VSX Diagnostics and Troubleshooting

In This Section: General Troubleshooting Steps Troubleshooting Specific Problems

This chapter presents basic diagnostic and troubleshooting procedures that should be followed in the event you encountering a problem while working with VSX. This diagnostic routine will assist you in determining the source of the problem. This chapter presents several known issues and their solutions.

Most problems are caused by configuration errors occurring during the process of defining VSX Gateway, clusters and/or Virtual Devices. Another common source of problems involves networking and connectivity issues affecting VSX behavior. These problems are listed according to the order in which you will likely encounter them. Before reading and following a certain workaround, make sure you've read all the previous workarounds, and that those steps in the configuration were successful.

In some of the cases, one initial problem can cause problems in later stages of the configuration. For that reason, it is important to find the root of the problem when you are trying to understand what went wrong.

General Troubleshooting Steps

If you suspect that there is a problem with your VSX configuration, there are several diagnostic procedures that you can follow to determine the source. These procedures utilize various commands documented in the Command Line section.

1. Perform a basic configuration check for each gateway or cluster member by running the fw vsx stat -v command. The output will allow you to:
   1. Account for all Virtual Systems and verify that none are missing from the configuration.
   2. Verify that all Virtual Devices are active
   3. Verify that the correct security policy is installed for each Virtual System
   4. Verify the SIC trust has been established with the management server
2. Run the cplic print command on each VSX Gateway, cluster member and management server to verify that you have the appropriate licenses installed.
3. Run the cphaprob stat command on each cluster member to verify its status. If a member is listed with a status other than Active, Standby, or Backup, refer to the "Troubleshooting" chapter in the R80.10 ClusterXL Administration Guide for additional troubleshooting assistance.
4. If you suspect that a Virtual System is experiencing connectivity problems, perform the following steps:
   1. Run: vsenv to set the context to the appropriate Virtual System.
   2. Run fw getifs to display the interface list for the Virtual System.
   3. Examine connectivity status using standard operating system commands and tools such as: ping, traceroute, tcpdump, ip route, ftp, etc. Some of these run according to context (i.e. routing, source and destination IP addresses). .

   You can also execute the ip route and ip link commands.

   If these tests indicate that all interfaces and routers have connectivity, and appear to be functioning correctly, you should monitor the passage of packets through the system.

5. Execute the fw monitor -v <vsid> commands to capture details of packets at multiple points. This may return multiple reports on the same packet as it passes various capture points. This command does not report on Virtual Routers, except for packets destined to an external Virtual Router.

   Note - The Performance Pack may have an adverse effect on the capabilities of the fw monitor command.

6. Execute the tcpdump command to display transmitted or received packets for specific interfaces, including Warp interfaces. This often provides valuable clues for resolving connectivity issues.