How to troubleshoot McAfee Firewall Enterprise on Crossbeam
Article ID: 167970
Updated On:
Products
XOS
Issue/Introduction
This article describes how to troubleshoot McAfee Firewall Enterprise on the Crossbeam X-series PlatformN/A
Cause
Goal
McAfee Enterprise Gateway is installed as a virtual environment on the VAP.
McAfee Enterprise Gateway is installed as a virtual environment on the VAP.
McAfee tools and network troubleshooting tools (ping, TCPdump etc.) need to be executed from the virtual environment level.
Resolution
In order to log into the virtual environment, run the following command from the VAP level:
virsh console crbm_vm
(Default password is admin\admin)
Change your user permissions with the command:
srole
srole
From this level, you can run the network troubleshooting tools (ping, TCPdump etc.).
* Note that traceroute is not supported on McAfee Enterprise Gateway.
Other useful McAfee commands:
cf cluster status - Displays current policy for primary and peers
cf cluster q - Displays configured cluster object
cf zone q - Shows zone configuration
cf license features - Displays list of all licensed features
cf ipsec q - shows all configured vpn's
cf ipsec policydump - Prints the currently active IPsec Security Policy Database (SPD) in the kernel
In case the interaction between XOS and the guest McAfee Virtual Machine needs to be investigated, here is a path to the log files (on APM):
/mnt/aplocaldisk/vm/logs/
Workaround
N/AFeedback
Yes
No
Powered by
