewall is configured to run on this interface. Typing info at this point will display information
concerning the firewall on this interface. It is here that you will find the policy-index number, which for
firewall purposes is the interface name (pol1 etc.). These policy-index numbers are automatically assigned
a unique number each time an interface is configured. It is possible to change some or all of these policy-
indexes to be the same, in which case the firewall will treat them all as the same interface.
7. Repeat the configuration for all interfaces running the firewall.
Debugging Nortel (Bay) Routers
General problems
To debug general problems, you can start with the following steps:
1. Log into the Technician Interface (TI).
2. Check the log files on the router. RFWALL is a keyword in the log files for the Check Point Software on
the Router. The proper syntax for this is
Log -ffdwit -eRFWALL (will show all of the new firewall messages.)
(-ffdwit) means
(ff) fault
(d) debug
(w) warning
(i) informational
(t) trace
log -ffdwit -t9:00 (will show messages after 9:00)
3. The MIB Group for the firewall is wfRFwallGroup. The following MIB objects will show the IP Addresses
of the Check Point Control Station, and the Firewall Module on the Router.
get wfRFwallGroup.*.0
The output of the command retrieves the following data, which present the current router’s
VPN-1/FireWall-1 configuration:
wfRFwallGroup.wfRFwallDelete.0 = 1
wfRFwallGroup.wfRFwallDisable.0 = 1
wfRFwallGroup.wfRFwallState.0 = 1
wfRFwallGroup.wfRFwallLogHostIp.0 = xxx.xxx.xxx.xxx
wfRFwallGroup.wfRFwallLogHostIpInt.0 = 0
wfRFwallGroup.wfRFwallLocalHostIp.0 = yyy.yyy.yyy.yyy