If basic troubleshooting does not
resolve your firewall problems, check for messages in the QSYSOPR
queue. You may also receive browser error messages that you must
resolve. This topic describes some of the more common messages that are
associated with firewall problems.
QSYSOPR messages
- Message: Firewall failed
- A QSYSOPR queue message of "firewall failed" may be caused by one of two
problems.
- The internal interface is not started for the firewall. See the
topic "Starting the firewall" under
Firewall: Getting started
in the AS/400 Information Center.
- Old internal net addresses are not deleted.
This message also points you to the WRKPRB command.
- Message: Line *N failed
- A QSYSOPR message of "Line *N failed" (CPI8F44) may be caused by an
Ethernet problem. If you use Ethernet ports on your Integrated
Netfinity Server, apply PTF SF43820 for 5769-SA2 to correct the
problem.
AS/400 messages about the firewall are stored in a message file on the
system. The messages have a prefix of IPI. If you want to view
an IPI firewall message description, use the command WRKMSGD
MSGF(QIPSINT/QIPSIMSG).
Browser error messages
- Message: Firewall failed
- If you get a browser message of "Network server application not started
for network server" (CPFAF61) when trying to start the firewall, it may be
caused by one of two problems:
- The internal interface is not started for the firewall. See the
topic "Starting the firewall" under
Firewall: Getting started
in the AS/400 Information Center.
- Old internal net addresses are not deleted.
- Message: 403 Forbidden by rule
- You may get a browser message of "403 forbidden by rule" when selecting
the Configuration icon from the initial IBM Firewall for AS/400 Web
page. This message usually indicates that there is a domain name
resolution problem. If you use a host table on the client, you may have
an incorrect or missing host table entry.
The client must have a host table entry that points to the secure port of
the AS/400 system (instead of the secure port on the Integrated Netfinity
Server). If you use an internal DNS server, you may have an incorrect
DNS entry. There must be a DNS entry that points to the secure port of
AS/400 (instead of the secured port on Integrated Netfinity Server).
Review the topic Testing firewall
name resolution for details about solving this problem.
- Message: 400 Proxy load failed
- A browser message of "400 proxy load failed" may occur when you try to
configure the firewall. If you are trying to contact the *ADMIN server,
you probably have the proxies set to "on" in your Web browser. Set your
Web browser Proxy settings to "No proxies" to resolve this problem.
If these activities do not resolve your problems, you should try one of the
other available problem
determination and resolution techniques.