HP-UX Containers (SRP) A.03.01 Administrator's Guide
115
Rule Name: SRP-web2-base-1 ID: 8 Cookie: 3 Priority: 30
Src IP Addr: 192.0.2.1 Prefix: 32 Port number: 0
Dst IP Addr: 10.2.2.2 Prefix: 32 Port number: 0
Network Protocol: All Direction: outbound
Action: Dynamic key SA State: SPI(s) Not Established
Number of SA(s) Needed: 1 Pair(s)
Number of SA(s) Created: 0 Pair(s)
Kernel Requests Queued: 0
Proposal 1: Transform: ESP-AES128-HMAC-SHA1
Lifetime Seconds: 28800
Lifetime Kbytes: 0
---------------------------- IKE Rule -----------------------------
Rule Name: SRP-web2-base-1 Priority: 20 Cookie: 4
Remote IP Address: 10.2.2.2 Prefix: 32
Group Type: 2 Authentication Method: Pre-shared Keys
Authentication Algorithm: HMAC-MD5 Encryption Algorithm: 3DES-CBC
Number of Quick Modes: 100 Lifetime (seconds): 28800
Action: Secure
18.4 Advanced Troubleshooting Procedures
This section includes advanced troubleshooting procedures:
18.4.1 Using the Security Containment compartment discover feature (workload containers only)
In a secure environment, you can use the Security Containment discover feature to remove
compartment restrictions and view the rules that are needed to allow access. (If you are not in a
secure environment, you can use IPFilter to allow access from only trusted systems before removing
compartment restrictions.)
You can use the discover feature as follows:
1. Stop the container:
srp -stop container_name
2. Edit the compartment rules file (/etc/cmpt/container_name), and tag the container
definition at the beginning of the file with the discover keyword. This opens the container
for all access. For example:
discover compartment myContainer {
:
:
3. Start the container:
srp -start container_name
4. Attempt to access the container applications. After you successfully access the applications,
enter the following command to generate the rules used to access the container:
getrules -m container_name
5. Compare the output from the getrules command with the compartment rules file and make
the necessary changes.
6. Stop the container, remove the discover keyword from the compartment rules file, and then
restart the container.