Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS/MAG/UAC] How to troubleshoot issues with Infranet Enforcer in a Unified Access Control environment

0

0

Article ID: KB11794 KB Last Updated: 07 Dec 2012Version: 3.0
Summary:
This article provides information on how to troubleshoot issues with Infranet Enforcer in a Unified Access Control environment.
Symptoms:
Often, it is difficult to trace issues with Infranet Enforcer (IE), when it is configured to take policies from an Infranet Controller (IC) in a Unified Access Control (UAC)environment.
Cause:
 
Solution:
The following commands are helpful in troubleshooting issues with Infranet Enforcer:

Enable Infranet command trace in IC by going to System > Log / Monitoring > Settings and enable Enforcer Command Trace. This will log all the commands that are executed on Infranet Enforcer (firewall).
 
 To obtain the debug log on Infranet Enforcer:
 
Connect to the Infranet Enforcer via telnet / SSH and issue the following commands.
  • debug auth all

  • debug proxy all

  • debug web all

  • debug flow basic

 To view specific packets that contain the protocol headers, use the pipe and include commands; specific to that protocol. For example, when troubleshooting captive portal redirection, you may be interested in HTTP redirection and subsequently interested in the HTTP protocol. So, the suggested command will be: 
get db | include http 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search