No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionCloud 6.3.1.1 Troubleshooting Guide 03

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Service Node Faults

Service Node Faults

Failed to Create Firewall Rules

Symptom

On the ManageOne operation plane, a user fails to create firewall rules on the EdgeFW service page.

Possible Causes
  • The SecoManager platform on which the EdgeFW service depends is abnormal.
  • The number of created rules exceeds the maximum.
Troubleshooting Process

Check logs.

Procedure
NOTE:

Perform the following operations on each EdgeFW node.

  1. Log in to the EdgeFW node and check whether the SecoManager platform on which the EdgeFW service depends is abnormal.

    1. Use PuTTY to log in to the logmgt-FusionGuard_EdgeFW01 management VM using the IP address corresponding to EdgeFW-logmgt01.

      Default username: sccadmin; default password: Scloud12#$

    2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

      sudo su - root

    3. Run the following command to disable user logout upon system timeout:

      TMOUT=0

    4. Run the following command to go to the directory where the historical log files are stored:

      cd /var/log/scc/edgefw

    5. Open the /var/log/scc/edgefw/service-edgefw.log file and check whether the SecoManager server error message is displayed in the log file.
      NOTE:
      • Historical logs are named in service-edgefw.log.xxx format. xxx is the logrotate order.
      • If a database error is displayed in a log, check the database configuration and check whether the account used for connecting with the database has the necessary permissions.
      • If yes, contact SecoManager O&M personnel to clear the SecoManager error information and go to 1.f.
      • If no, go to 2.
    6. Use a browser to log in to the ManageOne operation plane as a VDC administrator or VDC operator.

      Login address: https://Domain name for accessing the console home page. Example: https://console.type.com.

    7. Select a region and a project from the drop-down box in the upper left corner of the page.
    8. Re-create firewall rules and check whether the rules are successfully created.
      • If yes, no further action is required.
      • If no, go to 2.

  2. Log in to the EdgeFW node and check whether the number of created rules exceeds the maximum.

    1. Use PuTTY to log in to the logmgt-FusionGuard_EdgeFW01 management VM using the IP address corresponding to EdgeFW-logmgt01.

      Default username: sccadmin; default password: Scloud12#$

    2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

      sudo su - root

    3. Run the following command to disable user logout upon system timeout:

      TMOUT=0

    4. Run the following command to go to the directory where the historical log files are stored:

      cd /var/log/scc/edgefw

    5. Open the /var/log/scc/edgefw/service-edgefw.log file and check whether the number of rules exceeds the upper limit.
      • If yes, log in to the Service OM and change the allowed maximum number of EdgeFW rules. Then go to 1.f.
      • If no, contact technical support for assistance.
    6. Use a browser to log in to the ManageOne operation plane as a VDC administrator or VDC operator.

      Login address: https://Domain name for accessing the console home page. Example: https://console.type.com.

    7. Select a region and a project from the drop-down box in the upper left corner of the page.
    8. Re-create firewall rules and check whether the rules are successfully created.
      • If yes, no further action is required.
      • If no, contact technical support for assistance.

Related Information

None

Failed to Enable EIP Protection

Symptom

On the ManageOne operation plane, a user fails to enable EIP protection on the EdgeFW service page.

Possible Causes
  • The SecoManager platform on which the EdgeFW service depends is abnormal.
  • The number of activated policy groups exceeds the upper limit.
Troubleshooting Process

Check logs.

Procedure
NOTE:

Perform the following operations on each EdgeFW node.

  1. Log in to the EdgeFW node and check whether the SecoManager platform on which the EdgeFW service depends is abnormal.

    1. Use PuTTY to log in to the logmgt-FusionGuard_EdgeFW01 management VM using the IP address corresponding to EdgeFW-logmgt01.

      Default username: sccadmin; default password: Scloud12#$

    2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

      sudo su - root

    3. Run the following command to disable user logout upon system timeout:

      TMOUT=0

    4. Run the following command to go to the directory where the historical log files are stored:

      cd /var/log/scc/edgefw

    5. Open the /var/log/scc/edgefw/service-edgefw.log file and check whether the SecoManager server error message is displayed in the log file.
      NOTE:
      • Historical logs are named in service-edgefw.log.xxx format. xxx is the logrotate order.
      • If a database error is displayed in a log, check the database configuration and check whether the account used for connecting with the database has the necessary permissions.
      • If yes, contact SecoManager O&M personnel to clear the SecoManager error information and go to 1.f.
      • If no, go to 2.
    6. Use a browser to log in to the ManageOne operation plane as a VDC administrator or VDC operator.

      Login address: https://Domain name for accessing the console home page. Example: https://console.type.com.

    7. Select a region and a project from the drop-down box in the upper left corner of the page.
    8. Enable EIP protection again and check whether the EIP protection can be successfully enabled.
      • If yes, no further action is required.
      • If no, go to 2.

  2. Log in to the EdgeFW service node and check whether the number of activated policy groups exceeds the maximum.

    1. Use PuTTY to log in to the logmgt-FusionGuard_EdgeFW01 management VM using the IP address corresponding to EdgeFW-logmgt01.

      Default username: sccadmin; default password: Scloud12#$

    2. Run the following command and enter the password Cloud12#$ of user root to switch to the root user:

      sudo su - root

    3. Run the following command to disable user logout upon system timeout:

      TMOUT=0

    4. Run the following command to go to the directory where the historical log files are stored:

      cd /var/log/scc/edgefw

    5. Open the /var/log/scc/edgefw/service-edgefw.log file and check whether the number of policy groups exceeds the maximum.
      • If yes, log in to the Service OM and change the allowed maximum number of activated policy groups. Then go to 2.f.
      • If no, contact technical support for assistance.
    6. Use a browser to log in to the ManageOne operation plane as a VDC administrator or VDC operator.

      Login address: https://Domain name for accessing the console home page. Example: https://console.type.com.

    7. Select a region and a project from the drop-down box in the upper left corner of the page.
    8. Enable EIP protection again and check whether the EIP protection can be successfully enabled.
      • If yes, no further action is required.
      • If no, contact technical support for assistance.

Related Information

None

Translation
Download
Updated: 2019-08-16

Document ID: EDOC1100063248

Views: 25079

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next