Chapter 5. Troubleshooting techniques 149
From here on, the TFST problem determination process is explained in detail.
However, for more detailed information regarding the TFST troubleshooting refer
to the Firewall Security Toolbox User ’s Guide, GC23-4826.
Are Endpoint Proxy and Gateway Proxy services started?
If these services or process are not up and running, you need to start them. If
you are using a relay between the two proxies, you need to verify that the
Relay service or process is up and running too.
Could the Endpoint Proxy contact the Gateway?
Ensure that the Endpoint Proxy is configured to communicate with the correct
Gateway (address and port). When the Endpoint Proxy process starts, it log s
in the epp.log a message stating the gateway IP and port with which it will
communicate.
If the Gateway information found in the log is not correct, you could review it
by changing the Gateway Host keyword value of the [Endpoint Proxy] section
in the epproxy.cfg file.
Could the Endpoint Proxy contact the Gateway Proxy?
When the components are started, they try to exchange signals, called a
handshake. The Endpoint Proxy sends to its Gateway Proxy a Who request
and then the Gateway Proxy replies. Similarly, the Gateway Proxy sends to
its Endpoint Proxy a Tell message and the Endpoint Proxy replies.
These exchanges enable the components in a chain of communication to
establish the labels of all the components in the chain. When one of the
components is not running, the handshake fails. A message in the epp.log
and in the gwp.log file list the component with which the handshake failed.
If you also use a relay, you need to look at the relay.log too to control if the
handshake is made between the Endpoint Proxy and the Relay but also
between the Relay and the Gateway Proxy.
Furthermore, you have to be sure that the Endpoint Proxy is trying to
communicate with the Gateway Proxy, and inversely, using the correct IP
address and ports. Check the epproxy.cfg, gwproxy.cfg and the relay.cfg, if a
Relay is used, files to control which IP address and ports are configured.
If communication problems occur, check that the ports used by the Proxies
are not already used by other applications. Check also that the firewall is not
preventing any communication and that the DNS is configured to correctly
resolved, normal and reverse resolution, the Tivoli hostnames.