Icon
Icon
Icon
Icon
Icon
Icon
12:50 AM
0 comments


Chapter 19. Troubleshooting Firewall MC

Firewall MC is a software component that runs on Common Services to provide management for PIX firewall and FWSM configuration. As of writing this book, the latest version of PIX Firewall is Version 7.0, for which the Firewall MC is not developed. Hence, the discussion of this chapter is on Firewall MC Version 1.3.x on the Windows platform, which is used to manage PIX firewall Version 6.3.x and earlier, and FWSM. However, discussion in this chapter on Firewall MC can be used for configuring and troubleshooting of the new version of Firewall MC as well, which will support PIX Version 7.0. with some exceptions.

Overview of Firewall MC

Unlike the command line interface or the PIX device manager (PDM), the Firewall MC is a policy-based tool targeted for managing multiple firewalls in a large enterprise environment.

Firewall MC Processes

There are several processes that perform different tasks on Firewall MC. If one of these processes is not running, the function that it is responsible for will not work. If there are problems in running the application, it is always a good practice to check that all these processes are running. The processes and their main functions are the following:
  • Apache This is the web server process. Be sure that the web server is running properly.
  • ASANYs_SqlCoreDB This a SQL database. For the Firewall MC to function properly, be sure this is running properly.
  • Tomcat Be sure that the Java servlets that make up the Firewall MC and Auto Update Server (AUS) user interface are running properly.
If any of these processes are not running, the tasks they control will not run. To check the status of the processes and start them, go to Server Configuration > Administration > Process Management. From there you can view the status of the processes, stop the processes, or start stopped processes.
As mentioned before, Firewall MC is used to manage single or multiple firewalls on a variety of firewall platforms. It is important to understand and be aware of the versions of firewall supported by different Firewall MC Versions. Refer to the following link (Release notes) for a list of firewall versions that are supported by Firewall MC Version 1.3.3:

Communication Architecture

Firewall MC uses HTTPS (HTTP/SSL) protocol to communicate with Firewall to perform different tasks. Following is the list of functions Firewall MC performs with the help of the HTTPS protocol:
  • Importing Configuration of Firewall Firewall MC communicates with the firewalls using the HTTPS protocol to import the configuration. Firewall needs to be enabled with a web server, and an SSL certificate must be generated for secure http communication.
  • Deployment Configuration of the Firewall Firewall MC deploys configuration to the Firewall using the HTTPS protocol.
  • Communication with Auto-update Server When configuration is pushed to the Auto-update server from the Firewall MC, it uses the HTTPS protocol. When the firewall pulls the image or the configuration files, it also uses the HTTPS protocol.
So, as you can see, all communications that take place among firewalls, Firewall MC, and the Auto-update server use the HTTPS (http/SSL) protocol.

If You Enjoyed This Post Please Take a Second To Share It.

You Might Also Like

Stay Connected With Free Updates

Subscribe via Email

teaser