Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
71727374757677787980
Another method to test if IPFilter rules are blocking access to the compartment applications is
by disabling the IPFilter module.
CAUTION: Enabling or disabling IPFilter briefly brings down all IP interfaces on the system,
then brings up all IP interfaces configured in the /etc/rc.config.d/netconf and /etc/
rc.config.d/netconf-ipv6 files. This causes the system to briefly lose network connectivity
and removes all dynamically configured IP interfaces.
Unless there is heavy network traffic, the interruption in network connectivity has no or little
effect on existing connections. However, some applications might interpret a network interruption
as a card failure. For example, Serviceguard might interpret a network interruption as a card
failure, which can cause it to reform the cluster. In addition, services that use dynamically
configured IP interfaces (such as Serviceguard) will lose connectivity through these interfaces.
HP recommends that you do not enable or disable HP-UX IPFilter when critical network
applications are running. HP recommends that you enable or disable IPFilter when interrupting
network connectivity is not disruptive.
To disable IPFilter, enter the following command:
/opt/ipf/bin/ipfilter -d
To enable IPFilter after you have completed testing, enter the following command:
/opt/ipf/bin/ipfilter -e
Removing or Disabling IPSec
If you are using IPSec with SRP, you can see if IPSec policies are blocking access to the
compartment applications. One method to determine if IPSec policies are blocking packets is by
removing the ipsec service from the compartment with the following command:
srp -d compartment_name -s ipsec
To add the ipsec service back to the compartment after you have completed testing, enter the
following command:
srp -d compartment_name -s ipsec
Another method to test if IPSec policies are blocking access to the compartment applications is
by stopping the IPSec product. Enter the following command:
/usr/sbin/ipsec_admin -stop
To restart IPSec after you have completed testing, enter the following command:
/usr/sbin/ipsec_admin -start
Reporting Problems
If you are unable to solve a problem with SRP, complete the following steps:
1. Read any published release notes for SRP to see if the problem is known. If it is a known
issue, use the prescribed solution.
2. Determine whether the product is still under warranty or whether your company purchased
support services for the product. Your operations manager can supply you with the necessary
information.
3. Access http://www.itrc.hp.com and search the technical knowledge databases to determine
if the problem you are experiencing has already been reported. The type of documentation
and resources you have access to depend on your level of entitlement.
80 Verifying and Troubleshooting SRP