No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Far end sacg cannot connect with the sm in the tsm networking.

Publication Date:  2013-05-07 Views:  54 Downloads:  0
Issue Description
Symptom:
The sm sever is located in B point, and belongs to untrust zone the same with A point. The sacg is serial connected in the network derectly. Now the B point service is ok but the sc at A point can’t connect with it.
Alarm Information
none
Handling Process
Testing with ping, display that can’t connect.
Using the telnet 17889 port but display that can’t open the port.
Checking that the middle line don’t have FW to block off.
Finally, checking the usg2220 configuration find the configuration of inter-domin rule is that:

firewall packet-filiter defalt deny interzone trust untust direction inbound
firewall packet-filiter defalt deny interzone trust untust direction outbound

The Linkage policy applied to the outbound of trust to untrust. The inter-domain rule being blocked obviously. It works normally after delete the rule of inbound.
Root Cause
The sc at B point can’t communicate with the SM at A point normally.
Suggestions
We need pay attention when use the products of hsr series. It is ok that inter-domain not opened when configure the other device. But this series product need do the deny rule, so suggest that configure unidirectional deny rule 

END