Table of Contents
Advertisement
Quick Links
Download this manual
See also:
Installation Manual
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Nortel 2070
Summary of Contents for Nortel 2070
-
Page 1: Threat Protection System Troubleshooting Guide
Nortel Threat Protection System Threat Protection System Troubleshooting Guide Release: 4.7 Document Revision: 01.01 www.nortel.com NN47240-700 324442-A... - Page 2 Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks. Export This product, software and related technology is subject to U.S.
-
Page 3: Table Of Contents
Troubleshooting mail alerting problems 25 Troubleshooting SNMP alerting problems 25 Troubleshooting Syslog alerting problems 25 Troubleshooting events that show incorrect time 25 Troubleshooting LDAP authentication Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01 Standard 11 2007... - Page 4 Viewing remediation log 42 Viewing the LDAP SSL certificate 42 Emergency recovery trees Lost access to the TPS DC/IS device -- recovery tree 43 Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01 Standard...
-
Page 5: Licensing
Gathering critical information 49 Getting help from the Nortel Web site 50 Getting help over the phone from a Nortel Solutions Center 50 Getting help from a specialist by using an Express Routing Code 51 Getting help through a Nortel distributor or reseller 51... - Page 6 Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks...
-
Page 7: New In This Release
New in this release The Nortel Threat Protection System Release. 4.7 Troubleshooting Guide with Emergency Recovery Tree (NN47240-700) is a new document for Nortel Threat Protection System Release 4.7. Navigation Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7... - Page 8 8 New in this release Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks...
-
Page 9: Introduction
Each tool is described by purpose, usage procedures, and how to interpret the output. Prerequisites Nortel recommends you to use one or more of the following commercially available troubleshooting tools as well as the tools described in this document. -
Page 10: Navigation
“Troubleshooting Global Faults” (page 31) • “Emergency recovery trees” (page 43) • “Reference to third party Application Guides” (page 47) • “Contact Nortel technical support” (page 49) • “Glossary” (page 53) Acronyms Table 1 "Acronyms" (page 10) Table 1 Acronyms Threat Protection System Troubleshooting Guide Copyright ©... -
Page 11: Troubleshooting Fundamentals
Enabling proxydebug will use more CPU resource. Make sure to disable it after you finish debugging. Transmit the event log from the Nortel VPN Gateway to a file on a TFTP, FTP, or SFTP server. Specify the IP address or host name of the server as well as the file name. -
Page 12: Issues That Require Sourcefire Assistance
User Guides, however that process is only Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks This log provides information on the internal Erlang language engine and SSL acceleration. It is used by Engineers to debug issues while in development. - Page 13 Customer is not able to add a sensor to be managed by a DC Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Issues that require Sourcefire assistance 13 Nortel TPS 4.7 NN47240-700 01.01...
- Page 14 14 Troubleshooting Fundamentals Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks...
-
Page 15: Hardware Troubleshooting
“Ports to open in a firewall” (page 16) TPS Hardware This section provides information to troubleshoot hardware problems related to the TPS 2050, TPS 2070 and TPS 2150 devices. The table Front Panel LEDs describes the Front Panel LED indicators on the TPS device. -
Page 16: Ports To Open In A Firewall
16 Hardware Troubleshooting ATTENTION Call Nortel for RMA if Amber System status LED can not be cleared. Ports to open in a firewall If there are one or more firewalls in between the Defense Center and Intrusion Sensors, then you will need to open one or more ports on the firewall, depending on the software version of the TPS devices. -
Page 17: Software Troubleshooting
Software Troubleshooting The TPS 2070 Defense Center (DC), TPS 2050 Intrusion Sensor (IS), TPS 2070 Intrusion Sensor, TPS 2150 Intrusion Sensor, and TPS 2170 Intrusion Sensor products are pre-loaded with version 4.1 of the software. The software is available on a CD-ROM that is shipped with the hardware and is also available on the Nortel website, for contracted customers. -
Page 18: Creating A Troubleshoot File From A Tps Device
Procedure 1 Procedure steps Step Action Open a case with Nortel Enterprise Technical Support (NETS). Enter the following command to go to the default location. /usr/local/sf/bin Run the script sf_troublshoot.pl Enter the following command to obtain the default configuration filetroubleshoot.conf. -
Page 19: Obtaining The Troubleshoot File Following A Failed Software Upgrade
Obtaining the troubleshoot file following a failed software upgrade Use this procedure to obtain a troubleshoot file from a TPS device in case of a failed Nortel TPS Defense Center Upgrade. An upgrade on a TPS device is done by customers or support personnel. -
