Lab 3: General Troubleshooting¶
In this lab exercise, you will learn where to look and what to look at when an Access Policy is not successfully allowing access or not performing as intended.
Questions to ask yourself (LAB3)¶
- Do we have proper Network Connectivity?
- Are there any Upstream/Downstream Firewall Rules preventing APM to be reachable or to reach destination targets it requires to access?
- Do we have DNS setup properly?
- Do we have NTP setup properly?
- Are we receiving any Warnings or Error messages when we logon?
- Are there any missing dependencies?
- Time to check on our Sessions under Manage Session Menu
- What can we see from the Manage Session Menu?
- If we click the Session ID link what more information is available?
- Is Authentication Successful or is it Failing?
- Is the user receiving the proper ENDING ALLOW from the Policy?
- Time to Review the Reports information for the Session in question
- What information is available from the ALL SESSIONS REPORT?
- Can we review the Session Variables for the user’s session from the ALL SESSION REPORT? If YES then Why however If NO then WHY?
- Can the BIG-IP TMOS Resolve the AAA server by Hostname and by
Hostname.Domain?
- Is the AAA reachable over the network, no Firewalls blocking communication from BIGIP Self-IP?
Verify DNS is setup from the CLI of the BIG-IP¶
Perform the following steps to verify DNS is correctly configured:
- Click on the PuTTY (SSH client) to access the BIG-IP CLI
- Click on the agilitylab Saved Session and click Load
- The click on OPEN
Alternatively, you can simply double-click on the agilitylab Saved Session to open the session
- Logon as root with password default if necessary (you should logon automatically)
- From the CLI type dig agilitylab.com and then press enter
- The following results should be reviewed and verified.
- If DNS is properly configured you should receive the returned IP address of 10.128.20.100
- From the CLI type nslookup and then press enter.
- Type agilitylab.com and then press enter
- The following results should be reviewed and verified.
- If DNS is properly configured you should receive the returned IP address of 10.128.20.100
- Exit nslookup by typing exit
Verify NTP is setup from the CLI of the BIGIP¶
Perform the following steps to verify NTP is correctly configured:
- From the CLI (via PuTTy –SSH Client) …. type ntpq –pn and then press enter.
- The following results should be reviewed.
- If time is out of sync by too much of an offset you can update the local time using the following command:date MMDDhhmmYYYY