Monday, January 26, 2009

FAQ from firewall admim to the client for troubleshooting purpose

Jan 13 2009, 09:22 AM

Let say you are working as firewall admin. One day, client A has calling you and tells that he have problem to access application in server B.
I was wondering if anyone here are working as firewall support, what are the questions that you need to ask if the incident like this happen to you? I’ll list some of them and the purpose why the information is needed, maybe you could add or give better suggestion.

1. What is the firewall name/ip address (so we know which firewall involved in this incident)
2. What is the source and destination ip address (so we can check whether the traffic hit the firewall or not)
3. traceroute result from source to destination ip. (so we know if the traffic was dropped at somewhere else)
4. what is the incident number (if you are using the ticketing system so we can keep track what happened.)
5. Has this work before? (if it worked, the possibilities of some changes has been done to the firewall or server) 

Blake @ Jan 13 2009, 03:22 PM


6. What application and protocol are they using to access the server.
7. Can they access any other server using the same application and protocol
8. Has the client or host made any upgrades or patches recently
9. What version of VPN software is the client using.
Also I always start a remote desktop session using logmein.com or some other software. Speeds up the entire process when you can see the clients desktop.

packet @ Jan 19 2009, 11:31 PM

And of course:

10: when did it stop working?
11: Reboot!

No comments:

LinkWithin

Related Posts with Thumbnails