Summary

In this industry, anyone can maintain a properly functioning firewall. What separates the good firewall administrators from the okay firewall administrators is the ability of the firewall administrator to step into a problem situation, identify the source of the problem, identify a resolution to the problem, and then execute the resolution to the problem, all in a timely fashion.

Firewalls are too complex for one person to be expected to know everything that should be considered when trying to troubleshoot the problem. Therefore, it is a good idea to develop a troubleshooting checklist to serve as a guide while you attempt to diagnose the problem.

As a part of building a troubleshooting checklist, ensure that at a minimum you consider including the following elements (in no particular order) in your checklists:

• Verify the problem reported.

• Test connectivity.

• Physically verify the firewall is working.

• Verify that the remote application is running and accessible locally.

• Verify that any dependent, non-firewall-specific systems are not the culprit.

• Check for recent changes.

• Review the firewall ruleset.

• Review the firewall translation configuration.

• Check the firewall logs for errors.

• Verify the firewall configuration.

• Monitor network traffic.