Basic Firewall Troubleshooting
Three predominant situations with firewalls require some form of troubleshooting:
• Access to protected resources from unprotected networks is not functioning
• Access to unprotected resources from protected networks is not functioning
• Access to the firewall itself is not functioning correctly.
Understanding this, you can further narrow down the process to two things:
• Traffic going through the firewall
• Traffic going to the firewall.
To assist in troubleshooting these situations, implement your firewall troubleshooting
checklist as it applies to the scenario in question.
Troubleshooting Connectivity Through the Firewall
No matter how well planned, tested, and implemented, sooner or later you will run into
problems accessing resources through the firewall. There are any number of reasons for
this, but the most common reasons involve problems with the firewall ruleset, problems
with the firewall translation tables, problems with Network Address Translation (NAT),
or problems with how the application communicates over the network. A good approach
to troubleshooting connectivity through the firewall is to use the flowchart in Figure 13-2.
The troubleshooting connectivity through the firewall flowchart is based on the general
troubleshooting checklist but has been modified for this specific situation.
Figure 13-2. Troubleshooting Connectivity Through the Firewall