Troubleshooting steps for when the critical services is blocked

Last modified on 15 Apr, 2025. Revision 3
This text is thought to be some general suggestions on what to check if your critical service is blocked. This text is not all that might be needed, but should be considered to be part of the general check in this scenario
Status OK

Critical Services Blocked (Internet, DNS, Other Traffic)

Change Review

  • Have there been recent changes to:
    • IP policies
    • NAT rules
    • Service objects
    • License status
  • Revert to the last known good configuration if needed.

Diagnostic Actions

  1. Run packet captures on relevant interfaces.
  2. Filter by service-specific ports (e.g., 53 for DNS, 443 for HTTPS).
  3. Review logs for dropped or denied connections.
  4. Validate NAT and route behavior:
    • Use the ping command with -v, -srcif, -srcip, and -tcp port flags to test how the firewall handles traffic.
  5. Check DNS resolution from the firewall:
    • Use the command: dns -query <domain>
    • Note: This uses the firewall’s DNS settings. Confirm under System > DNS.
  6. Validate feature licenses:
    • Use the command: lic to view license status and feature availability.

Recovery Milestones

  • Affected services are reachable from clients.
  • Traffic is forwarded correctly; root cause is upstream.
  • Reverting configuration restores service flow.

Related articles

No related articles found.