This section explains the confirmation procedure of firewall status.

Use the following procedure to confirm the status of the firewall.

1. In the orchestration tree, select the network device of a firewall under the L-Platform.

2. Select the [Resource Details] tab, and click the link of [Preserved resource] of [Network Device] of [Basic Information of Network Device].

   The [Resource Details] tab of the network device is displayed.

3. Confirm the displayed detailed information.

   When the target network device is in redundant configuration, confirm both the devices are in active status and standby status.

   • When there is a link of [Launch Network Device Web UI] in [Hardware Details]

     1. Click the link and start the firewall management screen.

     2. Confirm event log, status(interface, system condition and operation status) and whether communication packet can pass or not from the started management window, and check the error detected by the firewall.

   • When there is no link of [Launch Network Device Web UI] in [Hardware Details]

     Confirm the following information displayed in the Main Panel.

     Basic Information - Device Status

     The status of the firewall is displayed.
     When the status is something other than "normal", it indicates that an error might have occurred.

     Port Information - Link Status

     The port status of the firewall is displayed.
     When the status is something other than "up" that is not intended by infrastructure administrator, it indicates that a port error might have occurred.

     Additionally, confirm status(system condition and operation status) and whether communication packet can pass or not by logging the firewall directly, and check the error detected by the firewall.

4. Confirm the status of the firewall.

   • When passing of communication packets is rejected by a firewall or an event log is output

     The infrastructure administrator must confirm if the following items using auto-configuration are correct.

     • Scripts for configurations

     • Parameter files

     • Configuration files for interfaces

   • When it is possible that the hardware has failed, in cases where the firewall device status is "unknown" or the link status is "down" that is not intended by infrastructure administrator.

     The infrastructure administrator must request confirmation the status from the administrator of the network device, in cases where firewall hardware has not failed. The network device administrator should request a hardware maintenance person to take corrective action when hardware has failed.

5. Take corrective action based on the results of checked scripts and files.

   • When there are no errors in the scripts or files checked in 4.

     Request confirmation from a tenant administrator or tenant user that there are no errors in the parameters taken over during the L-Platform update.

   • When there are errors in the scripts or files checked in 4.

     The infrastructure administrator will log in to the firewall directly, delete the failed configuration (such as rejection of communication packets), and modify error scripts or files.

6. Take corrective action based on the results of parameter checks.

   • When there are no errors in the parameters taken over during the L-Platform update

     Confirm with the administrator of the network device that the firewall configuration has not been modified, since an unexpected definition modification may have been made.

   • When there are errors in the parameters taken over during the L-Platform update

     The infrastructure administrator will log in to the firewall directly and delete the failed configuration (such as rejection of communication packets).

7. Take corrective action based on the check results if definitions have been modified.

   • When the network device administrator has not modified the configuration

     Extract the firewall definitions and check the content. When inappropriate settings have been configured, log in to the firewall directly, and modify the definitions.

   • When a network device administrator has modified the configuration

     Check if the configuration modification is necessary.

     • When the configuration modification is not necessary

       The infrastructure administrator must log in to the firewall directly, and delete or modify the problem-causing configuration (such as rejection of communication packets).

     • When configuration modifications were necessary based on the system operation policy

       Review if the details of scripts, parameter files, and interface configuration files are based on the operation policy.

       
       

Use the following procedure to confirm the status of the firewall.

1. Select the network device of firewall on which changing state occurs from the network device tree.

2. Select the [Resource Details] tab.

3. Confirm the status of the firewall.

4. Identify the L-Platform in use.

   1. Confirm the name of the firewall allocated using auto-configuration by checking the items in displayed results of the rcxadm netdevice show command (AllocatedResources[Firewall]).

   2. Confirm the name of the L-Platform using the firewall by checking the items in displayed results of the rcxadm firewall show command (L-Platform Name). Specify the firewall name confirmed in a. as the firewall name to be specified for the name option.

5. Confirmation procedure after this, refer to the operation after step 3. of "11.4.2.1 When an L-Platform Using a Firewall is Identified".