Troubleshooting VSX

1. Perform a basic configuration check for each gateway/cluster member by
running:
fw vsx stat -v
From this you will:
a. account for all Virtual Systems (that none are missing from the
configuration)
b. see all Virtual Systems are active
c. see all Virtual Systems have a correct security policy
d. see if you have sufficient licenses.
2. Perform a check on the status for each gateway/cluster member by running:
cphaprob state
3. If you suspect a Virtual System has connectivity problems:
a. Run: fw vsx set to set the context to a specific Virtual System.
b. Run fw getifs [-vs vsname or vsid] to get the interface list for the
specific Virtual System.
c. Examine connectivity status using standard Operating System commands
and tools such as: ping, traceroute, tcpdump, telnet, ip route, ftp, etc.
Some of these are run according to context (that is routing, source and
destination IP Addresses). In addition system-specific checks can be made
on the network.
For Linux/SecurePlatform, run:
ip route and ip link
If these tests indicate that all interfaces and routers have connectivity, and
appear to be functioning correctly, you should monitor the passage of
packets through the system.

4. Run fw monitor -vs [vsname or vsid] to capture details of packets at
multiple points. This may return multiple reports on the same packet as it
passes various capture points. This will not report on Virtual Routers, except for
packets destined to the External Virtual Router.