Page 20: Resetting Passwords
ATTENTION Press any arrow key during the boot sequence when the LILO boot menu appears, if the device is a 2070 model. Enter the following command at the LILO boot prompt to load the linux operating system. linux -s System response: Loading linux... -
Page 21: Resetting The Administrator Password For A Tps Device
Reset the administrator password for a TPS device if it is lost or forgotten. Procedure 4 Procedure steps Step Action Go to root prompt on the TPS device (2070 model). Enter the following command: root@DC2070: ~#resetadmin Enter the root login password at the password prompt. Please enter the root login password:<password here>. -
Page 22: Installing An Old Version Of Seu
Event handling This section describes the corrective steps to be taken when TPS devices do not handle events correctly. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- CAUTION Do not enter any other rpm -e commands at the command prompt except the ones listed in step 2. -
Page 23: Troubleshooting Tps Sensor When Not Receiving Events
Enter the following command to find the size of the authorized_keys and check if it is the same size as Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Troubleshooting errors when adding sensor to DC 23 Nortel TPS 4.7 NN47240-700 01.01... -
Page 24: Troubleshooting The Sfdatacorrelator
Enter the following command to rerun the initialization script. Wait for a minute after running the script. /etc/rc.d/init.d/SFDataCorrelator restart Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- Value IP address of the DC IP address of the Sensor Nortel TPS 4.7... -
Page 25: Troubleshooting Alerting Problems
Check if syslog is running. Troubleshooting events that show incorrect time Use this procedure to troubleshoot events that do not show correct time. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Troubleshooting events that show incorrect time 25 --End-- --End-- Nortel TPS 4.7... -
Page 26: Troubleshooting Ldap Authentication
• • • • Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- Ensure that the user test passes when creating the LDAP object If the user test fails, do the following. — Ensure that the LDAP server is working properly. -
Page 27: Rua
Snort outside of the core product releases, you can provide the raw snort configuration via the user.conf. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Configuring Snort through the User Interface 27 Apply the system policy only after activating the LDAP object. -
Page 28: Verifying Prohibit Packet Data On The Dc
Configure the RNA detection policy and apply the policy. Run the traffic to see the RNA events and flow events for the particular ports and IPs. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- --End-- Nortel TPS 4.7 NN47240-700 01.01... -
Page 29: Scanning The Nmap
/var/log/messages /var/log/httpd/httpsd_error_log Remediation Procedures Use these remediation procedues for NSF, SDM, NAS and NSNA. Remediating NAS Use this procedure to remediate NAS. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- --End-- Nortel TPS 4.7 NN47240-700 01.01 Standard... -
Page 30: Threat Protection System Troubleshooting Guide
Enable SSHv2 access to allow Defense Center or RTI Sensor to access the NAS Enable the login display ensuring that the login banner is displayed during every SSH access. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- Nortel TPS 4.7 NN47240-700 01.01... -
Page 31: Troubleshooting Global Faults
“Checking IPv6 configurations on the CLI” (page 41) • “Verification of Detection Resources on the CLI” (page 41) • “Viewing the enabled rules on the CLI” (page 41) Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01 Standard 11 2007... -
Page 32: Troubleshooting When No White List Events Are Generated
Troubleshooting an SDM IS that could not be added to a DC This section describes troubleshooting an SDM IS to be managed by a DC, that could not be added. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- --End-- Nortel TPS 4.7 NN47240-700 01.01... -
Page 33: Troubleshooting An Is That Does Not Block Traffic
Ensure that the policy is IPS. Ensure that both endHosts are connected to both sides of the failopen card. Ensure that the cables are correct. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Validating the failopen function 33 --End-- --End-- Nortel TPS 4.7 NN47240-700 01.01... -
Page 34: Troubleshooting An Is That Does Not Send Email
Ensure that no firewall/vpn is installed on the local check point Ensure that the check point PC has policy options as any-any, except or allow. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- --End-- Nortel TPS 4.7 NN47240-700 01.01... -
Page 35: Troubleshooting A Failed Upgrade
The system responds with the following output message: An error message occurred while running task Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Troubleshooting a failed automatic SEU Update 35 --End-- CAUTION Only upgrade-revert-upgrade is supported, not upgrade-revert-upgrade-revert. -
