Top
ServerView Resource Orchestrator Cloud Edition V3.2.0 Operation Guide
FUJITSU Software
Part 4 Monitoring > Chapter 11 Monitoring Resources > 11.4 Monitoring Networks > 11.4.2 Firewall Status Confirmation
PreviousNext

11.4.2 Firewall Status Confirmation

This section explains the confirmation procedure of firewall status.


11.4.2.1 When an L-Platform Using a Firewall Is Identified

Use the following procedure to confirm the status of the firewall.

  1. In the orchestration tree, select the network device of a firewall under the L-Platform.

  2. Select the [Resource Details] tab, and click the link of [Preserved resource] of [Network Device] of [Basic Information of Network Device].

    The [Resource Details] tab of the network device is displayed.

  3. Confirm the displayed detailed information.

    When the target network device is in a redundant configuration, confirm both the devices are in active status and standby status.

    • When there is a link of [Launch Network Device Web UI] in [Hardware Details]

      1. Click the link and start the firewall management screen.

      2. Check the event log, status (interface, system condition, and operation status), whether communication packets can pass from the started management window, and the error detected by the firewall.

    • When there is no link of [Launch Network Device Web UI] in [Hardware Details]

      Confirm the following information displayed in the Main Panel.

      Basic Information - Device Status

      The status of the firewall is displayed.
      When the status is something other than "normal", it indicates that an error might have occurred.

      Port Information - Link Status

      The port status of the firewall is displayed.
      When the status is something other than "up", unless changed intentionally by the infrastructure administrator, it indicates that a port error might have occurred.

      Additionally, check the status (system condition and operation status) and whether communication packets can pass by logging in to the firewall directly, and check the error detected by the firewall.

  4. Confirm the status of the firewall.

    • When passing of communication packets is rejected by a firewall or an event log is output

      When performing auto-configuration of network devices using the user customization mode, the infrastructure administrator must confirm there are no errors in the following:

      • Scripts for configurations

      • Parameter files

      • Configuration files for interfaces

      When performing auto-configuration of network devices using the simple configuration mode, the infrastructure administrator must confirm there are no errors in the following:

      • Configuration files for interfaces

    • When it is possible that the hardware has failed, in cases where the firewall device status is "unknown" or the link status is "down", unless changed intentionally by the infrastructure administrator.

      The infrastructure administrator must request confirmation the status from the administrator of the network device, in cases where firewall hardware has not failed. The network device administrator should request a hardware maintenance person to take corrective action when hardware has failed.

  5. When performing auto-configuration of network devices using the user customization mode, take corrective action based on the results of confirmation of scripts or files.

    • When there are no errors in the scripts or files checked in step 4.

      Request confirmation from a tenant administrator or tenant user that there are no errors in the parameters taken over during the L-Platform update.

    • When there are errors in the scripts or files checked in step 4.

      The infrastructure administrator will log in to the firewall directly, delete the failed configuration (such as rejection of communication packets), and modify error scripts or files.

  6. Take corrective action based on the results of parameter checks.

    • When there are no errors in the parameters taken over during the L-Platform update

      Confirm with the administrator of the network device that the firewall configuration has not been modified, since an unexpected definition modification may have been made.

    • When there are errors in the parameters taken over during the L-Platform update

      The infrastructure administrator will log in to the firewall directly and delete the failed configuration (such as rejection of communication packets).

  7. Take corrective action based on the check results if definitions have been modified.

    • When the network device administrator has not modified the configuration

      Extract the firewall definitions and check the content. When inappropriate settings have been configured, log in to the firewall directly, and modify the definitions.

    • When a network device administrator has modified the configuration

      Check if the configuration modification is necessary.

      • When the configuration modification is not necessary

        The infrastructure administrator must log in to the firewall directly, and delete or modify the problem-causing configuration (such as rejection of communication packets).

      • When configuration modifications were necessary based on the system operation policy

        When performing auto-configuration of network devices using the user customization mode, check that the details of scripts, parameter files, and interface configuration files follow the operation policy.

        Also, when performing auto-configuration of network devices using the simple configuration mode, check that the configuration details are following the operation policy. For details on auto-configuration using the simple configuration mode, refer to "Appendix I Auto-configuration and Operations of Network Devices Using Simple Configuration Mode" in the "Design Guide CE".

11.4.2.2 When a Change in Firewall Status Is Detected during Status Confirmation Using the ROR Console

Use the following procedure to confirm the status of the firewall.

  1. Select the network device of firewall on which the change in state has occurred from the network device tree.

  2. Select the [Resource Details] tab.

  3. Confirm the status of the firewall.

  4. Identify the L-Platform in use.

    1. Confirm the name of the firewall allocated using auto-configuration by checking the items in displayed results of the rcxadm netdevice show command (AllocatedResources[Firewall]).

    2. Confirm the name of the L-Platform using the firewall by checking the items in displayed results of the rcxadm firewall show command (L-Platform Name). Specify the firewall name confirmed in a. as the firewall name to be specified for the name option.

  5. Confirmation procedure after this, refer to the operation after step 3 of "11.4.2.1 When an L-Platform Using a Firewall Is Identified".

See

  • For details on firewall operations (login, status confirmation, definition extraction, definition modification), refer to the manuals of firewalls.

  • For details on the rcxadm netdevice command, refer to "3.8 rcxadm netdevice" in the "Reference Guide (Command/XML) CE".

  • For details on the rcxadm firewall command, refer to "3.4 rcxadm firewall" in the "Reference Guide (Command/XML) CE".

PreviousNext
Copyright 2010-2016 FUJITSU LIMITED