Network Diagnostics - Cipafilter Documentation

Manual - Network Diagnostics

The Network Diagnostics page serves as a basic front-end for common network troubleshooting utilities such as ping and traceroute.  These utilities can be used to confirm the filter's Internet connectivity and network configuration:

  • The automatic diagnostic tests the filter's configuration, the reachability of various network/Internet hosts, and DNS resolution all at once, providing a simple, human-readable conclusion as to where network problems may lie.

  • The ping diagnostic tests the reachability and latency between the filter and another host using ICMP (a layer-3 protocol).  Pinging a well-known public site like google.com can confirm Internet access or problems with DNS resolution.

  • The arping diagnostic tests the reachability and latency between the filter and another host using ARP (a layer-2 protocol).  This tool is primarily useful for testing the local network; in particular, it can be used to determine if an IP address is currently in use, check for duplicate IPs, or resolve an IP to a MAC address.

  • The traceroute diagnostic displays the routing paths taken to reach the specified host.  It additionally displays the latency to each "hop" along the route.  This tool is useful primarily for confirming routing problems (usually caused by an upstream ISP or firewall).

  • The various dig diagnostics query a host for the specified DNS records.

  • tcpdump is a more advanced diagnostic which provides a capture of the packets flowing across the filter's network interfaces.  For example, by providing the filter expression port 80 or port 443, one can examine all HTTP traffic going through the filter.  The capture file may be opened using an external tool like Wireshark.

  • lldpctl displays LLDP neighbor data. LLDP is a protocol that allows devices to advertise information about their identity and capabilities (MAC addresses, host names, etc.).

  • The emergency support tunnel feature establishes a reverse tunnel to Cipafilter technical support, allowing techs to access the filter's console and Web interface securely and without having to re-configure customer-side inbound firewall and port-forwarding rules.  This feature is normally initiated manually by the customer, but may also be activated remotely by support personnel, if required.

    This tool makes a series of outbound TCP connections to Cipafilter's tunnel servers.  Most network configurations will not require any special configuration to allow these outbound connections, but very strictly secured networks may require the opening of ports.  The tunnel tool uses the TCP ports 61022 and 61080 for initialization and server status, and one or more random ports in the range 1000060000 for the subsequent tunnel connections.

    • Related Articles

    • Manual

      This article provides links to the individual sections of the Cipafilter product manual.  A PDF of the Cipafilter product manual is attached to this article. Introduction Interface Conventions Installation Status Management Users Hot Spare ...
    • Manual - Network Objects

      Sets of IP ranges can be consolidated into named collections called Network Objects, and then employed elsewhere in the filter configuration. Currently, Network Objects can only be used in the configuration of the Firewall and Port Forwarding ...
    • Manual - Introduction

      Cipafilter is a powerful routing platform capable of delivering an evolving tool set to protect your enterprise. Cipafilter's philosophy is to provide a cuing edge, well rounded, and aggressive network control solution to meet your current and future ...
    • Manual - Group Permissions

      Permissions for groups of users are managed here. Each group has individual settings for the different filtering technologies available, as well as a separate whitelist and blacklist. On this page, you can also edit the global whitelist and blacklist ...
    • Manual - Web Filtering

      The first thing to decide with regard to Web filtering is whether to run individual subnets in transparent or non-transparent (proxy server) mode. Transparent mode  — no client configuration is required, the Cipafilter simply intercepts all traffic ...