Table of Contents
Various network diagnostic tools are provided by the FB6000, accessible through either the web user interface or the CLI :-
Each tool produces a textual result, and can be accessed via the CLI, where the same result text will be shown.
The diagnostic tools provided are not a substitute for external penetration testing - they are intended to aid understanding of FB6000 configuration, assist in development of your configuration, and for diagnosing problems with the behaviour of the FB6000 itself.
For each network service implemented by the FB6000 (see Chapter 10), this command shows whether a specific IP address will be able to access or utilise the service, based on any access restrictions configured on the service.
For example, the following shows some service configurations (expressed in XML), and the access check result when checking access for an external address,
1.2.3.4
:-
<http local-only="false"/>
Web control page access via http:- This address is allowed access to web control pages subject to username/password being allowed.
<telnet allow="admin-ips" local-only="false"/>
Telnet access:- This address is not allowed access due to the allow list on telnet service.
(in this example, admin-ips
is the name of an IP address group that does not include 1.2.3.4
)
<dns local-only="true"/>
DNS resolver access:- This address is not on a local Ethernet subnet and so not allowed access.