Troubleshooting Firewall Problems


6 Quick Steps to Identify and Solve Firewall Problems

Some SNMP problems are not directly caused by either manager or agent. The network connectivity between the two devices can sometimes be impeded by a firewall. Firewalls that block UDP, SNMP, pings, or ports 161 or 162 are the most common issues. Use the following steps to identify and solve firewall problems:

1) Ping a PC near the device

A simple ICMP ping to a PC near the device is a good initial test to determine connectivity status. If your pings to the PC are not returned, try pinging the gateway. Continue working your way up the network with your pings to identify the point where they stop. Check for firewalls, especially those that block UDP, SNMP, pings, or ports 161 or 162. Keep in mind that some networks block all ping traffic as a security measure.

2) Ping the device

Next, send another simple ICMP ping to the device to determine connectivity. If pings to the PC in Step 1 were successful, but pings sent to the device fail, the problem is almost certainly with your SNMP device.

3) Telnet and/or browse to the device

If the SNMP device you are testing supports Telnet connections or Web access, you should attempt to connect using one of these methods. If pings succeed but Telnet and/or browsing is blocked, this is a very good indication that you have a firewall issue.

4) Confirm the port configuration of the device

For additional security, some devices may use non-standard ports. If so, make sure that these ports are not blocked by a firewall and are accepted by the manager. Another potential solution is to reconfigure the device to use standard ports.

5) Confirm that important IP addresses are not blocked

A firewall may simply be blocking the IP address of your device and/or manager. Confirm that these or any other needed IP addresses are not being blocked.

6) Trace the route to the device

Tracing the "hops" that network traffic is following to reach the device can allow you to pinpoint a tricky firewall issue. A simple trace can be performed from the Command Prompt of Windows XP:

  • Open a Command Prompt in Windows XP
  • Type "tracert", a single space, and the IP address of the device you are trying to reach (i.e. "tracert 192.168.230.143")
  • Press return to start the trace
  • Show the output to your IT department to identify potential firewall problems