Page 36: Troubleshooting When A Customer Is Unable To Add A Sensor To Be Managed By A Dc
36 Troubleshooting Global Faults ATTENTION This issue has been fixed by Sourcefire and Nortel IT team. Perform the steps in the following procedure if a problem with downloading and importing the SEU still persists. Procedure 24 Procedure steps Step Action... -
Page 37: Troubleshooting A System Crash
Enter the following command to view the traffic. snort -dvei fp1:fp2 snort -dvei bond 0i Enter the following series of commands for a snort packet capture. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- Nortel TPS 4.7 NN47240-700 01.01 Standard... -
Page 38: Troubleshooting Memory Problems
• When the sensor is placed into bypass mode it internally implements a crossover and allows normal operation of the connection. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks --End-- Nortel TPS 4.7 NN47240-700 01.01... -
Page 39: Deploying Between Two Network Switches
When the sensor is placed into bypass mode it internally implements a crossover and allows normal operation of the connection. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks IPS mode cable Deployment Scenarios 39 Nortel TPS 4.7 NN47240-700 01.01... -
Page 40: Between A Firewall And An Endpoint
• When the sensor is placed into bypass mode it internally implements a crossover and allows normal operation of the connection. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01 Standard... -
Page 41: Checking Ipv6 Configurations On The Cli
Procedure 31 Procedure steps Step Action Enter the following command in the CLI. /var/sf/detection_engines/[de uuid]/active.rules. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Viewing the enabled rules on the CLI 41 --End-- Nortel TPS 4.7 NN47240-700 01.01 Standard... -
Page 42: Viewing Remediation Log
Enter the following command to view the list of rules that are imported in the SEU. /var/sf/rules/sid-msg.map Viewing remediation log This section describes viewing the remediation log for Nortel Secure Network Access (NSNA) and Nortel VPN Gateway (NVG). Procedure 32 Procedure steps Action View the remediation log at the following location. -
Page 43: Emergency Recovery Trees
Lost access to the TPS DC/IS device -- recovery tree This section details the flow diagram for the recovery tree -- Lost access the TPS DC/IS GUI Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01... -
Page 44: The Tps Dc/ Is Cannot Receive Events -- Recovery Tree
The TPS DC/ IS cannot receive events -- recovery tree This section details the flow diagram for the recovery tree -- The TPS DC/IS does not receive events. Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01... -
Page 45: Threat Protection System Troubleshooting Guide
The TPS DC/ IS cannot receive events -- recovery tree 45 Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks... -
Page 46: Threat Protection System Troubleshooting Guide
46 Emergency recovery trees Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks... -
Page 47: Reference To Third Party Application Guides
Using Netegrity SiteMinder with Nortel Networks SSL VPN • Technical Configuration Guide Using Citrix with the Alteon SSL VPN • SSL VPN and SafeWord for Nortel Technical Config Guide Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Nortel TPS 4.7 NN47240-700 01.01... -
Page 48: Threat Protection System Troubleshooting Guide
48 Reference to third party Application Guides Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks... -
Page 49: Contact Nortel Technical Support
Nortel Technical Support. You must attempt to resolve your problem using this troubleshooting guide. Contacting Nortel is a final step taken only when you have been unable to resolve the issue using the information and steps provided in this troubleshooting guide. -
Page 50: Getting Help From The Nortel Web Site
A detailed network topology diagram • Log files Getting help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: http://www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. -
Page 51: Getting Help From A Specialist By Using An Express Routing Code
To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: http://www.nortel.com/help/contact/erc/... -
Page 52: Threat Protection System Troubleshooting Guide
52 Contact Nortel technical support Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks... -
Page 53: Glossary
Glossary PERL LADP OPSEC SDM IS LDAP MSAD Threat Protection System Troubleshooting Guide Copyright © 2007 Nortel Networks Threat Protection System Nortel Technical Publication Intrusion Sensor Snort Engine Upgrade Nortel TPS 4.7 NN47240-700 01.01 Standard 11 2007... - Page 54 54 Glossary Nortel TPS 4.7 Threat Protection System Troubleshooting Guide NN47240-700 01.01 Standard 11 2007 Copyright © 2007 Nortel Networks...
-
Page 56: Threat Protection System Troubleshooting Guide
Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks. Export This product, software and related technology is subject to U.S.